Privacy policy

Description of customer file and information form

Description of processing of personal data and data subject rights. EU General Data Protection Regulation (2016/679) and the Personal Data Act (523/99) 10 §.

1. Controller

Kiinteistö Oy Pikipruukki Fastighets Ab
(Trade registry number 0421696-8)
Koulukatu 19
65100 Vaasa
tel. 06 325 4424
fax 06 312 2000

2. Person in charge of matters related to the data file and data protection

Customer relationship director Anne Tukia
Koulukatu 19
65100 Vaasa
tel. 06 325 4472
firstname.lastname@pikipruukki.com

3. Name of the data file

Customer data file of Kiinteistö Oy Pikipruukki Fastighets Ab based on customer relations and other relevant contacts.

4. Purpose of the data file, processing of and legal base of personal data in the file

The data file is used to start, process, manage, analyse and develop customer relations and other relevant contacts, as well as to provide services and for marketing purposes.

By means of the data file, we complete tasks related to our rental operations (e.g. applications, offering apartments, marketing, rentals, apartment service and maintenance, living matters, reclamations, feedback, all financial transactions, collection, verifying customer transactions, concluding agreements). Our other tasks include managing customer relations, administration, producing and providing services, customer satisfaction surveys, planning and developing the business operations and customer relations, as well as customer communication, which can also be handled electronically. Protecting and safeguarding our rights and/or property and as well as that of other parties. Maintaining our statutory obligations and other comparable applications.

The legal base of processing of personal data is based on the agreement between the customer and Kiinteistö Oy Pikipruukki Fastighets Ab.

The legal base of processing of personal data is based on the consent of the data subject.

5. Data file content

In the data file, the following data is saved on persons applying for and moving into the apartment: name, personal identity number, address, phone number, e-mail address, place of residence, nationality, income and assets at the time of application, rank or profession, workplace or school with the duration of employment/studies, any credit and debt settlement data, the need for apartment (data on current apartment and the reasons behind the application), as well as any other data the customer has provided in the application.

The data file also contains data on rental agreements, rent payments, rent guarantees, consumption-based payments, collection and invoicing of the rent and other fees, living, designated guardians, personal and address data of persons moving into or out of the apartment during the rental agreement, as well as any other data concerning management or conclusion of agreements, any reclamations, feedback and other contacts, communication and other actions related to customer relations and other relevant contacts.

6. Regular data sources

The data sources used are the application with attachments submitted by the customer, customer messages and transactions. Other data sources are different authorities and the Population Register Centre.

7. Regular disclosure and transfer of data outside the EU or the European Economic Area

As a rule, the controller does not disclose data to third parties, except for cases when legislation obliges or the situation demands it for such external purposes which do not violate the purpose of processing of personal data mentioned above. Such purposes include matters related to living, collection, service and repairs/renovations, electricity and data network supply, customer satisfaction surveys or marketing. The personal data are not transferred outside the EU or the EEA.

Should the apartment be purchased by an owner external to the controller, the controller is entitled to disclose data required to manage the rental relation to the new owner of the apartment.

8. Storage period of personal data

The controller only stores the data for as long as is required to fulfil the function of the data file. After this, the data is removed. Customer-specific data is stored in the active database of the system for as long as is required to manage the customer relation.

9. Data security

A. Manual material (storage and protection)
Manual material is archived in locked and secure facilities according to date and subject.

B. Stored data (principles for user rights and monitoring of the data file, as well as data equipment protection)
Only especially appointed controller employees, or employees of companies contracted to process data on the behalf of the controller, have access to the stored data. Their user rights are restricted according to their work assignments, with individual usernames and passwords. The use of the data file follows a set of instructions. The data is centrally stored in locked and monitored data facilities, and protected by firewalls, passwords, and other technical, generally accepted means currently available for data protection.

10. The right to inspect, amend and have data removed

If the data subject is able to present substantial reasons, they are entitled to know what data, or if no data, is stored.

The data subject is entitled to request that the controller without reasonable delay amend unspecific and inaccurate personal data on the data subject.

The controller shall on their own initiative or on the request of the data subject amend, delete or complete the personal data in the system, should they be inaccurate, no longer needed, inadequate or obsolete in regard to the purpose of processing and collection of data.

If the data subject wishes to inspect, amend or have their data removed in the manner described above, they shall send a written request signed in person to the contact person of the customer data file. The identity of the data subject is verified when the request is delivered.

Once the controller has received the request, the controller shall without reasonable delay, and no later than in 30 days, send a reply to the data subject. If there are many requests or they are complicated, the controller can let the data subject know that more time is required to process the request, but by no more than an additional 2 months. The controller must provide a fair reason why the processing time is delayed.

The data subject is entitled to inspect their data free of charge once a year. If the access requests are clearly unfounded or unreasonable, and especially if they are frequent, the controller will charge 100 € per request to cover administrative costs. The fee is to be paid before the data is disclosed.

If the controller declines the request of the data subject, the controller shall supply a written statement. This statement shall include the reasons why the request is declined, as well as information on how to appeal to the supervisory authority and make use of other means of legal protection.

11. Right to withdraw consent

If the legal base of the processing of personal data is the consent of the data subject, the subject is also entitled to withdraw their consent.

The request to withdraw consent or to be opposed to processing shall be sent written and signed in person to the contact person of the customer data file. The identity of the data subject is verified when the request is delivered.

12. Does the processing of personal data include automated decision-making such as profiling?

The processing of personal data does not include automated decision-making or profiling.

13. Other matters concerning the processing of personal data

If the access requests of the data subject are clearly unfounded or unreasonable, and especially if they are frequent, the controller may:

  • charge a reasonable fee considering the administrative costs caused by delivering data or messages, or by completing the requested action
  • decline to complete the requested action.

In such cases, the controller shall prove that the request is clearly unfounded or unreasonable.

14. The data subject's right to appeal

The data subject is entitled to appeal to the supervisory authority, should the data subject find that the controller's processing of personal data violates this decree, but only if this does not restrict other administrative instructions for amendment applications or means of legal protection.

15. Amendments to the description of the data file

The description of this data file may be updated from time to time, for instance should the legislation change. The description of this data file was last updated on 24 May 2018.