Privacy statement / Lease accommodation
1. Data controller
Name: Newsec Property Asset Management Finland Oy
Address: P.O. Box 52, FI-00101 Helsinki
Contact person: Sanna Lehikoinen
2. Purpose of use the use of personal data
Personal data, including that of the applicant and co-applicant ('Data Subjects'), provided to the Data Controller in the accommodation leasing application are processed in the register. The purpose of use of the register is the up-to-date management of the Data Subject's accommodation application data during the leasing process and possible customer satisfaction surveys during the tenancy.
3. Basis for the processing of personal data
The processing of personal data is based on the consent of the Data Subject and, if the accommodation application progresses to lease negotiations, realisation of measures required under the lease, as well as for compliance with the Data Controller's legal obligations and/or pursuing legitimate interests.
4. Personal data processed
Data Subjects' personal and contact data and that of any co-tenants, as well as any necessary data relating to the lease is processed in the register. This data is:
Basic data, such as:
- first name and surname
- personal ID number
- marital status
- contact details (postal address, telephone number, email address).
Other pertinent data, such as:
- the applicant's income and assets
- employer and duration of employment
- replies to the customer satisfaction surveys.
- PEP-status (politically exposed person)
- possible international sanctions against tenant
5. Regular data sources
Data is collected from the data subjects themselves as part of the accommodation application and possibly on the customer satisfaction survey form. Data may also be collected from companies providing services, such as credit information from the credit information register maintained by Suomen Asiakastieto Oy.
Personal Data is stored in the register only as long as the processing has a legitimate basis compliant to the GDPR.
6. Protection of personal data and data security
All documentation is stored electronically.
Data contained within the register and processed electronically is protected with firewalls, passwords, and other necessary technical measures generally accepted in the data security sector at the time.
7. Regular transfers or disclosures of personal data
The Data Controller discloses Data Subjects' personal ID numbers to Suomen Asiakastieto Oy in order to check credit information. The credit information of all adult residents will be checked prior to the signing of the lease. Personal data may be disclosed to be checked against the EU's sanctions list. The disclosure of data for these purposes does not conflict with the aforementioned personal data processing purposes. The Data Controller may disclose the results of the customer satisfaction surveys to the Data Subject’s landlord. Data may also be disclosed to e.g. builder and/or locksmith companies in order to arrange maintenance or Data Subjects move to apartment.
8. Transfering personal data outside the European Union or the European Economic Area
Data contained within the register is not disclosed outside of the European Union or European Economic Area, unless necessary for the technical realisation of data processing. As regards to possible customer satisfaction surveys the Data Controller may disclose results to a landlord even if the landlord is located outside the European Union or European Economic Area.
9. The data subject’s rights
In general, a data subject has the right, in accordance with applicable data protection legislation, to:
- obtain information on the processing of their own personal data
- obtain access to their own personal data
- demand that inaccurate or incorrect personal data is rectified
- demand restriction of processing of their personal data or erasure of their personal data
- terminate their consent and object to the processing of their personal data, insofar as the processing of personal data is based on the consent of the Data Subject, and there are no other grounds for it.
The Data Subject must present any requests regarding the realisation of the aforementioned rights to the Data Controller in writing. The Data Controller may request that the Data Subject provide further detail on their request, and verify the identity of the Data Subject prior to processing the request. The Data Controller may refuse to realise the request on the basis of grounds set out in applicable legislation.
All Data Subjects are entitled to lodge a complaint with their country specific data protection supervisory authority, if the Data Subject considers that the processing of personal data relating to him or her infringes applicable data protection legislation.
10. Amendments to this privacy statement
This privacy statement may be updated, for example, when changes are made to legislation. This privacy statement was last updated on 26.9.2023.