1. DATA CONTROLLER
Name: Newsec Property Asset Management Finland Oy
Newsec Advisory Finland Oy
Newsec Valuation Oy
each as a separate data controller
Address: Mannerheiminaukio 1 A
00100 Helsinki, Finland
Telephone: +358 (0)207 420 400
Contact person: Niklas Jalonen, Newsec Property Asset Management Finland Oy, Kätlin Kask Newsec Advisory Finland Oy & Newsec Valuation Oy
2. PURPOSE OF USE OF PERSONAL DATA
The personal data of the Data Controller's clients and that of contact persons working within client organisations ('Data Subjects') is processed in the register. Personal data is used for sending newsletters and queries relating to Newsec's client relationship, providing information on client events, maintaining contact with clients, and maintaining and developing client relationships.
3. BASIS FOR PROCESSING OF PERSONAL DATA
Personal data is processed on the basis of the Data Subject's consent, pursual of Newsec's legitimate interests, compliance with a legal obligation, or performance of a contract to which the Data Subject is a party.
4. PERSONAL DATA PROCESSED
Data Subjects' personal data and other data considered necessary for maintaining the client relationship and performance of a client contract is processed in the register. This data is:
• first name and surname
• personal ID number
• employer's office and address
• telephone number
• email address
• client number
• photocopy of passport
• details of prior meetings.
5. REGULAR DATA SOURCES
Data is collected from the Data Subjects themselves, from sources such as contracts signed with the Data Controller or oral or written contact. Participant data is collected in connection with events, seminars and training sessions. Data may also be collected and updated from the registers of data controllers providing address, update or other similar services, as well as by collecting data from public sources. Data may also be collected about persons, with their consent, through websites.
6. PROTECTION OF PERSONAL DATA AND DATA SECURITY
All documentation is stored electronically.
Data contained within the register and processed electronically is protected with firewalls, passwords, and other necessary technical measures generally accepted in the data security sector at the time.
7. REGULAR TRANSFERS AND DISCLOSURES OF PERSONAL DATA
The Data Controller may disclose the Data Subjects' personal data to service providers solely for purposes that do not conflict with the aforementioned personal data processing purposes. A data processing agreement (DPA) has been signed by the Data Controller and Data Processor.
8. TRANSFERING PERSONAL DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
Data contained within the register is not disclosed outside of the European Union or European Economic Area, unless necessary for the technical realisation of data processing.
9. THE DATA SUBJECT'S RIGHTS
In general, a data subject has the right, in accordance with applicable data protection legislation, to:
- obtain information on the processing of their own personal data
- obtain access to their own personal data
- demand that inaccurate or incorrect personal data is rectified
- demand restriction of processing of their personal data or erasure of their personal data
- terminate their consent and object to the processing of their personal data, insofar as the processing of personal data is based on the consent of the Data Subject, and there are no other grounds for it.
The Data Subject must present any requests regarding the realisation of the aforementioned rights to the Data Controller in writing. The Data Controller may request that the Data Subject provide further detail on their request, and verify the identity of the Data Subject prior to processing the request. The Data Controller may refuse to realise the request on the basis of grounds set out in applicable legislation.
All Data Subjects are entitled to lodge a complaint with the supervisory authority concerned or to the public authority of the European Union member state of the Data Subject's habitual residence or place of work, if the Data Subject considers that the processing of personal data relating to him or her infringes applicable data protection legislation.
10. AMENDMENTS TO THIS PRIVACY STATEMENT
This privacy statement may be updated, for example when changes are made to legislation. This privacy statement was last updated on 21 May 2018.