Your privacy at a glance

Name: GRIT Fund Management Company Ltd (“GRIT”)
Company ID: 1830022-0

Contact details
Correspondance address: Pitkäkatu 34 C, 65100 Vaasa
Email address:
Telephone number: +358 20 7613 350

Your privacy at a glance

We understand that you value your privacy. GRIT is persistently committed to protecting your privacy and personal data you provide us when interacting with GRIT. This privacy statement (“Privacy Statement”) is applicable to GRIT’s database of customers and suppliers, users of our website (“Website”) as well as our marketing database. Also, as a customer or potential customer of GRIT, a job applicant or merely a casual visitor on this Website, this Privacy Statement applies to you. It contains important information on how your personal data is being processed and how you can exercise your rights relating to such data.

The Website is primarily used as a home page for the fund management company in order to market and inform the general public about the company and its services. The website may contain links to direct visitors to the third parties’ websites, which are not governed by this Privacy Statement and which may have their own privacy policies and statements. GRIT does not take responsibility for any privacy practices enforced by any third-party sites to which we link.

GRIT acts as a controller in terms of the processing of your personal data described herein. In certain situations where personal data is processed by another company of the GRIT Governance Group, that group company may act as a controller.

What personal data do we collect and why we use your data
As a part of our business, we process personal data for various purposes, such as to exercise our legitimate interests, e.g. maintain and develop our client relationships and our business. In some cases, processing personal data is required to fulfill our contractual obligations. In some cases, processing is based on your consent. Data protection laws require that we only process and use your data for certain predetermined reasons, and only if we have a legal basis to do so. Below you will find an overview of the different purposes for which we process your personal data as well as their respective legal basis:

1) Customer and contractor relationship management, customer service and marketing.
We at GRIT care for our customers and cooperation partners and we will do our utmost to maintain a good customer relationship. Regarding potential customers, we are keen on informing them about our services. This entails processing personal data, and such processing is based on our legitimate interest to keep our customers satisfied and to attract new customers. In certain situations, like direct electronic marketing, processing personal data is based on your specific consent (for example as you give your personal data, such as your contact details, to us).

GRIT provides various investment services and fund services, hereto related ancillary services and investment products. The performance of such service contracts requires that we process certain personal data. However, the extent of the processing varies depending on i.a. the service and the type of client. Below you will find short descriptions about the most common situation and purposes for which we collect and process personal data:

a) Data relating to unit holders: According to applicable law, GRIT is obliged to handle subscriptions, redemptions and reporting in terms of the fund unit holders. It is necessary for GRIT to process certain personal data to fulfill these obligations.

b) Client categorization and client control: Irrespective of whether a person becomes a client or a fund unit holder or not, GRIT is obliged to carry out client categorization and client control (i.a. to prevent money-laundering and terrorism financing). Also fulfilling such obligations entails the processing of personal data.

c) Tax reporting: National and international regulations require us to collect and report certain information regarding the customer’s taxation.

2) Handling of customer complaints and data subject requests.
Although we strive to keep our customers satisfied, should a customer raise a complaint, we will keep records of such complaints in accordance with applicable legislation. We will also keep records of your requests as a data subject, to handle your matter as efficiently as possible.

3) Business development.
Keeping up with the developments in the industry is important to us, which is why we consider it our legitimate interest to keep our business, products and services relevant and to help prepare us and our customers for the challenges of tomorrow.

4) Marketing.
Based on our legitimate interest we process personal data to attract new customers. In some cases processing of personal data is based on consent (e.g. direct electronic marketing).

5) Website experience and maintenance.
We collect cookies for the proper use of our website and for enhanced user experience, which is based on your consent (please see below for further information on cookies).

6) Recruitment.
If you apply for a job at GRIT, we handle your application, CV and other documents that contain personal data. Such processing is based on your consent.

7) Acquisitions and transactions.
Should GRIT be subject to an acquisition or a corporate transaction, e.g. in the form of a share purchase or business acquisition, we process personal data for this purpose. Third parties may also process personal data under such circumstances in order to administer the transaction or acquisition (inter alia parties to the transaction or acquisition as well as their advisors). Such processing is based on contractual grounds and our legitimate interest.

Certain personal data is processed within the GRIT Governance Group, if it is deemed necessary and in accordance with applicable law. Such situations are e.g. to execute an agreement with you or to effectively manage a customer relationship. Processing within the group may also take place when required by law, such as client classification and the prevention of money-laundering and terrorism financing.

Certain processing of personal data is necessary for the performance of contracts and to adhere to legal requirements applicable to GRIT. Should you not provide the necessary personal data, we may not be able to provide our services to you.

The personal data we collect and process in accordance with this Privacy Statement can be categorized into two data categories: 1) Company and person related data and 2) analytics data.

1) As company and person related data, we may process the following categories of personal data (with examples in brackets):

a) Basic identification data (name, social security number/date of birth, ID picture, as a representative of a company the name of the organization and business title of the person).
b) Contact details (name, phone, e-mail and domicile).
c) Information on the fund unit holders (amount, classes and series in terms of fund units).
d) Data on the customer relationship (e.g. service language, contract information, transaction details).
e) Data relating to know your customer procedures and customer identification, including information on beneficial owners.
f) Information required for us to adhere to tax reporting obligations (e.g. tax domicile and tax number).
g) Information regarding customer complaints and data subject requests.
h) Recruitment information (application, experience, education and any attachments received).
i) Consents (for direct electronic marketing and recruitment).

2) As analytics data, we may process the following categories of personal data (with examples in brackets):

a) Country
b) IP address
c) Type and version of browser
d) Operating system
e) Name of the internet service provider you use
f) Advertising identifier of your device (advertising identifier)
g) Information regarding the way you use our Website (time spent on our Website, interaction with the Website, date and time of your visit to the Website, sections of the Website you have accessed).

Please keep in mind that that the specific personal data processed and the extent of the processing vary depending on i.a. your position (e.g. as a client, potential client, Website’s visitor or contact person of a service provider), the types of services provided, and client category.

When and how do we collect data?
We collect data from you at the commencement of your customer or other relationship with us as well as during it to administer and take care of what is necessary for e.g. your client contract and your customer relationship.

We may also collect data within the other companies within the Group and from third parties, with whom we co-operate to provide you with our services and manage your customer relationship. In addition, we may collect data from publicly available sources provided by authorities (for example the population register center, commercial registers, and supervisory authorities) and international organizations like the EU and the UN.

We also automatically collect certain technical data, when you visit our Website.

We use cookies
We only use necessary cookies to provide the Website, improve their functionality, follow up the use of and improving safety of the Website. The data is not used for identifying individual visitors. You can turn off cookies, but that may impact the functionality of the website and that they may not necessarily be available as intended. Please note that in order to address your privacy concerns, we may need to identify you or acquire proof of who you are before we can provide you with any information.

Your Rights
As a data subject you have several rights as listed below. You can exercise your rights by sending us an email at You’re entitled to exercise your rights free of charge. However, for repetitive requests, or requests that are manifestly unfounded or excessive, we reserve a right to charge a reasonable fee.

Right to access data that we hold on you
You have the right to access the personal data that we hold on you. We may not always be able to meet your request to provide you with your information as your right might be restricted based on e.g. law or the need to protect the integrity of another person.

Right to withdraw your consent
To the extent that processing your personal data is based on consent, for example electronic direct marketing or when you apply for a job at us, you are entitled to change your mind at any time and withdraw your consent by notifying us per e-mail on or by unsubscribing to newsletters sent to you.

Right to request correction of inaccurate or incomplete data
If you note that the information we have on you is incorrect or incomplete, you have the right to request correction thereof by submitting a written request.

Right to object to processing
You have the right to object to the processing of your personal data based on legitimate interest and for marketing, including profiling. You are required to specify the specific situation where you are objecting to the processing.

Right to request limitation of the processing
You have the right to request that the processing of your personal data is restricted if
• you deny that they are correct
• the processing is illegal but you anyhow object to a deletion
• we do not longer need the data, but you need it to manage a legal claim, or
• you have objected to the processing and the matter has not yet been clarified.

The processing is then restricted only to storing the data and, as applicable, managing legal claims.

Right to port your data
You may ask to have the data that you have provided to us and that is processed automatically transferred in a machine-readable format to yourself or another service provider designated by you. We will not transfer data to the extent that it includes data on another individual.

You have the right ”to be forgotten”
You may request the deletion of any personal data we hold about you. This does not necessarily mean that all your personal data is erased, if there is another legal ground for keeping them, e.g. our legal obligation.

You have the right to lodge a complaint
If you are not happy with how we process your personal data, we do hope that you first contact us and give us the opportunity to sort things out. You may naturally also contact the supervisory authority directly. The Finnish supervisory authority is the Finnish Data Protection Ombudsman. You may also contact the supervisory authority in your country of residence.

How secure is the data we process?
Protecting your personal data is key to our business and part of our compliance and risk management. We have taken appropriate organizational and technical measures to ensure that your data is safely kept and protected from unauthorized processing and loss.

How long do we store your data?
We store your data for as long as needed for the purpose for which they were collected or required by law. The exact storage period varies depending on the purpose and the applicable legal requirements. Although it’s not feasible to predetermine the storage period for all personal data, i.a. the following legal requirements and principles are used to determine the storage period from time to time:

a) Customer information are stored at least for seven years.
b) Data relating to know your customer procedures and customer identification are stored for at least five years after the customer relationship has ended.
c) Customer complaints data and data subject requests are stored for as long as they are necessary to handle the complaint and possible related legal matters, which is at least five years.
d) Documents related to recruitment processes are stored until the recruitment process has been completed, unless the person involved has consented to a longer storage period of up to 6 months from the end of application period.
e) Data on potential customers are stored for as long as the person is deemed a potential customer to us.

Third parties to whom your personal data is disclosed
Personal data processed in relation to your customer relationship is only disclosed to our co-operation partners to the extent necessary for providing our services to you and executing your client contract or you have consented thereto. Such co-operations are based on written agreements that ensures that your personal data is protected. The third parties referred to are mainly other companies of the Group as well as fund management companies and other service providers relating to the provision of our investment services. We also disclose personal data to the authorities as far as we have a legal obligation to do so.

Transfer of data outside EU/EEA
For the conduct of our business we partly use services, such as e.g. cloud services, where the service provider is a company located outside the EU or the EEA or that belong to such a group. Transfer of data to such organizations is possible, if there are sufficient protective measures for the transfer in question, which fulfill the requirements of data protection laws. Data may also be transferred in situations when it is required for the execution of your contract or you have provided your consent there-to.

How to reach us
If you have questions or comments on privacy matters or the way in which personal data is being processed by us, please contact:

GRIT Fund Management Company Ltd
Pitkäkatu 34 C, FI-65100 Vaasa
Tel.: +358 207 613 350

You may also contact our Compliance Officer per e-mail If you prefer to correspond via mail, please send your letter to the above address and mark the envelope “Data protection”.

Information about this document
This document has been created in compliance with the applicable data protection laws, including the EU General Data Protection Regulation (GDPR). The document was published first on November 30th 2018. This document is updated as needed.

Last updated July 22, 2020