Pristine Compliance Solutions Privacy Notice

Last updated: 2025-10-22

Pristine Compliance Solutions Ltd (hereinafter "PCS") is committed to protecting your privacy. With this Privacy Notice we explain to you how and why we collect, use, and protect any Personal Data obtained from you when you use our website and Services.

PCS is committed to transparency and compliance related to data protection regulations, which primarily focuses on the General Data Protection Regulation of the European Union (EU) 2016/679 (hereinafter the "GDPR"). This Privacy Notice outlines our data processing practices along with your rights regarding your personal information that is processed by PCS.

Purposes for which we process Personal Data

We process your Personal Data for the following purposes during our business activities:

  • Improving our Services
  • Client relationships
  • Business partner relationships
  • Marketing
  • Recruiting
  • Communication
  • Legal obligations
  • Cookies

Who is the Controller of your Personal Data?

The Controller of your Personal Data is Finnish limited liability company with the name of Pristine Compliance Solutions Ltd (Finnish Business ID: 3468166-8), with its primary place of business being at c/o Pristine Compliance Solutions Oy, Kuusitie 2 B 88, 00270 Helsinki, Finland.

You can contact the Controller at info@pristinecompliancesolutions.com and +358 50 350 76.

Definitions used in this Privacy Notice

  • Controller is the party that is in charge of the processing activities connected to Personal Data.
  • Data Subject refers to a human being in accordance with data protection laws.
  • GDPR is the European General Data Protection Regulation ((EU) 2016/679).
  • Legal Basis means the lawfulness conditions for processing (GDPR Article 6).
  • Personal Data means any data relating to an identified or identifiable natural person.
  • Privacy Notice refers to this document (GDPR Articles 13–14).
  • Processor means a party that processes Personal Data for and/or on behalf of the Controller.
  • Purpose for processing means the reason why Personal Data is processed.
  • Services refers to services, features, and functionalities provided by PCS via its website.

Why do we process your Personal Data?

Improving Our Services

Why: To analyze and enhance functionality, performance, and usability (e.g., interaction data, feedback, usage patterns).

Legal Basis: Legitimate interests. You have the right to object.

Client Relationships

Why: To manage and fulfill client relationships (contact details, service use, data disclosed during the relationship).

Legal Basis: Contract necessity.

Business Partner Relationships

Why: To manage and build business partnerships.

Legal Basis: Contract necessity.

Marketing

Why: To inform clients and prospects about PCS products, Services, and offers.

Legal Basis: Legitimate interests. You have the right to object at any time.

Recruiting

Why: To process job applications (contact details, CVs, and materials provided).

Legal Basis: Legitimate interests. You have the right to object.

Communications

Why: To manage inbound and outbound communications.

Legal Basis: Legitimate interests. You have the right to object.

Legal Obligations

Why: To comply with applicable laws.

Legal Basis: Legal obligation.

Cookies

Why: To process IP addresses and certain technical data related to website usage.

Legal Basis: Legitimate interests; where required by law, we will seek consent before placing cookies.

From where do we collect your Personal Data?

Directly from you

  • Business partner relationships
  • Client relationships
  • Recruiting
  • Communications

Through our Services and platform(s)

  • Service usage data (usage patterns, interaction logs)
  • Cookies and similar technologies

From third-parties and public sources

  • Marketing and analytics partners (aligned with this Notice)
  • Publicly available information (e.g., professional profiles)

Do we transfer your Personal Data?

We may transfer Personal Data to third parties (e.g., data storage providers, integration partners, communication platforms). All transfers are assessed for security and safeguarded through appropriate agreements.

Transfers to third-party service providers

  • Accounting and auditing services
  • Authorities where required by law
  • Business partners
  • Communication platforms
  • Data storage and hosting providers

Transfers to third countries

Where Personal Data is transferred outside the EEA, we ensure an adequate level of protection through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other appropriate safeguards (DPAs, technical measures, compliance monitoring)

How long do we retain your Personal Data?

Retention depends on the processing purpose. We periodically review necessity and document retention practices in line with the GDPR.

  • Improving our Services: As needed; data may be aggregated/anonymized.
  • Client relationships: As necessary to maintain the relationship.
  • Business partner relationships: As necessary for partnerships.
  • Marketing: Until you opt out or we infer you no longer wish to receive messages.
  • Recruiting: Up to twelve (12) months from receipt or closing date.
  • Communications: Three (3) years from last contact; social content until removed by you.
  • Legal obligations: As required by applicable laws.
  • Cookies: Varies by cookie type and purpose.

What data protection rights do you have?

Under the GDPR, you have the following rights (subject to conditions). To exercise them, contact us using the details above. We may verify your identity before acting on requests.

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21), including direct marketing
  • Right not to be subject to automated decision-making (Art. 22)
  • Right to withdraw consent at any time where processing is based on consent

Region-specific rights

  • California (CCPA): Right to know, delete, and correct.
  • Brazil (LGPD): Rights include anonymization and access to sharing info.
  • China (PIPL): Transfers and processing aligned with local legal standards.

How to exercise your rights

Contact us via email (see Controller section). We will respond in accordance with applicable data protection laws.

Right to lodge a complaint

You have the right to lodge a complaint with a supervisory authority, such as the Office of the Finnish Data Protection Ombudsman: https://tietosuoja.fi/en/home.

Can this Privacy Notice be amended?

PCS may amend this Notice to reflect changes in our practices, Services, or legal obligations (including the GDPR). Updates take effect upon posting unless otherwise stated. For material changes, we will endeavor to notify you directly where possible (e.g., email or on-site notices). Your continued use after updates signifies acknowledgement and acceptance.