Privacy Policy


Retta Services Oy produces property management services to the housing companies it has as its customers, under the auxiliary company name of Retta Isännöinti. This document refers to the service provider as Retta Isännöinti.

Retta Isännöinti’s business operations require that the company collect certain personal data concerning its customers and stakeholders. In such cases, Retta Isännöinti serves as the data controller defined in data protection legislation. The purpose of this document is to inform data subjects about the processing of their personal data.

Regarding the property management services it provides, Retta Isännöinti is a processor of personal data. Retta Isännöinti is also the processor regarding the customer service it provides to the customers of its own customers based on the property management agreement.1


CONTROLLER: Retta Services Oy, Retta Isännöinti (Business ID FI08716847)


The basis for processing personal data is an agreement between the customer and the controller or the fulfilment of legal obligations (e.g. the Accounting Act and the Act on Money Laundering and the Prevention of Funding of Terrorism) and, in the case of the OmaRetta services, the provision and maintenance of the services.

In addition, the controller may collect information about potential customers for sales and marketing purposes. The data can be used for direct marketing, customer surveys and other similar marketing activities. The basis for data processing is the legitimate interest of Retta Isännöinti or the consent of the data subject.

We process customer feedback and complaints in order to enable us to develop our services, improve customer satisfaction and prepare for possible legal action.

 1 In this case, the housing company in question, the property management services of which Retta Isännöinti provides according to an agreement between the parties, acts as the data controller. Requests and enquiries concerning data subjects’ privacy must always be addressed to the data controller. In other words, concerning the personal data registers of limited liability housing companies, real estate companies or lessors, enquiries must be addressed to the relevant data controller.

Retta Isännöinti has a centralised customer service centre. Its customer service system records all communications, such as email messages and telephone calls. The recorded data includes the date and time and the customer’s name, telephone number and email address. The system also records the content of email messages and telephone calls. The purpose of the data is managing customer service and confirming contents of phone calls on the basis of customer relationships. The processing of the personal data listed above is based on the management of the contractual relationship. The data recorded in the customer service system is stored for 180 days. However, on the basis of careful case-by-case consideration, data may be retained for a longer period when there are acceptable grounds for this.


Among the data on data subjects that is collected are the person’s name, position, company/organisation, contact information (telephone number, email address, home address), and computer IP address. In addition, the registers include any customer complaints and related personal data.

User profiles of registered users of the OmaRetta service are also stored in the customer register. The user profile may include the person’s name, telephone number, address, name of the housing or real estate company and apartment identifier, email address, IP address, personal identity code, bank account number and possibly a profile photograph of the person. In addition, the service contains other information entered into or added to the service by the user themselves. Separate terms of use have been drawn up for the OmaRetta service, and these provide more detailed information, such as various kinds of data collected for the development of services.

The register also contains other information received in connection with customer service situations and the processing of complaints. In addition to the aforementioned information, telephone calls to customer services, the times of the calls and recordings of them, and email conversations are stored in the customer register.

Realia Isännöinti also carries out residential rental operations to a limited extent. In addition to the aforementioned types of data, the types of personal data listed below may be collected in connection with housing rental.

Date of birth, personal identity code, previous address, language of contact, information on political influence (politically exposed person, PEP), information on whether the customer is on an international list of sanctions (a public list of sanction decisions maintained by the National Bureau of Investigation), identifying information of the document used for identity verification or a copy of it, information about guardianship or supervision of interests, other information included in the agreement concerning the property being brokered, profession, length of employment relationship, form of household, information about income, potential other information in the rental housing application, credit history information, information in the rental agreement, and any other information provided by the customer necessary to complete the brokerage assignment.


Personal data is mainly collected from the data subjects themselves. Data may also be collected from sources related to the authorities, such as the Trade Register. In addition, information concerning company contact persons is obtained from public sources, such as company websites or Suomen Asiakastieto Oy.


Personal data may be disclosed within the Retta Group if necessary.

Personal data may also be disclosed to debt collection agencies, and to the authorities upon request. In addition, establishing or defending a legal claim may require the disclosure of personal data to an insurance company or legal adviser, for example.

Data contained in brokerage assignment registers may be disclosed to the authorities supervising brokerage operations (Regional State Administrative Agencies) or other authorities (e.g. information about the selection of tenants to the Housing Finance and Development Centre of Finland) as required by law. The management of brokerage assignments requires the disclosure of data to the counterparty of the assignment.

Data is not disclosed to parties outside the European Union or the European Economic Area.


The retention period and retention criteria vary from person to person and depend on the purpose of processing certain personal data. As a general rule, personal data collected on the basis of a contractual relationship are stored for the duration of the term of validity of the contractual relationship and after its termination for as long as is necessary due to possible legal measures. Personal data collected to provide the service will be stored for as long as the user uses the service. Personal data collected on the basis of a legal obligation is stored for the period required or permitted by law.

Personal data concerning contact persons at potential customer companies is stored for as long as the person in question, according to our information, remains in the position they held when they were included in the register, or for as long as the information in question is used for customer communication and marketing purposes. Offers received, including related personal data, are stored for as long as necessary for the competitive bidding process.

We are required by the legislation concerning identification of customers to store the personal data included in brokerage assignment registers for five years after the end of the assignment. After this time, the data is stored for as long as necessary for any legal procedures.

Customer feedback and complaints are stored until they have been processed, or for as long as is necessary for any legal procedures. Customer service telephone call records are stored for 180 days, and thereafter for as long as is necessary due to possible legal measures.


Personal data is protected by means of appropriate technical and organisational measures. Paper material is stored in a locked space and access to it is limited to persons who have the right to process the data. Digital material is protected through technical measures, and access rights are only granted to people who need to access the material because of their job or assignment. The controller’s personnel are bound by the obligation of professional secrecy and are trained and instructed on the lawful processing of personal data, and their knowledge is regularly maintained.

Any processors of personal data outside the Retta Group are also required to implement sufficient technical and organisational protection measures and commit to a confidentiality obligation.


Data subjects have the right to know whether a data controller is processing personal data concerning them. If the data controller processes such personal data, the data subject has the right to receive a copy of the personal data concerning them. If the personal data is deficient, erroneous, inaccurate or outdated, the data subject has the right to request that the data controller correct the data.

If the processing of personal data is based on the data subject’s consent or a contractual relationship, the data subject has the right to receive the personal data concerning them in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller. This right only applies to personal data that the data subject has provided to the data controller and that is processed automatically.

Data subjects have the right, in certain circumstances, to request restrictions on the processing of their personal data. This is the case when, for example, the accuracy of personal data is contested by the data subject. In such cases, processing will be restricted until it has been confirmed that the data is accurate and its processing is lawful.

The data subject has the right to request that the personal data concerning them be erased. This right is only applicable when the personal data is no longer needed for the purposes for which it was collected, there are no other legal grounds for its processing and it does not need to be stored to meet the requirements of the law. In other words, data cannot be erased while there is a valid legal basis for its storage.

If the processing of personal data is only based on the data subject’s consent, they have the right to withdraw their consent at any time. In addition, the data subject has the right to object to the processing of their personal data if its processing is based on the data controller’s legitimate interest.

The data subject has the right to file a complaint with the Data Protection Ombudsman ( if the data controller fails to meet their obligations or otherwise fails to comply with the applicable data protection laws.

In addition, the data subject has the right to object to the processing of data concerning him or her and to be informed of a data breach concerning his or her personal data.

If you have any questions about personal data processing and data subjects’ rights, please contact us by email