PARAMATRIX OY – PEER-TO-PEER INSURANCE PLATFORM PRIVACY NOTICE (PROJECT)
With this Privacy Notice, we provide you with information about how and why we process your personal data
in connection with Paramatrix’s peer-to-peer insurance platform (hereinafter “Service”)
1) WHO IS THE CONTROLLER OF YOUR PERSONAL DATA?
The controller of your personal data is Paramatrix Oy (business ID: 3328318-2), which is located at
Työpajankatu 17 A 103, 00580 Helsinki, Finland.
You can reach us via email at: support@paramatrix.io
2) WHAT DEFINITIONS ARE USED IN THIS PRIVACY NOTICE?
AML Act means the Act on Preventing Money Laundering and Terrorist Financing of Finland (444/2017).
Controller means a party that is in charge of the personal data processing activities.
Data subject is a term for a human being in accordance with data protection laws.
GDPR means the EU General Data Protection Regulation 2016/679.
Legal basis for processing means the legal basis with which the controller processes personal data of a data
subject. Article 6 of the GDPR contains provisions on legal basis for processing.
User means the user who registers to and uses the Service.
Personal data means any data concerning a data subject or data with which a data subject can be identified
with.
Privacy Notice means a data protection document that has been drafted according to Articles 13 and 14 of
the GDPR, and with which the controller may inform its data subjects of the ways their personal data is
processed.
Processor means a party that processes personal data for and on behalf of the controller.
Purpose for processing means the reason why the controller processes personal data of a data subject.
Service means the peer-to-peer insurance platform provided by Paramatrix Oy, where natural persons may
connect to each other for the purpose of self-administering their internal insurance arrangements. Please
note, that the Company’s role in the Service is solely that of a registered payment service provider and
technology provider for the Service. The Company is not an insurance company, and the Service provided to
the User does not constitute an insurance product under applicable EU or Finnish law. Please read more
about our Service in our General Terms and Conditions.
3) WHY DO WE PROCESS YOUR PERSONAL DATA?
We process personal data to be able to provide the Service to our users, comply with our legal obligations
under the AML Act, as well as enhance and develop our Service.
2/3
Our legal basis for processing personal data depends on the purpose for which we process personal data. We
use as a legal basis (i) our contractual obligations when we provide the Service to our users, (ii) our legal
obligations when we are complying with the AML Act and (iii) our legitimate interests when enhancing and
developing our Service.
In our personal data processing activities, we process names, contact information, data related to the use of
our Service and data we are required to process under applicable laws.
4) FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data from you when you interact with us in regard our Service, from digital services
we use from time to time (e.g. compliance tools for anti-money laundering purposes) and from public sources
(e.g. official registries such as trade registry).
5) DO WE TRANSFER YOUR PERSONAL DATA?
As a general rule, we will not disclose your personal data to third parties. However, if we are required by
mandatory law or governmental authorities to disclose your personal data, we will assess the legality of such
disclosure on a case-by-case basis.
We do share, i.e. transfer your personal data to others as part of our normal business activities when using
various digital services. For example, we use the following digital services provided by data processors, which
involve the processing of personal data: data storage services (e.g. cloud services), communication services
(e.g. e-mails) and compliance tools.
6) DO WE PROCESS YOUR PERSONAL DATA OUTSIDE THE EU AND THE EEA AREA?
Your personal data may be processed outside the EU and the EEA area. In these situations, we ensure an
adequate level of data protection, for example, through standard contractual clauses, adequacy decisions
and other similar arrangements.
7) HOW LONG DO WE RETAIN YOUR PERSONAL DATA?
We retain personal data for (i) at least five (5) years after the end of customer relationship, when processing
personal data to ensure compliance with the AML Act, and (ii) as long as it is necessary to fulfil the purpose
of data processing, when we process personal data for the purposes of enhancing and developing our Service.
8) WHAT DATA PROTECTION RIGHTS DO YOU HAVE?
You may have the right to use the below listed data protection rights under the GDPR:
• Right to inspect (art. 15)
• Right to rectify (art. 16)
• Right to erasure (art. 17)
• Right to restriction of processing (art. 18)
• Right to data portability (art. 20)
• Right to object; especially when processing personal data based on legitimate interests (art. 21)
• Right not to be subject to automated individual decision-making, including profiling (art. 22)
If you would like to use your rights or inquire something about data protection, please be in touch via email
(see contact information from Section 1).
3/3
You may also have a right to lodge a complaint with the data protection authorities, if you think that the
processing of your personal data infringes data protection laws.
9) CAN THIS PRIVACY NOTICE BE AMENDED?
We may unilaterally amend this Privacy Notice. We update the Privacy Notice as necessary, for example,
when there is a change in legislation. Amendments to this Privacy Notice will take effect immediately when
we post an updated version on our website.
If we make significant changes to the Privacy Notice, or if there is a significant change in the way it is used,
we will notify the data subjects.