{{ result.type_rendered }}
Date
23.9.2024
Registrar
Retta Isännöinti Oy Valimotie 9-11, 00380 Helsinki
Person(s) responsible for the register/or contact person(s)Lawyer Juha Koponen juha.koponen@retta.fi
Registry nameCompliance register (including whistleblowing channel)
Purpose and basis for processing personal data
Legal obligation (European Union Whistleblower Protection Directive, Whistleblower Protection Act). Additional basis: contract and/or legitimate interest.
Data content of the register
Personal data obtained in connection with observations/suspected abuses related to the controller or its subsidiaries. Personal data may include various information provided by the reporter, e.g. the name and contact information of the reporter and the subject of the report.
Regular data sources
All sources of information are used within the limits of applicable law.
The primary source of information is the reporting party. Information necessary for the processing and investigation of cases may be obtained from other sources as needed.
Regular data transfers
Personal data will not be disclosed to third parties. Data will not be disclosed outside the EU/EEA area.
Principles of register protection
All personal data is handled with care. When data is stored on internet servers, physical and digital data security is taken care of appropriately. Data can be processed both inside and outside the reporting channel. There are no paper archives. The controller ensures that access to personal data is organized in a way that maintains the security and confidentiality of the data. Only employees who need to access the data in question due to their work have access to personal data. Only the compliance unit and local processors have access to the reporting channel. Local channels are segregated.
The reporting channel is the WhistleAb system and an agreement has been made with the owner of the system regarding the processing of personal data. Information may have to be disclosed, for example, to authorities or legal advisors.
Storage times:
The information is retained as long as it is necessary to process the report, after which it is deleted from the reporting channel.
Data subjects’ right to inspect
The data subject has the right to inspect the data concerning him or her and the right to request correction of the data. If the data subject requests information concerning him or her or requests correction of his or her data, he or she must send a request to the data controller by email at tietosuoja@retta.fi. If necessary, the data controller has the right to ask the data subject to prove his or her identity. The data controller will respond to the data subject’s requests within the time limit set by the Data Protection Regulation (generally within one month).
Other rights of the data subject
Data subjects also have other rights protected by the EU General Data Protection Regulation, including the right to request that their data be erased (“right to be forgotten”). In order to exercise these rights, the Data Subject must submit requests to the Controller in writing to the address tietosuoja@retta.fi. Where necessary, the Controller may ask the Data Subject to prove their identity. The Controller will respond to the Data Subject’s requests within the time limit set by the EU General Data Protection Regulation (generally within one month).
