Description of key file and information form
Description of processing of personal data and data subject rights. EU General Data Protection Regulation (2016/679) and the Personal Data Act (523/99) 10 §.
Kiinteistö Oy Pikipruukki Fastighets Ab
(Trade registry number 0421696-8)
tel. 06 325 4424
fax 06 312 2000
2. Person in charge of matters related to the data file and data protection
Customer relationship director Anne Tukia
tel. 06 325 4472
3. Name of the data file
Key data file of Kiinteistö Oy Pikipruukki Fastighets Ab.
4. Purpose of the data file, processing of and legal base of personal data in the file
The registers are used for key handing, returning, additional orders and re-serializing of the locks. In addition, registers will be used when possible to investigate crimes, vandalism and other misdemeanours occurring on the property owned by the controller.
The legal base of processing of personal data is based on the agreement between the customer and Kiinteistö Oy Pikipruukki Fastighets Ab about using the keys which were given.
5. Data file content
The registers include the name and address of the key holder, as well as the dates of the handing and returning the keys.
In addition, the electronic register logs passage information of the property doors with key identification information including dates and times.
6. Regular data sources
The data sources used are the information gathered from the registered user in connection with key deliveries, as well as the passage information from readers of properties doors.
7. Regular disclosure and transfer of data outside the EU or the European Economic Area
The controller does not mainly give information outside the company, except in the case of a criminal suspect, information may be given to the police.
The personal data are not transferred outside the EU or the EEA. Should the apartment be purchased by an owner external to the controller, the controller is entitled to disclose data required to manage the rental relation to the new owner of the apartment.
8. Storage period of personal data
The controller only stores the data for as long as is required to fulfil the function of the data file. After this, the data is removed. Customer-specific data is stored in the active database of the system for as long as is required to manage the customer relation.
9. Data security
A. Manual material (storage and protection)
Manual material is archived in locked and secure facilities according to date and subject.
B. Stored data (principles for user rights and monitoring of the data file, as well as data equipment protection)
Only especially appointed controller employees, or employees of companies contracted to process data on the behalf of the controller, have access to the stored data. Their user rights are restricted according to their work assignments, with individual usernames and passwords. The use of the data file follows a set of instructions. The data is centrally stored in locked and monitored data facilities, and protected by firewalls, passwords, and other technical, generally accepted means currently available for data protection.
10. The right to inspect, amend and have data removed
If the data subject is able to present substantial reasons, they are entitled to know what data, or if no data, is stored.
The data subject is entitled to request that the controller without reasonable delay amend unspecific and inaccurate personal data on the data subject.
The controller shall on their own initiative or on the request of the data subject amend, delete or complete the personal data in the system, should they be inaccurate, no longer needed, inadequate or obsolete in regard to the purpose of processing and collection of data.
If the data subject wishes to inspect, amend or have their data removed in the manner described above, they shall send a written request signed in person to the contact person of the key data file. The identity of the data subject is verified when the request is delivered.
Once the controller has received the request, the controller shall without reasonable delay, and no later than in 30 days, send a reply to the data subject. If there are many requests or they are complicated, the controller can let the data subject know that more time is required to process the request, but by no more than an additional 2 months. The controller must provide a fair reason why the processing time is delayed.
The data subject is entitled to inspect their data free of charge once a year. If the access requests are clearly unfounded or unreasonable, and especially if they are frequent, the controller will charge 100 € per request to cover administrative costs. The fee is to be paid before the data is disclosed.
If the controller declines the request of the data subject, the controller shall supply a written statement. This statement shall include the reasons why the request is declined, as well as information on how to appeal to the supervisory authority and make use of other means of legal protection.
11. Right to withdraw consent
If the legal base of the processing of personal data is the consent of the data subject, the subject is also entitled to withdraw their consent.
The request to withdraw consent or to be opposed to processing shall be sent written and signed in person to the contact person of the key data file. The identity of the data subject is verified when the request is delivered.
12. Does the processing of personal data include automated decision-making such as profiling?
The processing of personal data does not include automated decision-making or profiling.
13. Other matters concerning the processing of personal data
If the access requests of the data subject are clearly unfounded or unreasonable, and especially if they are frequent, the controller may:
- charge a reasonable fee considering the administrative costs caused by delivering data or messages, or by completing the requested action
- decline to complete the requested action.
In such cases, the controller shall prove that the request is clearly unfounded or unreasonable.
14. The data subject's right to appeal
The data subject is entitled to appeal to the supervisory authority, should the data subject find that the controller's processing of personal data violates this decree, but only if this does not restrict other administrative instructions for amendment applications or means of legal protection.
15. Amendments to the description of the data file
The description of this data file may be updated from time to time, for instance should the legislation change. The description of this data file was last updated on 24 May 2018.