Per­so­nal da­ta is col­lec­ted from peop­le who app­ly for a ren­tal apart­ment or par­king spa­ce from A-Kruu­nu Oy. The apart­ment app­li­cant and par­king spa­ce re­gis­ter is used and per­so­nal da­ta is pro­ces­sed wit­hin the li­mits per­mit­ted and re­qui­red by the Da­ta Pro­tec­tion Act for ma­na­ging, ma­na­ging and de­ve­lo­ping the cus­to­mer re­la­tions­hip, ana­ly­sis and sta­tis­tics. The cus­to­mer da­ta con­tai­ned in the re­gis­ter can be used in con­nec­tion with apart­ment and par­king spa­ce re­ser­va­tions and the conc­lu­sion of a ren­tal ag­ree­ment, as well as for the mar­ke­ting of the cont­rol­ler and the com­pa­nies be­lon­ging to the sa­me group.

Per­so­nal da­ta is col­lec­ted from per­sons who comp­le­te a te­nan­cy ag­ree­ment with A-Kruu­nu Ltd or who li­ve in an A-Kruu­nu ren­tal ho­me. The re­si­dent re­gis­ter is used and the per­so­nal da­ta wit­hin are pro­ces­sed wit­hin the li­mits per­mit­ted and re­qui­red by the Da­ta Pro­tec­tion Law for the ma­na­ge­ment, ad­mi­nist­ra­tion and de­ve­lop­ment of cus­to­mer re­la­tions­hips as well as for ana­ly­sis, sta­tis­tics, and ac­ti­vi­ties re­la­ting to re­si­dents’ de­moc­ra­cy. The per­so­nal da­ta of the in­ha­bi­tants may be used in the na­me tab­le for the stair­way, on the doors of the apart­ments, in the sau­na and wash room ti­me­tab­les and for ot­her si­mi­lar pur­po­ses. In ad­di­tion, per­so­nal da­ta may fea­tu­re in the mo­ni­to­ring of apart­ment-spe­ci­fic ener­gy and wa­ter con­sump­tion as well as in ot­her mea­su­re­ments ma­de with buil­ding tech­no­lo­gy.

For the ma­na­ge­ment of ren­tal pay­ments, we need the cus­to­mer's per­so­nal da­ta for the bil­ling and col­lec­tion of rent, use char­ges, re­pair in­voi­ces and ot­her in­voi­ces, as well as the re­la­ted ser­vi­ce pro­vi­ded.

The cus­to­mer's per­so­nal da­ta is nee­ded in ca­ses of apart­ment-re­la­ted fai­lu­re re­ports, re­pairs, ins­pec­tions and rep­la­ce­ments.

Per­so­nal in­for­ma­tion and con­tact in­for­ma­tion of the app­li­cant/re­si­dent, in­for­ma­tion about cur­rent re­si­den­ce, wis­hes re­gar­ding the apart­ment or par­king spa­ce to be app­lied for, rea­son for app­lying for an apart­ment, month­ly in­co­me, as­sets and loans, cre­dit in­for­ma­tion, ot­her in­for­ma­tion pro­vi­ded by the re­gist­rant him­self, com­bi­ned with the apart­ment in­for­ma­tion of ren­tal apart­ments.

Per­so­nal da­ta is col­lec­ted from the cus­to­mer when re­gis­te­ring for the mai­ling list, app­lying for an apart­ment or par­king spa­ce, in the ren­tal ag­ree­ment and their fault re­ports and no­ti­ce of ter­mi­na­tion forms.

From the Po­pu­la­tion Re­gis­ter, we can check the cor­rect­ness of per­so­nal da­ta when a ren­tal app­li­ca­tion is ma­de and al­so check the re­si­dent de­tails for our ho­mes.

We col­lect cre­dit and pay­ment be­ha­viour da­ta from the re­gis­ter of Suo­men Asia­kas­tie­to Oy.

Whe­re do we re­gu­lar­ly disc­lo­se in­for­ma­tion to and do we trans­fer it to out­si­de of the EU or the Eu­ro­pean Eco­no­mic Area?

In­for­ma­tion on the te­nants who­se debts are sub­mit­ted for col­lec­tion (per­so­nal da­ta of the deb­tor and lia­bi­li­ties of the deb­tor) is re­gu­lar­ly disc­lo­sed to the part­ner or­ga­ni­sa­tions car­rying out the debt col­lec­tion.

Coo­pe­ra­tion part­ners res­pon­sib­le for ma­na­ging the ren­tal of apart­ments at any par­ti­cu­lar ti­me are pro­vi­ded with in­for­ma­tion about the app­li­cants (per­so­nal da­ta and con­tact de­tails, cur­rent hou­sing in­for­ma­tion, pre­fe­ren­ces con­cer­ning hou­sing app­li­ca­tions, rea­son for app­lying for hou­sing, month­ly in­co­me, wealth and loans, cre­dit in­for­ma­tion, ot­her da­ta pro­vi­ded by the da­ta sub­ject) for the pur­po­se of se­lec­ting te­nants and ma­king the te­nan­cy ag­ree­ment.

Coo­pe­ra­tion part­ners that ha­ve sig­ned ag­ree­ments to ma­na­ge the pro­per­ties are pro­vi­ded with in­for­ma­tion on the te­nants (na­me, add­ress and con­tact de­tails) in or­der to car­ry out their pro­per­ty ma­na­ge­ment tasks.

Coo­pe­ra­tion part­ners that ha­ve sig­ned ag­ree­ments for the ser­vi­ce and main­te­nan­ce of the pro­per­ties are pro­vi­ded with in­for­ma­tion on the te­nants (na­me, add­ress and con­tact de­tails) for the pur­po­se of car­rying out re­pairs in the apart­ments.

Pro­per­ty no­ti­ce boards disp­lay stair­ca­se lists which in­di­ca­te the apart­ment num­ber and the re­si­dent's last na­me.

The mu­ni­ci­pa­li­ties are re­gu­lar­ly pro­vi­ded with in­for­ma­tion on the se­lec­tion of re­si­dents ba­sed on the Go­vern­ment Dec­ree on the se­lec­tion of re­si­dents for ARA­VA hou­sing and sub­si­di­sed hou­sing.

The Hou­sing Fi­nan­ce and De­ve­lop­ment Cent­re of Fin­land has the right to ob­tain the in­for­ma­tion it needs for car­rying out its tasks as a su­per­vi­so­ry aut­ho­ri­ty.

No ot­her da­ta in the re­gist­ry is disc­lo­sed. The cont­rol­ler does not trans­fer da­ta to out­si­de the EU or Eu­ro­pean Eco­no­mic Area.

The abo­ve-men­tio­ned cont­ract part­ners are bound by the ob­li­ga­tion of pro­fes­sio­nal sec­re­cy and by the Da­ta Pro­tec­tion Ag­ree­ment. The Da­ta Pro­tec­tion Ag­ree­ment ma­kes ag­ree­ment bet­ween A-Kruu­nu Ltd and the part­ner on mat­ters re­la­ting to the EU Ge­ne­ral Da­ta Pro­tec­tion Re­gu­la­tion.

How long do we sto­re the per­so­nal da­ta?
The da­ta of a cus­to­mer who has sub­mit­ted the ren­tal app­li­ca­tion is kept for six years from the sub­mis­sion of the app­li­ca­tion, un­less the cus­to­mer comp­le­tes a te­nan­cy ag­ree­ment.

In­for­ma­tion ba­sed on the te­nan­cy ag­ree­ment is kept for six years af­ter the te­nan­cy ag­ree­ment has been ter­mi­na­ted and the ob­li­ga­tions re­la­ted to the te­nan­cy ha­ve been ful­fil­led, un­less A-Kruu­nu has the right and ob­li­ga­tion to keep the in­for­ma­tion for lon­ger, such as with the col­lec­tion of outs­tan­ding rent.

Da­ta is col­lec­ted in da­ta­ba­ses that are pro­tec­ted by fi­re­walls, pass­words and ot­her tech­ni­cal means. The­re are rest­ric­ted ac­cess rights to da­ta sto­red in the IT sys­tem, and the­se ac­cess rights are pro­tec­ted by a user na­me and pass­word.

Ma­nual ma­te­rial is sto­red in a loc­ked and mo­ni­to­red lo­ca­tion.

How can you check and up­da­te your per­so­nal da­ta in the re­gis­ter?

On the ba­sis of the Da­ta Pro­tec­tion Law, the da­ta sub­ject has the right to check what in­for­ma­tion re­la­ting to them is sto­red in the per­so­nal re­gis­ter. You can send an ins­pec­tion re­quest to vuok­raus@a-kruu­nu.fi.

We will res­pond to the re­quest no la­ter than one month af­ter it has been sub­mit­ted and at the sa­me ti­me we will ve­ri­fy the iden­ti­ty of the per­son ma­king the re­quest. The da­ta sub­ject may re­quest the rec­ti­fi­ca­tion of in­cor­rect da­ta, in which ca­se the cont­rol­ler shall de­ci­de on the rec­ti­fi­ca­tion of the da­ta.

You ha­ve the right to lod­ge a comp­laint with the Da­ta Pro­tec­tion Om­buds­man at tie­to­suo­ja@om.fi if you be­lie­ve that we, in our ro­le as the cont­rol­ler, ha­ve not comp­lied with the da­ta pro­tec­tion re­gu­la­tions in for­ce.

The da­ta of a cus­to­mer who has sub­mit­ted the ren­tal app­li­ca­tion is kept for six years from the sub­mis­sion of the app­li­ca­tion, un­less the cus­to­mer comp­le­tes a te­nan­cy ag­ree­ment.

In­for­ma­tion ba­sed on the te­nan­cy ag­ree­ment is kept for six years af­ter the te­nan­cy ag­ree­ment has been ter­mi­na­ted and the ob­li­ga­tions re­la­ted to the te­nan­cy ha­ve been ful­fil­led, un­less A-Kruu­nu has the right and ob­li­ga­tion to keep the in­for­ma­tion for lon­ger, such as with the col­lec­tion of outs­tan­ding rent.

The pro­ces­sing of per­so­nal da­ta re­la­ting to const­ruc­tion and re­pair si­tes is ba­sed on the pre­pa­ra­tion and ful­fil­ment of a cont­ract with the da­ta sub­ject or a com­pa­ny rep­re­sen­ted by them. Per­so­nal da­ta are col­lec­ted on the ba­sis le­gal re­qui­re­ments (e.g. Land Use and Buil­ding Act 132 / 1999, Act on the Cont­rac­tor's Ob­li­ga­tions and Lia­bi­li­ty 1233 / 2006, Oc­cu­pa­tio­nal Sa­fe­ty and Health Act 738 / 2002 and the Act on Ta­xa­tion Pro­ce­du­res 1558 / 1995).

The pro­ces­sing of per­so­nal da­ta col­lec­ted for pro­cu­re­ments is ba­sed on an ag­ree­ment with the da­ta sub­ject or a com­pa­ny rep­re­sen­ted by them. This can be col­lec­ted on the ba­sis of the le­gal re­qui­re­ments (such as the Act on the Cont­rac­tor's Ob­li­ga­tions and Lia­bi­li­ty 1233 / 2006).

The in­for­ma­tion col­lec­ted for sta­ke­hol­der coo­pe­ra­tion is ba­sed on con­sent gi­ven and the le­gi­ti­ma­te in­te­rests of A-Kruu­nu.

In the rec­ruit­ment pro­cess, we col­lect per­so­nal da­ta for as­ses­sing can­di­da­te sui­ta­bi­li­ty and dra­wing up an emp­loy­ment cont­ract.

The pur­po­se of the Whist­leb­lo­wing sys­tem is to mo­ni­tor A-Kruu­nu Oy's ope­ra­tions. The pro­ces­sing of per­so­nal da­ta is ba­sed on the law and the le­gi­ti­ma­te in­te­rest of A-Kruu­nu Oy.

The chan­nel al­lows A-Kruu­nu Oy to mo­ni­tor its comp­lian­ce with the ru­les and laws re­la­ted to its de­ci­sion-ma­king and cont­rol sys­tem. The sys­tem al­lows the per­son to fi­le

a re­port of il­le­gal ac­ti­vi­ties, such as fi­nan­cial con­fu­sion, conf­licts of in­te­rest, cor­rup­tion, abu­se and ot­her il­le­gal ac­ti­vi­ties. 

This in­for­ma­tion is used to mo­ni­tor and in­ves­ti­ga­te abu­ses. In ad­di­tion, the da­ta can be used for mo­ni­to­ring de­ve­lop­ment, ana­ly­sis and sta­tis­tics as well as in­ter­nal re­por­ting.

The list of per­sons emp­lo­yed on the const­ruc­tion and re­pair si­te un­der the act on cont­rac­tor lia­bi­li­ty, the Oc­cu­pa­tio­nal Sa­fe­ty and Health Act and the Act on Ta­xa­tion Pro­ce­du­res may inc­lu­de, among ot­her things, the fol­lo­wing per­so­nal da­ta: na­me, per­so­nal iden­ti­fi­ca­tion num­ber (or cor­res­pon­ding fo­reign iden­ti­fi­ca­tion num­ber), port­rait pho­to, na­tu­re of emp­loy­ment or ser­vi­ce re­la­tions­hip, ho­me sta­te, con­tact de­tails, tax num­ber, A1 or E101 cer­ti­fi­ca­te or ot­her ba­sis for the right to work, emp­lo­yer, and work hours or work days comp­le­ted.

In­for­ma­tion col­lec­ted for sta­ke­hol­der col­la­bo­ra­tion inc­lu­des the per­son's na­me, po­si­tion in the com­pa­ny, con­tact in­for­ma­tion, emp­lo­yer and their con­tact de­tails, and in­for­ma­tion re­la­ted to guest events.

Da­ta en­te­red in­to the pro­cu­re­ment sys­tem inc­lu­des in­for­ma­tion on the part­ner com­pa­ny's con­tact per­son, na­me and con­tact in­for­ma­tion, and in­for­ma­tion re­qui­red by the Act on the Cont­rac­tor's Ob­li­ga­tions and Lia­bi­li­ty.

In the job app­li­ca­tion pro­cess, we re­gis­ter per­so­nal da­ta pro­vi­ded by the per­son in their job app­li­ca­tion, in their CV, and th­rough in­ter­views and ap­ti­tu­de as­sess­ments.

The Whist­leb­lo­wing re­gis­ter may con­tain the fol­lo­wing per­so­nal da­ta on the dec­la­rant, the sub­ject of the re­port and ot­her re­le­vant per­sons:

- Dec­la­rant’s na­me, per­so­nal da­ta and ot­her con­tact in­for­ma­tion, such as add­ress, te­lep­ho­ne num­ber, e-mail add­ress. Re­ports can al­so be sub­mit­ted ano­ny­mous­ly.

- In­for­ma­tion on the re­port, such as the na­me of the sub­ject, in­for­ma­tion on ac­ti­vi­ties that vio­la­te the law (e.g. pla­ce and ti­me), in­for­ma­tion on the wit­ness, in­for­ma­tion re­la­ted to the fi­ling and pro­ces­sing of the re­port 
and mes­sa­ges (inc­lu­ding re­port co­de and sta­tus)

- Pos­sib­le ot­her in­for­ma­tion pro­vi­ded by the dec­la­rant them­self.

In ad­di­tion, da­ta is sto­red in the chan­nel from the re­port pro­ces­sors, such as na­me, job tit­le, e-mail add­ress, user IDs, log da­ta on the use of the sys­tem. 

As a ge­ne­ral ru­le, on­ly in­for­ma­tion pro­vi­ded by the da­ta sub­ject them­sel­ves is en­te­red in­to the re­gis­ter, whet­her this be pro­vi­ded when ma­king cont­racts or or­ders or in ot­her in­te­rac­tions bet­ween the da­ta sub­ject and the cont­rol­ler. Up­da­tes to the in­for­ma­tion may al­so be ob­tai­ned from the aut­ho­ri­ties and com­pa­nies pro­vi­ding up­da­te ser­vi­ces.

Per­so­nal da­ta re­la­ting to work si­tes and pro­cu­re­ments are ob­tai­ned from the main cont­rac­tor, the in­di­vi­duals’ emp­lo­yers, col­lea­gues or the per­sons them­sel­ves.

For the sta­ke­hol­der re­gis­ter, in­for­ma­tion is col­lec­ted from in­di­vi­duals them­sel­ves and their emp­lo­yers, and al­so from A-Kruu­nu emp­lo­yees and pub­lic in­for­ma­tion sour­ces.

In the job app­li­ca­tion pro­cess, in­for­ma­tion is ob­tai­ned eit­her from the app­li­cant or from the re­fe­rees pro­vi­ded by them.

We col­lect cre­dit and pay­ment be­ha­viour da­ta from the re­gis­ter of Suo­men Asia­kas­tie­to Oy.

In­for­ma­tion spe­ci­fied in the Act on the Cont­rac­tor's Ob­li­ga­tions and Lia­bi­li­ty can be col­lec­ted from the Ti­laa­ja­vas­tuu.fi ser­vi­ce.

The pri­ma­ry sour­ce of da­ta to be sto­red in the Whist­leb­lo­wing re­gist­ry is the dec­la­rant them­self.

In the A-Kruu­nu re­por­ting chan­nel, in­for­ma­tion can be disc­lo­sed by all for­mer and cur­rent emp­lo­yees of A-Kruu­nu, whi­te col­lar emp­lo­yees or per­sons ot­her­wi­se in a com­mis­sion re­la­tions­hip with A-Kruu­nu as well as per­sons out­si­de A-Kruu­nu who ha­ve an app­rop­ria­te con­nec­tion with A-Kruu­nu, such as emp­lo­yees of A-Kruu­nu’s part­ners or sub­cont­rac­tors.

In ad­di­tion, the da­ta con­sists of the da­ta sto­red du­ring the abu­se re­port pro­ces­sing.

Ot­her sour­ces of in­for­ma­tion are used wit­hin the li­mits laid down in the law.

Whe­re do we re­gu­lar­ly disc­lo­se in­for­ma­tion to and do we trans­fer it to out­si­de of the EU or the Eu­ro­pean Eco­no­mic Area?

Per­so­nal da­ta in the re­gis­ter is not trans­fer­red to third par­ties, with the ex­cep­tion of cont­rac­ting part­ners who are bound by the ob­li­ga­tion of pro­fes­sio­nal sec­re­cy and the Da­ta Pro­tec­tion Ag­ree­ment and are car­rying out a spe­ci­fic task on be­half of A-Kruu­nu, such as ma­na­ge­ment, pro­cu­re­ment, com­mu­ni­ca­tion or rec­ruit­ment tasks for a const­ruc­tion or re­pair pro­ject. The Da­ta Pro­tec­tion Ag­ree­ment ma­kes ag­ree­ment bet­ween A-Kruu­nu Ltd and the part­ner on mat­ters re­la­ting to the EU Ge­ne­ral Da­ta Pro­tec­tion Re­gu­la­tion. In­for­ma­tion may al­so be disc­lo­sed to par­ties who ha­ve a le­gal right to ac­cess it.
No ot­her da­ta in the re­gist­ry is disc­lo­sed. The cont­rol­ler does not trans­fer da­ta to out­si­de the EU or Eu­ro­pean Eco­no­mic Area.

A-Kruu­nu Oy uses an ex­ter­nal ser­vi­ce pro­vi­der to ma­na­ge the Whist­leb­lo­wing sys­tem and pro­cess re­ports. In this ca­se, per­so­nal da­ta is trans­fer­red to an ex­ter­nal ser­vi­ce pro­vi­der

on­ly to the ex­tent ne­ces­sa­ry to imp­le­ment the Whist­leb­lo­wing-chan­nel.

In­for­ma­tion col­lec­ted un­der the Land Use and Buil­ding Act, the Act on the Cont­rac­tor's Ob­li­ga­tions and Lia­bi­li­ty, the Oc­cu­pa­tio­nal Sa­fe­ty and Health Act and the Act on Ta­xa­tion Pro­ce­du­res shall be kept for six years af­ter the end of the year in which the si­te or work was comp­le­ted or en­ded. If ot­her re­ten­tion pe­riods are laid down in the law, we will comp­ly with the­se. The da­ta col­lec­ted on the ba­sis of cont­racts shall be kept for ten years from the ter­mi­na­tion of the cont­rac­tual re­la­tions­hip and the ful­fil­ment of the re­sul­ting ob­li­ga­tions.

The per­son's da­ta shall be kept in the sta­ke­hol­der re­gis­ter un­til the per­son con­cer­ned cea­ses ac­ting in the po­si­tion which was the rea­son for them being ori­gi­nal­ly en­te­red in the re­gis­ter.

The in­for­ma­tion col­lec­ted in the job app­li­ca­tion pro­cess is kept for two years af­ter the end of the app­li­ca­tion pe­riod, un­less the app­li­ca­tion re­sults in an emp­loy­ment re­la­tions­hip.

The da­ta to be sto­red in the Whist­leb­lo­wing re­gis­ter shall be kept for as long as ne­ces­sa­ry for the pur­po­se of mo­ni­to­ring or due to le­gal ob­li­ga­tions.

As a ru­le, re­port da­ta is sto­red for 90 days from the con­fir­ma­tion of the re­port, un­less it is ne­ces­sa­ry to keep the da­ta furt­her due to on­going cri­mi­nal in­ves­ti­ga­tion, trial or in­ves­ti­ga­tion by the aut­ho­ri­ties, or in or­der to sa­fe­guard the rights of the per­son ma­king the re­port or the per­son who is the sub­ject of the re­port.

Da­ta is col­lec­ted in da­ta­ba­ses that are pro­tec­ted by fi­re­walls, pass­words and ot­her tech­ni­cal means. The­re are rest­ric­ted ac­cess rights to da­ta sto­red in the IT sys­tem, and the­se ac­cess rights are pro­tec­ted by a user na­me and pass­word.

Ma­nual ma­te­rial is sto­red in a loc­ked and mo­ni­to­red lo­ca­tion.

A-Kruu­nu's re­por­ting chan­nel has been imp­le­men­ted in the First Whist­le sys­tem of Juu­ri­har­ja Con­sul­ting Group Oy. The elect­ro­ni­cal­ly pro­ces­sed da­ta con­tai­ned in the re­gis­ter are pro­tec­ted by fi­re­walls, pass­words and ot­her tech­ni­cal means ge­ne­ral­ly ac­cep­ted in the se­cu­ri­ty sec­tors.

Tech­ni­cal­ly, each re­port ma­de th­rough the A-Kruu­nu re­por­ting chan­nel inc­lu­des:

- an iden­ti­fier, a num­ber that on­ly the dec­la­rant knows

- in­for­ma­tion on the sta­tus of the re­le­vant re­port: re­cei­ved / pro­ces­sing / pro­ces­sed

- ad­di­tio­nal re­quests and ans­wers wit­hout de­tails

On­ly iden­ti­fied cont­rol­lers shall ha­ve ac­cess to the da­ta con­tai­ned in the re­gis­ter with the right gran­ted by the cont­rol­ler. The dec­la­rant can on­ly see their own no­ti­fi­ca­tion in the sys­tem. 

How can you check and up­da­te your per­so­nal da­ta in the re­gis­ter?

On the ba­sis of the Da­ta Pro­tec­tion Law, the da­ta sub­ject has the right to check what in­for­ma­tion re­la­ting to them is sto­red in the per­so­nal re­gis­ter. You can send an ins­pec­tion re­quest to vuok­raus@a-kruu­nu.fi.
We will res­pond to the re­quest no la­ter than one month af­ter it has been sub­mit­ted and at the sa­me ti­me we will ve­ri­fy the iden­ti­ty of the per­son ma­king the re­quest. The da­ta sub­ject may re­quest the rec­ti­fi­ca­tion of in­cor­rect da­ta, in which ca­se the cont­rol­ler shall de­ci­de on the rec­ti­fi­ca­tion of the da­ta.

You ha­ve the right to lod­ge a comp­laint with the Da­ta Pro­tec­tion Om­buds­man at tie­to­suo­ja@om.fi if you be­lie­ve that we, in our ro­le as the cont­rol­ler, ha­ve not comp­lied with the da­ta pro­tec­tion re­gu­la­tions in for­ce.