{{ result.type_rendered }}
Retta Group collects personal data about its current and potential customers in its marketing register. The following companies operate as joint controllers: Retta Services Oy (operating under auxiliary names Retta Isännöinti, Retta Management and Retta Asuntovuokraus) and Huoneistokeskus Oy, hereinafter referred to as “Retta”. The purpose of this privacy statement is to inform data subjects about the processing of their personal data in regards to marketing.
*) Note! You can find the privacy policy of the data subjects who have consented to marketing through Huoneistokeskus’ commission contract/tender offer here
What personal data does Retta process, and for what purpose?
Retta collects personal data for marketing purposes. The data subjects entered in the marketing register are Retta’s consumer and business customers as well as its potential customers. The purpose of processing personal data is to market products and services to both business and consumer customers by sending marketing messages, releases and newsletters.
For business customers, personal data mainly includes contact information (name of contact person or representative, position in the company, email address and phone number).
From consumers, we also collect the contact information of the data subject (name, email and phone number).
What is Retta’s processing of personal data based on?
For corporate customers, the basis for processing personal data is our legitimate interest. Retta’s legitimate interest is to market its services and products in order to increase visibility and improve sales.
The basis for processing consumers’ personal data is the data subject’s consent to marketing. The data subject will always have the opportunity and the right to withdraw their consent if they no longer wish to receive marketing.
Where does Retta obtain personal data?
Data is mainly collected from data subjects. In addition, information concerning company contact persons is obtained from public sources, such as corporate websites. Companies’ contact information may also be obtained from companies that provide such information for these purposes.
Profiling and automated decision making
In targeted marketing communications, we carry out profiling based on your online behaviour, but we do not target you with automated decision making measures based on personal data.
Data processors and disclosure to third parties
Personal data may be disclosed within the Retta Group for business development purposes.
Retta uses various service providers and thus personal data processors when providing services to its customers.
Data is not disclosed to parties outside the European Union or the European Economic Area.
How long is personal data stored?
Personal data concerning business customers is stored for as long as the person in question, according to our information, remains in the position they held when they were included in the register, or for as long as the information in question is used for customer communication and marketing purposes, unless they have forbidden the use of their contact information.
If the personal data has been collected on the basis of the consent of the data subject, we will retain the personal data until the data subject withdraws their consent.
How is the data protected?
The data is protected by means of appropriate technical and organisational measures. Paper documents are stored in a locked facility. Digital material is protected through technical measures, and access rights are only granted to people who need to access the material because of their job or assignment. The employees of Retta are bound by a confidentiality obligation. Employees are provided with training and instructions on the lawful processing of personal data.
Any processors of personal data outside the Retta Group are also required to implement sufficient technical and organisational protection measures and commit to a confidentiality obligation.
What are the data subject’s rights?
Data subjects have the right to know whether a data controller is processing personal data concerning them. If the data controller processes such personal data, the data subject has the right to receive a copy of the personal data concerning them. If the personal data is deficient, erroneous, inaccurate or outdated, the data subject has the right to request that the data controller correct the data.
If the processing of personal data is based on the data subject’s consent or a contractual relationship, the data subject has the right to receive the personal data concerning them in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller. This right only applies to personal data that the data subject has provided to the data controller and that is processed automatically.
In certain circumstances, the data subject has the right to restrict the processing of their personal data. This is the case when, for example, the accuracy of personal data is contested by the data subject. In such cases, processing will be restricted until it has been confirmed that the data is accurate and its processing is lawful.
The data subject has the right to request that the personal data concerning them be erased. This right is only applicable when the personal data is no longer needed for the purposes for which it was collected, there are no other legal grounds for its processing and it does not need to be stored to meet the requirements of the law. In other words, data cannot be erased while there is a valid legal basis for its storage.
If the processing of personal data is only based on the data subject’s consent, they have the right to withdraw their consent at any time. In addition, the data subject has the right to object to the processing of their personal data if its processing is based on the data controller’s legitimate interest.
The data subject has the right to file a complaint with the Data Protection Ombudsman(www.tietosuoja.fi) if the data subject believes that the data controller fails to meet their obligations or otherwise fails to comply with the applicable data protection laws.
If you have any questions about personal data processing and data subjects’ rights, please contact us via email. We verify your identify before you submit your information.
This privacy statement was last updated on 1 September 2023
