Updated 3/2024

Data Protection / GDPR

In this page we have gathered information on how Rantalainen’s data protection policies regarding GPDR (General Data Protection Regulation), which came into force on 25.05.2018. The GDPR contains obligations to companies who process personal data.

GDPR in a nutshell

The GDPR contains new obligations regarding processing of personal data and data protection. Integral in the new regulation is the risk-based approach and data controller’s obligation to demonstrate that its processing activities are compliant with the requirements of the GDPR. The Data controller is required to handle sensitive data with caution. Additionally, the data controller must be able to demonstrate that it is operating according to the regulation.

Additional information about the GDPR can be found from: Data Protection Ombudsman

Rantalainen’s contractual reform 2024

Rantalainen will update the new TAL2023 conditions to all existing service agreements. Simultaneously we will update our documentation regarding data protection, including the data processing agreement. The update will be implemented during spring 2024 and informed to our customers separately.

The contracts will be updated digitally. The contact persons of our clients will receive a link through which they can digitally sign and accept the new conditions. If the client wishes, the contract update can be delivered and signed in paper form.

Updated service agreements

The updated service agreements consist of the documents below.

Attachment	Description	Download
Accounting services contract	Customer specific contract regarding the production of services	–
General conditions	Taloushallintoliitto’s general conditions (TAL2023)
RAN GDPR 2018	Rantalainen’s modified conditions based on Taloushallintoliitto’s general conditions
Attachment 1-A	Record of Processing Activities
Attachment 1-B	The Accounting Firm’s Data Security of Personal Data
Attachment 1-C	A record and instructions on personal data processing provided by the client	–
Attachment 2-B	Information security of personal data in software

Rantalainen as a personal data processor

Information security in ensured by both technical and organizational measures. Personal data processing is executed in a appropriate and secure manner. Personal data processing and data security is illustrated in the documents above attachment 1-A and 1-B.

Software and subcontractors used by Rantalainen

Software used by Rantalainen, software providers and subcontractors who are responsible for them are for their part personal data processors. Below we have listed links to the software providers and subcontractors data security web sites. Additionally, the data security of different softwares is illustrated in the attachment 2-B.

Visma Privacy page, Visma Solutionsin Privacy page, Visma security and privacy (Visma Fivaldi, Autoinvoice, Entry, Expense, L7, Netvisor, Escan, Financial Overview, Visma Sign)
Procountor Security pages, Finago Privacy page, Mepco Privacy page (Accountor Procountor, Mepco, Etasku)
SD Worx gdpr pages(SD Worx VIRA, SD Worx W)
Espina Privacy Page (Espina Kasperi)
Bezala Privacy page (Bezala)
Lemonsoft Oy Privacy page, Lemonsoft Oy Privacy page attachment (Lemonsoft)
Suomi.fi Privacy Page (Suomi.fi)
Admicom Privacy Page (Admicom, Nomentia)
Heeros GDPR (Heeros)
Netbaron Privacy page (Netbaron)
Telia Inmics-Nebula (IT)
Fuusor (Rantalainen BI)
FabricAI (FabricAI)
Fennoa (Fennoa)
Koho (Rantalainen Portaali)
Zendesk (tuki.rantalainen.fi)
Profit Software (Profit Hunter)
eTasku Solutions (eTasku)
Doks (Doks)
Cerberus (Rantalainen SFTP)

Data Protection Officer

You can contact Rantalainen Gropus’s acting data protection officer at tietosuojavastaava@rantalainen.fi.

Your contact person in contractual issues

Primarily service managers, service executives and your personal contact person will address your questions. However, if you prefer you may also contact the persons below.

Joni Tapiola

Lakimies, varatuomari

joni.tapiola@rantalainen.fi

Toni Borgman

Järjestelmien tekninen suojaus
IT-päällikkö

toni.borgman@rantalainen.fi

045 329 8511

Toni Takala

Järjestelmien tekninen suojaus
Kehityspäällikkö

toni.takala@rantalainen.fi

044 753 5706

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
csrftoken	1 year	This cookie is associated with Django web development platform for python. Used to help protect the website against Cross-Site Request Forgery attacks
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
mc	1 year 1 month	Quantserve sets the mc cookie to anonymously track user behaviour on the website.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.