{{ result.type_rendered }}
Retta Services Oy produces property management services to the housing companies it has as its customers, under the auxiliary company name of Retta Isännöinti. This document refers to the service provider as Retta Isännöinti.
Retta Isännöinti’s business operations require that the company collect certain personal data concerning its customers and stakeholders. In such cases, Retta Isännöinti serves as the data controller defined in data protection legislation. The purpose of this document is to inform data subjects about the processing of their personal data.
Regarding the property management services it provides, Retta Isännöinti is a processor of personal data. Retta Isännöinti is also the processor regarding the customer service it provides to the customers of its own customers based on the property management agreement.
CONTROLLER: Retta Services Oy (Business ID FI08716847)
BASIS AND PURPOSE OF PROCESSING PERSONAL DATA
Retta Isännöinti maintains a customer register in producing the property management service for housing companies. The grounds for processing personal data are the implementation of the agreement between the customer and Retta Isännöinti and the fulfilment of legal obligations (e.g. Accounting Act, Money Laundering Act, Housing Companies Act).
Processed personal data
The following information is collected about Retta Isännöinti customers: name, position in the customer company, contact information (phone number, email address, address), In addition, the registers include any customer complaints and related personal data.
User profiles of registered users of the OmaRetta service are also stored in the customer register. The user profile may include the person’s name, telephone number, address, name of the housing or real estate company and apartment identifier, email address, IP address, personal identity code, bank account number and possibly a profile photograph of the person. In addition, the service contains other information entered into or added to the service by the user themselves. Separate terms of use have been drawn up for the OmaRetta service, and these provide more detailed information, such as various kinds of data collected for the development of services.
Retta Isännöinti also collects the following personal data in the customer register, related to the apartment rental business.
Date of birth, personal identity code, previous address, language of contact, information on political influence (politically exposed person, PEP), information on whether the customer is on an international list of sanctions (a public list of sanction decisions maintained by the National Bureau of Investigation), identifying information of the document used for identity verification or a copy of it, information about guardianship or supervision of interests, other information included in the agreement concerning the property being brokered, profession, length of employment relationship, form of household, information about income, potential other information in the rental housing application, credit history information, information in the rental agreement, and any other information provided by the customer necessary to complete the brokerage assignment.
In apartment rental activities, the legal basis for the processing of personal data is the implementation of the contract and a legal obligation.
The data subjects’ data will not be used for profiling and will not be subject to automated decision-making measures.
REGULAR DATA SOURCES
Personal data is mainly collected from the data subjects themselves. Data may also be collected from sources related to the authorities, such as the Trade Register. In addition, information is obtained from public sources, such as housing company websites or Suomen Asiakastieto Oy.
DATA PROCESSORS AND REGULAR DISCLOSURE OF DATA
Retta Isännöinti uses various service providers and thus personal data processors when providing services to its customers, such as our customer relationship management and sales system.
Personal data may be disclosed within the Retta Group if necessary to develop its business.
Personal data may also be disclosed to debt collection agencies, and to the authorities upon request. In addition, establishing or defending a legal claim may require the disclosure of personal data to an insurance company or legal adviser, for example.
Data contained in brokerage assignment registers may be disclosed to the authorities supervising brokerage operations (Regional State Administrative Agencies) or other authorities (e.g. information about the selection of tenants to the Housing Finance and Development Centre of Finland) as required by law. The management of brokerage assignments requires the disclosure of data to the counterparty of the assignment.
Data is not disclosed to parties outside the European Union or the European Economic Area.
RETENTION PERIODS
The retention period and retention criteria vary from person to person and depend on the purpose of processing certain personal data.
As a general rule, personal data collected on the basis of a contractual relationship are stored for the duration of the term of validity of the contractual relationship and after its termination for as long as is necessary due to possible legal measures. Personal data collected on the basis of a legal obligation is stored for the period required by law.
Offers submitted with personal data are stored for a maximum of two years after the end of the tender process.
We are required by legislation concerning identification of customers to store the personal data included in brokerage assignment registers as well as accounting/corporate services for five years after the end of the assignment.
PRINCIPLES OF DATA PROTECTION
Personal data is protected by means of appropriate technical and organisational measures. Paper material is stored in a locked space and access to it is limited to persons who have the right to process the data. Digital material is protected through technical measures, and access rights are only granted to people who need to access the material because of their job or assignment. The controller’s personnel are bound by the obligation of professional secrecy and are trained and instructed on the lawful processing of personal data, and their knowledge is regularly maintained.
Any processors of personal data outside the Retta Group are also required to implement sufficient technical and organisational protection measures and commit to a confidentiality obligation.
RIGHTS OF DATA SUBJECTS
Data subjects have the right to know whether a data controller is processing personal data concerning them. If the data controller processes such personal data, the data subject has the right to receive a copy of the personal data concerning them. If the personal data is deficient, erroneous, inaccurate or outdated, the data subject has the right to request that the data controller correct the data.
If the processing of personal data is based on the data subject’s consent or a contractual relationship, the data subject has the right to receive the personal data concerning them in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller. This right only applies to personal data that the data subject has provided to the data controller and that is processed automatically.
Data subjects have the right, in certain circumstances, to request restrictions on the processing of their personal data. This is the case when, for example, the accuracy of personal data is contested by the data subject. In such cases, processing will be restricted until it has been confirmed that the data is accurate and its processing is lawful.
The data subject has the right to request that the personal data concerning them be erased. This right is only applicable when the personal data is no longer needed for the purposes for which it was collected, there are no other legal grounds for its processing and it does not need to be stored to meet the requirements of the law. In other words, data cannot be erased while there is a valid legal basis for its storage.
If the processing of personal data is only based on the data subject’s consent, they have the right to withdraw their consent at any time. In addition, the data subject has the right to object to the processing of their personal data if its processing is based on the data controller’s legitimate interest.
The data subject has the right to file a complaint with the Data Protection Ombudsman(www.tietosuoja.fi) if the data subject believes that the data controller fails to meet their obligations or otherwise fails to comply with the applicable data protection laws.
In addition, the data subject has the right to object to the processing of data concerning them.
If you have any questions about personal data processing and data subjects’ rights, please contact us via email. We verify your identify before you submit your information.
This privacy statement was last updated on 1 September 2023.
