A JA company does not have a specific company form nor does it have a business ID. JA companies are not registered in the Finnish Patent and Registration Office (PRH). The JA company is registered into the register of Junior Achievement Finland (Nuori Yrittäjyys ry) on this site.
The actions of a JA company is not considered a business activity. If a JA company sells products/services during its participation in the program, those actions are considered the participants’ personal business activities.
Business Identity Code
Business and organization identity code, known as business ID, is a code issued to a company or an organization by the Finnish Patent and Registration Office (PRH) or the Finnish Tax Administration. It consists of seven numerals, a hyphen, and a check digit, so its format is similar to 1234567-8. The business ID is used to individualise the company.
JA companies do not have a business ID. The actions of a JA company are considered personal business activities of the participating individual, for which a business ID is not needed.
On what occasions may a JA company need a business ID?
If you sell products to a company, they may require your business ID in order to settle the invoice, i.e. pay the bill. It is imperative to remember to include a business ID in the bill whenever billing a company that requires a business ID.
A JA company may provide services for which is paid compensation. According to the law on the collection of the tax to be prepaid (1118/1996) 25 §, the payer of compensation must conduct a withholding tax of the compensation paid if the recipient of the compensation is not listed in the preliminary tax withholding register. A JA company selling services is not listed in the preliminary tax withholding register as a distinct company. With the school’s permission, a JA company can include the business ID of the school in their bills to the customers to avoid the withholding tax. If it’s not possible to use the school’s business ID, the teacher needs to apply for permission from JA Finland to use their business ID instead. The JA Finland business ID must not be used without written permission granted.
What may the JA Finland business ID be used for?
The JA Finland business ID can be used for billing invoices if the recipient of the invoice requires the use of a business ID. The use of the JA Finland business ID is subject to license, and the teacher must fill out an application to get permission for a company to use it.
What may the JA Finland business ID not be used for?
The JA Finland business ID cannot be used for buying products nor making contracts of any kind! Opening bank accounts as well as purchasing payment terminals are also considered contracts.
Generally, purchases a JA company needs can be made by the participants as private persons. A part of existing companies, such as wholesale companies, for example, only sell their products to other companies, therefore requiring each buyer’s business ID. In this case, it is better for the JA company to look for another source to be able to purchase the products they need as private persons. Sometimes when purchasing products for a JA company, a student’s personal social security number can be used instead of a business ID.
ATTN! Some companies have different pricing depending on if they are selling to companies or private persons. A value-added tax, VAT, will usually be added into the prices stated for companies. A JA company must, however, pay the VAT, so in this case, using the business ID will not change the price of the service.
Applying for permission to use the JA Finland business ID
If the school’s business ID cannot be used, the teacher must apply for the JA company to be granted permission to use the JA Finland business ID.
Included are some links to helpful services for planning the activities of your company
Platforms and project management
Online discussion platforms are places where you can discuss the matter, share ideas and opinions as well as store files. The following are examples of the many discussion and teamwork platforms available:
The possibility for many people to use the same files is an important part of data management. In case of the hard drive breaking or the computer getting lost, it is recommendable that the important files be backed up. A sensible way of to organize the backing up as well as the collaborative use of the files is through online cloud computing.
Services associated with information storage and collaborative use are, among others:
- Windows OneDrive (https://onedrive.live.com/about/fi-fi/) (a part of the Microsoft 365 palvelua)
- Google Drive (https://drive.google.com/)
- Google Gsuite (https://gsuite.google.fi/intl/fi/) (includes an e-mail, a calendar, Google Drive, Google Docs etc.)
- Box (https://www.box.com/)
- Dropbox (https://www.dropbox.com/)
- iCloud (https://www.icloud.com/)
A new General Data Protection Regulation came into effect in the EU in May 2018. Since then, all personal data must be handled according to the confidentiality rules of the regulation. Enclosed are the crucial points of it for JA entrepreneurs to help them meet the new standards set by it. The contents were compiled by an authority, LL.M. with court training, Mr Petri Holopainen from Suomen Yrittäjät (Finnish Entrepreneurs). Read the complete online guide here. (only in Finnish).
The regulation is referred to as GDPR. Its aim is to bring the regulation of data protection and confidentiality up to date. With the rapid development of technology, new kinds of protection are needed to maintain confidentiality. The GDPR aims for all citizens managing their own data better. The GDPR regulates, for example, collecting, handling, and giving personal data as well as right and responsibilities associated with them. nearly all companies handle personal data in their activities. The rules are the same for all companies active within the EU, no matter what their domicile may be.
Data protection vocabulary
Personal data is used to refer to an individual (later in the text: ”data subject”) or information describing their qualities. In addition to this, it is used to refer to information describing the living conditions that may be linked to them, their family, or the people living in the same household with them. This might apply to, for example, customers’, employees’, or business contacts’ personal data, such as names, addresses, phone numbers, or any other information that can be linked to a specific person.
Handling personal data means the gathering, saving, organizing, analyzing, storing, editing or modifying, searching (from a database, for example), inquiring (a browse the page -type search, for example), or using the personal data.
A register means any organized cluster of information containing personal data where the data is available under certain reasoning. The cluster of information may be either concentrated or distributed, or it may be divided by functional or geographical reasons. This means that the information within the register doesn’t have to be in the same physical location, but it can be spread, for example, on various computers and in various countries. Technically, a register can be a paper register, an Excel-file, or a program used for administering customer information.
A controller is a company that stores personal data and has the right to command over the use of personal data register. The data subject is the individual person whose data has been stored in a register.
The permission of the data subject refers to any voluntary, specified, conscious, and unambiguous expression of will made by the data subject to approve of the handling of their personal data. An expression of will may be, for example, that the data subject ticks a box when visiting an internet site or when filling in a paper form.
Reasons for handling personal data
The GDPR states six reasons based on which it is legal to handle personal data. At least one of these six requirements must be met:
- Permission– The data subject has given their permission to handle their personal data for one or more specific purposes. The permission must be given intentionally, i.e. it cannot be given by keeping silent, by a box ticked in advance, or by leaving something undone.
- Legitimate interests– This means that there is a relevant relationship, such as a membership, a customership, or an employment relationship between the controller and the data subject.
- Contract– Handling personal data is legal when it is necessary in order to execute a contract in which the data subject is a part of.
- Legal obligation – Handling personal data is allowed when it is necessary in order for the controller to abide by the legal obligation. In this case, specific permission from the data subject is not needed. The employer informing the tax authorities about the employees’ earnings is also considered a legal obligation.
- A vital or common interest – Personal data can be handled when it is necessary in order to protect the vital interests of the data subject or another individual. This can be, for example, protecting human lives during a natural disaster. A company may handle personal data to, for instance, warn people about a tsunami.
- Public duty – Personal data can be handled to ensure the performance of public duty.
The rights of the data subject
The General Data Protection Regulation also states rights for the data subject. The data subject’s rights are responsibilities for the controller. The data subject has the right to:
- Gain clear information about handling the personal data
- Gain access into their own data
- Have the possibility to correct erroneous information
- Be forgotten, i.e. delete information
- Transfer information from one system to another
- Limit the handling of information
- Object to the handling
- Object to separate automated decisions, including profiling
The entrepreneur must inform every recipient of personal data of any corrections, deletions, or handling limitations made unless this causes an unreasonable amount of trouble. The entrepreneur must inform the data subjects of these recipients upon the data subject’s demand.
Gathering data – data protection document
Handling personal data must be clear, and the data subject must be told how information about them is gathered and how it is used. The information should be given in a compact way, using a simple and articulate expression. The data subjects are to receive the information free of charge.
The company should provide the data subject access to the description of handling their personal data. According to the GDPR, the information should be given in a written, oral, or electronic form. For instance, at a fair, when participating in a draw for prizes, the data subject may be given a paper describing the use of their personal data.
When collecting personal data, the collector must provide the data subject with all of the following information:
- contact information of the data protection officer, if there is one
- grounds or a reason why personal data may be handled
- the purpose of handling personal data as well as justification for the permission to do it
- the recipients or groups of recipients of the personal data
- whether the collector is about to transmit personal data outside the EU
- the right of the data subject to demand access to their own personal data as well as the right to demand to correct or delete erroneous information, or limit the handling of the data, or refuse the handling of the data and the relocating of the data into another system
- the right to cancel the permission whenever without it affecting the lawfulness of having handled the data based on previous permission before its cancellation
- whether giving personal data is statutory based on a contract or required for making a contract
- whether the data subject actually must give their personal data and what consequences may follow from not agreeing to give this data
- the use of automatic profiling, the significant information about the data handling logic as well as the notability of the handling and its possible consequences to the data subject.
Direct marketing may be continued if the recipient is told about their possibility to ban direct marketing. The data subject must be made aware of the possibility to ban direct marketing. The data subject has the right to refuse to handle their data without the cost.
Traditional direct marketing
Traditional direct marketing is referred to as direct marketing by mail or by telephone. In Finland, it is permitted to market directly to customers by using these traditional methods until the recipient denies it by banning. So, there is no need to ask for the consumer’s permission beforehand for traditional direct marketing.
The consumer must be told about the right to ban direct marketing. The information may be given in the beginning of the customer relationship or any other type of liaison, as well as in a caption on processing operation.
Electronic direct marketing
Electronic direct marketing consists of e-mails, text messages, spoken messages, voice messages, and MMS. To be able to send electronic direct marketing to a person, pre-issued permission must be obtained from them.
There is no need for permission to send advertising to a company. To ask a person’s permission for sending them electronic direct marketing, electronic devices, such as text messages, should be avoided. The company offering services or selling goods has to give the customer an easy and free opportunity to deny the use of personal data whenever collecting personal data and within every electronic direct marketing message. The company offering services or selling goods must clearly inform about the possibility to deny.
The data subject may deny direct marketing, and they must be told about this possibility.
Data protection officer (DPO)
An entrepreneur and a handler of personal data must assign a data protection officer whenever:
- the basic tasks of the controller or handler of data consist of activities that, by their nature, require an extensive, regular, and organized surveillance of the data subjects
- the handling of personal data is extensive and targeted towards specific areas of personal data (such as health records, ethnic origins, political views, religious beliefs, or sexual orientation) or data concerning criminal activities.
Data protection officer is not needed in
- a small law firm
- a one-doctor company.
Data protection officer is needed in, for example
- a security company controlling shopping centres and public locations
- a medical centre with extensive handling of patient data
- a head-hunter company profiling people.
Models and references
- Penttilä. 2018. Data Protection Regulation in plain language. https://www.verkkokauppablogi.fi/tietosuoja-asetus-selkokielella.html.
References and links
- Pönkä, Innowise. 2018. The basis of the General Data Protection Regulation in the EU. https://www.slideshare.net/hponka/eun-yleisentietosuojaasetuksen-perusteet.
- Holopainen, Suomen Yrittäjät. 2018. Entrepreneur’s data protection guide. https://www.yrittajat.fi/yrittajan-abc/yritystoiminnan-abc/yrittajan-tietosuojaopas-570864.
- The Data Protection Authority Office. 2018. Organizations. https://tietosuoja.fi/en/organisations
- GDPR: The Quick and Dirty Guide to Getting Compliant for Startups and Small Business https://startupresources.io/gdpr-small-business-startup-guide/
Intellectual property rights
Intellectual property rights (IPR) refer to the statutory ownership of immaterial creative solutions. The owner of the intangible rights has the power to make decisions concerning the property which they may share with others, grant licenses (under agreed conditions) for using it or prohibit others from using it. Managing intangible rights can be an important business decision that has an impact on the revenue as well as on the procedures of the company.
Oftentimes the creator of a product / an invention / a model seeks direct income for their work, but the intangible rights offer various ways of developing the company activity.
There exists more than one way of dealing with the IPR matters, and every company can choose their own path in regard to business models.
A designer may create a uniquely shaped chair. After this, they have the following possibilities:
- They make an agreement with the manufacturer on the manufacturer’s income per each chair sold.
- They can sell the rights to the design for a larger sum of money thus giving the manufacturer all the possible income from the sale of the chairs.
Computer programmers sell licenses to the applications and games they create. Some put time and effort into creating games and then share them for free, as is the case with the freely downloadable Linux operating system, or with mobile phone games that offer the possibility to later purchase extra parts with the intention to earn money indirectly through services and advertising.
In the examples given, the creators of the contents have the right to decide how to share access rights for the labours of their work (in a similar way to how a company producing goods can decide how it will price their products). All companies must accordingly be aware of the intangible rights of others and ask for permission to use pieces of work created by others.
When can intangible rights become an issue to consider in a JA company?
When setting up a JA company, an assessment of the uniqueness of the business idea (products, creations, images, names, logos) and the possibility to get ownership of them needs to be done. With that, the idea will be secured and protected from being copied.
The majority of ideas cannot be protected by intangible rights because similar ideas already exist on the market. Sometimes it may be wise to invent a product or a service faster than the competitors do than spend the same amount of time protecting the idea. Intangible rights become an issue to consider if the product/service created is quite clearly different from the ones already in the market, as well as easily copied and replicated.
You must also protect your own rights from unauthorized use (even if unintended use) because the owner of the rights has to inform the unauthorized use immediately following the abuse noted.