Privacy Statement for Keskustakorttelin Asunnot Ky’s Customer Register

Privacy Statement for Keskustakorttelin Asunnot Ky’s Customer Register

 

1        Controller

Keskustakorttelin Asunnot Ky, Business ID FI-29119267

c/o SRV Construction Ltd

P.O. Box 555, Tarvonsalmenkatu 15

FI-02601 ESPOO, FINLAND

2       In matters relating to this register, please contact

SRV Group Plc

Privacy

P.O.Box 555

02601 Espoo

privacy@srv.fi

Tel. +358 20 145 5200

3       Register name

Privacy Statement for Keskustakorttelin Asunnot Ky’s Customer Register

4       Purpose and basis for processing personal data

The processing of personal data is based on the execution of a contract between Keskustakorttelin Asunnot Ky and the data subject and on fulfilling the data subject’s requests related to inquiries, newsletters, requests for quotations, orders of products and services and other pre-contract activities carried out based on the data subject’s request. In addition, the processing of personal data is based on Keskustakorttelin Asunnot Ky’s legitimate interest (customer relationship and direct marketing) and on the data subject’s consent when that is required for sending electronic direct marketing messages.

The purposes for which personal data is used include the following:

  • managing, maintaining and developing the customer relationship between Keskustakorttelin Asunnot Ky and the data subject
  • selling, marketing, offering, providing and developing products and services
  • checking credit ratings, invoicing, monitoring of payments and debt collection
  • customer communication, including feedback requests and customer satisfaction surveys
  • direct marketing via mail, phone and electronic channels as well as online advertising and the targeting of such marketing and advertising
  • conducting opinion polls and market research
  • organising marketing competitions and prize draws
  • planning and developing the business, products and services
  • detecting, preventing and investigating misuse, fraud and other crimes
  • analysis, profiling, segmentation and statistics compilation for the purposes listed above

5       The information content of the filing system and categories of data subjects

The filing system includes the following information on consumer customers:

  • Basic customer information: first name, last name, personal identification number, postal address, phone number, email address and customer ID
  • Title/profession and investor information
  • The start and end date of the customer relationship and the manner with which the customer relationship started and ended; information on product and service agreements, orders, purchases and cancellations; invoicing, payment and debt collection information and details on credit rating
  • Information on areas of interest (such as Keskustakorttelin Asunnot Ky’s housing construction projects and areas that the customer is interested in and other interest areas the customer has provided details on), marketing actions targeted at the data subject
  • Information on the use of online services, such as service use, for example browsing and search data, cookies and IP addresses
  • Customer feedback, other contacts and complaints
  • Customer/user and marketing segments and profiles created based on analyses and profiling carried out by using the data described above
  • Refusals and consent related to direct marketing and
  • any other information the data subjects themselves have provided

6       Information sources

As a rule, the information in the filing system is collected from the data subjects themselves on the basis of service and website use, contact requests or the filling of other forms or based on information obtained in connection with the use of other services, event participation, contract conclusion and contract execution.

In addition, personal data can be collected and updated from the population register, credit reference register and other similar public and private registers.

7       Disclosure and transfer of data and transfers to countries outside the EU or European Economic Area

Personal data is regularly disclosed to the following parties:

  • Credit institutions holding the safekeeping documents as set out in section 2 of the Housing Transactions Act
  • Property managers of housing construction projects
  • Supervisors and parties monitoring the construction work during the housing construction projects
  • The boards of housing cooperatives (e.g. information on received loan payments is provided as part of the financial statements at assignment)
  • Any other transferees based on transfers that are required in order for the controller to fulfil its legal or contractual obligations.

Keskustakorttelin Asunnot Ky uses external service providers (subcontractors) to implement and provide its services. Such subcontractors include, for example, providers of ICT, sales, marketing and communication services. In this case, personal data can be transferred to subcontractors to the extent that is necessary in order to provide services. These subcontractors process personal data on behalf of the controller in accordance with the controller’s instructions. To ensure privacy protection, Keskustakorttelin Asunnot Oy signs data processing agreements with all subcontractors that process personal data.

As a rule, personal data is not transferred to locations outside the EU or EEA. If, as an exception, personal data is transferred to a location outside the EU or EEA, Keskustakorttelin Asunnot Ky ensures that the level of data protection is adequate by using, for example, the standard clauses approved by the EU Commission.

8       Principles for securing the filing system and the period for retaining data

Only employees who are authorised to process customer data due to their work tasks have access to the system that contains customer data. Each user has a unique user ID and password for the system. Data is stored in databases that are protected with firewalls, passwords and other technical means. Databases and the related backups are located in locked premises and data can be accessed only by pre-defined persons.

After the customer relationship has ended, personal data is retained until all warranty obligations and other contractual or legal obligations between the parties have been fulfilled and the retention and liability periods set out in legislation, for example, the Housing Transaction Act, Consumer Protection Act, Accounting Act and the Act on Prepayment of Tax have ended. As a rule, the personal data of apartment buyers is retained for 11 years starting from the most recent housing transaction.

After the customer relationship has ended, Keskustakorttelin Asunnot Ky can retain basic information on the data subject, as defined above in this privacy statement (excluding the personal identification number), for direct marketing purposes to the extent permitted by law. Keskustakorttelin Asunnot Ky regularly assesses the necessity to retain personal data, in addition to which it takes reasonable measures to ensure that the filing system does not include personal data that is incompatible with the purpose of the processing or that is outdated or incorrect.

9        Data subjects’ rights

Data subjects have the right to prohibit the controller from processing the data subject’s personal data for purposes related to direct marketing, market research, opinion polls and any profiling related to these. Such a refusal of consent can be provided at any time to the contact person of the filing system or, for example, by unsubscribing to messages in the manner described in marketing messages.

Data subjects have the right to check their own information stored in the filing system, and they have the right to demand that data is corrected or erased. Such requests must be submitted in person or in writing to the address provided in section 2.

In accordance with the General Data Protection Regulation, data subjects have the right to object to the processing of their data, request that the processing of their data be restricted, withdraw any consent they have given and lodge a complaint to the supervisory authority concerning the processing of personal data.