Use of personal data at Evli

In Evli Group’s operations, particular attention is devoted to data protection and the safeguarding of the client’s privacy protection in the processing of personal data.

Evli Group processes personal data in compliance with the EU General Data Protection Regulation and specific legislation for the financial industry and ensures the implementation of privacy protection and secrecy in the processing of personal data. Personal data is used for taking care of client relationships, offering products and services, and direct marketing and risk management.

Evli Group has several person registers for managing personal data, each of which has a separate data protection notice. The data protection notices of Evli Group’s client register, client relationship register and direct marketing register can be found at the end of this page.

The data is obtained directly from the data subject, from public registers kept by the authorities and from credit information registers; and for direct marketing purposes also from external sources. With the client’s consent, data can also be obtained from other parties, such as an asset manager or employer. Secrecy obligation restricts the disclosure of data held by Evli Group to third parties apart from with the consent of the person that the data pertains to, or in cases when disclosure, to the authorities, for example, is required by law.

Evli stores data that is required by the client relationship at least for the duration of the client relationship. After the termination of the client relationship, the storage period depends on the purpose of use of the data, and Evli complies with its statutory obligations regarding data storage.

Evli Plc has the legal right to disclose client data to other Evli Group companies that are bound by the same secrecy obligation as Evli Plc. The data may be used for managing the client relationship, risk management and direct marketing. Information on Evli Group companies is available at -contact information.

Rights of the data subject

Based on the rights of data subjects defined in the EU General Data Protection Regulation, everyone has the right to know whether his or her data is being processed in Evli Group. If data is being processed, the data subject has the right to access the personal data and know what information regarding him/herself is stored, for what purpose, where the data is possibly disclosed, and for how long the data is stored. Moreover, the data subject has the right to request the correction, completion or removal of data, or restrict its processing if the stored data is faulty, incomplete, or there is no valid basis for storing it. The data subject may also request data that he or she has provided to registers to be transferred to herself or himself for transfer to another controller.

Evli’s clients can independently verify and retrieve their data from the My Evli online service. Data and consents that have been collected from clients and potential clients for direct marketing purposes may be inspected and managed as a self-service – see the instructions on management of direct marketing. Data processing is described in the data protection notices which can be found at the end of this page.

A person who is registered in Evli’s registers has the right to prohibit Evli from using his or her data for direct marketing purposes at any time. The data subject removes and manages his or her data from the direct marketing register him/herself. In the client register, direct marketing restrictions are entered based on the client’s notification.

Evli does not make substantial decisions regarding the data subject based on automatic data processing and profiling without the data subject’s express consent, the applicable legislation’s permission, or when automatic decision-making is essential for concluding or executing an agreement. The existence of automatic decision-making is notified in connection with the service, and complaints about decisions can always be made to Evli Plc.

The above-mentioned inquiries, requests, restrictions and complaints must be addressed to Evli Plc, Investor Service, P.O. Box 1081, FI-00101 Helsinki. The inquirer must prove his or her identity.


The Data Protection Authority controls, monitors and provides advice on the processing of personal data. Data Protection Officer’s office, P.O. Box 800, 00521 Helsinki.

Data Protection Notice

Client Information Register – Data Protection Notice

Client Relationship Register – Data Protection Notice

Direct Marketing Register – Data Protection Notice

Recruitment Register - Data Protection Notice

General Meeting Register - Data Protection Notice