A-Kruunu Ltd customer relations register description 21.5.2018
PRIVACY STATEMENT
Controller
A-Kruunu Ltd
Pasilankatu 13, FI-00520 Helsinki
Service Number: 0207 207 100
Business ID 1736841-8
Domicile: Helsinki
Person responsible for register matters
Petteri Puolane
Pasilankatu 13, FI-00520 Helsinki
Service Number: 0207 207 100
Register name
Register of housing applicants
Resident Register
Ledger systems
Processing of apartment information
What do we use the register for?
Personal data is collected from people who apply for a rental apartment or parking space from A-Kruunu Oy. The apartment applicant and parking space register is used and personal data is processed within the limits permitted and required by the Data Protection Act for managing, managing and developing the customer relationship, analysis and statistics. The customer data contained in the register can be used in connection with apartment and parking space reservations and the conclusion of a rental agreement, as well as for the marketing of the controller and the companies belonging to the same group.
Personal data is collected from persons who complete a tenancy agreement with A-Kruunu Ltd or who live in an A-Kruunu rental home. The resident register is used and the personal data within are processed within the limits permitted and required by the Data Protection Law for the management, administration and development of customer relationships as well as for analysis, statistics, and activities relating to residents’ democracy. The personal data of the inhabitants may be used in the name table for the stairway, on the doors of the apartments, in the sauna and wash room timetables and for other similar purposes. In addition, personal data may feature in the monitoring of apartment-specific energy and water consumption as well as in other measurements made with building technology.
For the management of rental payments, we need the customer's personal data for the billing and collection of rent, use charges, repair invoices and other invoices, as well as the related service provided.
The customer's personal data is needed in cases of apartment-related failure reports, repairs, inspections and replacements.
Personal data and contact details of the applicant/resident, information on current housing, wishes concerning the apartment or parking space to be applied for, reason for applying for the apartment, monthly income, wealth and loans, credit information, other information provided by the data subject in combination with the rental apartments’ information, footage obtained via camera surveillance of properties, including place, time and date. No access log register created through the use of electronic keys and locks is collected in our properties.
Personal data is collected from the customer when registering for the mailing list, applying for an apartment or parking space, in the rental agreement and their fault reports and notice of termination forms.
From the Population Register, we can check the correctness of personal data when a rental application is made and also check the resident details for our homes.
We collect credit and payment behaviour data from the register of Suomen Asiakastieto Oy.
Where do we regularly disclose information to and do we transfer it to outside of the EU or the European Economic Area?
Information on the tenants whose debts are submitted for collection (personal data of the debtor and liabilities of the debtor) is regularly disclosed to the partner organisations carrying out the debt collection.
Cooperation partners responsible for managing the rental of apartments at any particular time are provided with information about the applicants (personal data and contact details, current housing information, preferences concerning housing applications, reason for applying for housing, monthly income, wealth and loans, credit information, other data provided by the data subject) for the purpose of selecting tenants and making the tenancy agreement.
Cooperation partners that have signed agreements to manage the properties are provided with information on the tenants (name, address and contact details) in order to carry out their property management tasks.
Cooperation partners that have signed agreements for the service and maintenance of the properties are provided with information on the tenants (name, address and contact details) for the purpose of carrying out repairs in the apartments.
Property notice boards display staircase lists which indicate the apartment number and the resident's last name.
The municipalities are regularly provided with information on the selection of residents based on the Government Decree on the selection of residents for ARAVA housing and subsidised housing.
The Housing Finance and Development Centre of Finland has the right to obtain the information it needs for carrying out its tasks as a supervisory authority.
No other data in the registry is disclosed. The controller does not transfer data to outside the EU or European Economic Area.
The above-mentioned contract partners are bound by the obligation of professional secrecy and by the Data Protection Agreement. The Data Protection Agreement makes agreement between A-Kruunu Ltd and the partner on matters relating to the EU General Data Protection Regulation.
How long do we store the personal data?
The data of a customer who has submitted the rental application is kept for six years from the submission of the application, unless the customer completes a tenancy agreement.
Information based on the tenancy agreement is kept for six years after the tenancy agreement has been terminated and the obligations related to the tenancy have been fulfilled, unless A-Kruunu has the right and obligation to keep the information for longer, such as with the collection of outstanding rent.
Data is collected in databases that are protected by firewalls, passwords and other technical means. There are restricted access rights to data stored in the IT system, and these access rights are protected by a user name and password.
Manual material is stored in a locked and monitored location.
How can you check and update your personal data in the register?
On the basis of the Data Protection Law, the data subject has the right to check what information relating to them is stored in the personal register. You can send an inspection request to vuokraus@a-kruunu.fi.
We will respond to the request no later than one month after it has been submitted and at the same time we will verify the identity of the person making the request. The data subject may request the rectification of incorrect data, in which case the controller shall decide on the rectification of the data.
You have the right to lodge a complaint with the Data Protection Ombudsman at tietosuoja@om.fi if you believe that we, in our role as the controller, have not complied with the data protection regulations in force.
The data of a customer who has submitted the rental application is kept for six years from the submission of the application, unless the customer completes a tenancy agreement.
Information based on the tenancy agreement is kept for six years after the tenancy agreement has been terminated and the obligations related to the tenancy have been fulfilled, unless A-Kruunu has the right and obligation to keep the information for longer, such as with the collection of outstanding rent.
A-Kruunu Ltd stakeholder register description 21.5.2018
PRIVACY STATEMENT
Controller
A-Kruunu Ltd
Pasilankatu 13, FI-00520 Helsinki
Service Number: 0207 207 100
Business ID 1736841-8
Domicile: Helsinki
Person responsible for register matters
Riikka Vitakoski
Pasilankatu 13, FI-00520 Helsinki
Service Number: 0207 207 100
Table name
Construction and repair site information
procurements
stakeholders
jobseekers
whistleblowing
What do we use the register for?
The processing of personal data relating to construction and repair sites is based on the preparation and fulfilment of a contract with the data subject or a company represented by them. Personal data are collected on the basis legal requirements (e.g. Land Use and Building Act 132 / 1999, Act on the Contractor's Obligations and Liability 1233 / 2006, Occupational Safety and Health Act 738 / 2002 and the Act on Taxation Procedures 1558 / 1995).
The processing of personal data collected for procurements is based on an agreement with the data subject or a company represented by them. This can be collected on the basis of the legal requirements (such as the Act on the Contractor's Obligations and Liability 1233 / 2006).
The information collected for stakeholder cooperation is based on consent given and the legitimate interests of A-Kruunu.
In the recruitment process, we collect personal data for assessing candidate suitability and drawing up an employment contract.
The purpose of the Whistleblowing system is to monitor A-Kruunu Oy's operations. The processing of personal data is based on the law and the legitimate interest of A-Kruunu Oy.
The channel allows A-Kruunu Oy to monitor its compliance with the rules and laws related to its decision-making and control system. The system allows the person to file
a report of illegal activities, such as financial confusion, conflicts of interest, corruption, abuse and other illegal activities.
This information is used to monitor and investigate abuses. In addition, the data can be used for monitoring development, analysis and statistics as well as internal reporting.
The list of persons employed on the construction and repair site under the act on contractor liability, the Occupational Safety and Health Act and the Act on Taxation Procedures may include, among other things, the following personal data: name, personal identification number (or corresponding foreign identification number), portrait photo, nature of employment or service relationship, home state, contact details, tax number, A1 or E101 certificate or other basis for the right to work, employer, and work hours or work days completed.
Information collected for stakeholder collaboration includes the person's name, position in the company, contact information, employer and their contact details, and information related to guest events.
Data entered into the procurement system includes information on the partner company's contact person, name and contact information, and information required by the Act on the Contractor's Obligations and Liability.
In the job application process, we register personal data provided by the person in their job application, in their CV, and through interviews and aptitude assessments.
The Whistleblowing register may contain the following personal data on the declarant, the subject of the report and other relevant persons:
- Declarant’s name, personal data and other contact information, such as address, telephone number, e-mail address. Reports can also be submitted anonymously.
- Information on the report, such as the name of the subject, information on activities that violate the law (e.g. place and time), information on the witness, information related to the filing and processing of the report
and messages (including report code and status)
- Possible other information provided by the declarant themself.
In addition, data is stored in the channel from the report processors, such as name, job title, e-mail address, user IDs, log data on the use of the system.
As a general rule, only information provided by the data subject themselves is entered into the register, whether this be provided when making contracts or orders or in other interactions between the data subject and the controller. Updates to the information may also be obtained from the authorities and companies providing update services.
Personal data relating to work sites and procurements are obtained from the main contractor, the individuals’ employers, colleagues or the persons themselves.
For the stakeholder register, information is collected from individuals themselves and their employers, and also from A-Kruunu employees and public information sources.
In the job application process, information is obtained either from the applicant or from the referees provided by them.
We collect credit and payment behaviour data from the register of Suomen Asiakastieto Oy.
Information specified in the Act on the Contractor's Obligations and Liability can be collected from the Tilaajavastuu.fi service.
The primary source of data to be stored in the Whistleblowing registry is the declarant themself.
In the A-Kruunu reporting channel, information can be disclosed by all former and current employees of A-Kruunu, white collar employees or persons otherwise in a commission relationship with A-Kruunu as well as persons outside A-Kruunu who have an appropriate connection with A-Kruunu, such as employees of A-Kruunu’s partners or subcontractors.
In addition, the data consists of the data stored during the abuse report processing.
Other sources of information are used within the limits laid down in the law.
Where do we regularly disclose information to and do we transfer it to outside of the EU or the European Economic Area?
Personal data in the register is not transferred to third parties, with the exception of contracting partners who are bound by the obligation of professional secrecy and the Data Protection Agreement and are carrying out a specific task on behalf of A-Kruunu, such as management, procurement, communication or recruitment tasks for a construction or repair project. The Data Protection Agreement makes agreement between A-Kruunu Ltd and the partner on matters relating to the EU General Data Protection Regulation. Information may also be disclosed to parties who have a legal right to access it.
No other data in the registry is disclosed. The controller does not transfer data to outside the EU or European Economic Area.
A-Kruunu Oy uses an external service provider to manage the Whistleblowing system and process reports. In this case, personal data is transferred to an external service provider
only to the extent necessary to implement the Whistleblowing-channel.
Information collected under the Land Use and Building Act, the Act on the Contractor's Obligations and Liability, the Occupational Safety and Health Act and the Act on Taxation Procedures shall be kept for six years after the end of the year in which the site or work was completed or ended. If other retention periods are laid down in the law, we will comply with these. The data collected on the basis of contracts shall be kept for ten years from the termination of the contractual relationship and the fulfilment of the resulting obligations.
The person's data shall be kept in the stakeholder register until the person concerned ceases acting in the position which was the reason for them being originally entered in the register.
The information collected in the job application process is kept for two years after the end of the application period, unless the application results in an employment relationship.
The data to be stored in the Whistleblowing register shall be kept for as long as necessary for the purpose of monitoring or due to legal obligations.
As a rule, report data is stored for 90 days from the confirmation of the report, unless it is necessary to keep the data further due to ongoing criminal investigation, trial or investigation by the authorities, or in order to safeguard the rights of the person making the report or the person who is the subject of the report.
Data is collected in databases that are protected by firewalls, passwords and other technical means. There are restricted access rights to data stored in the IT system, and these access rights are protected by a user name and password.
Manual material is stored in a locked and monitored location.
A-Kruunu's reporting channel has been implemented in the First Whistle system of Juuriharja Consulting Group Oy. The electronically processed data contained in the register are protected by firewalls, passwords and other technical means generally accepted in the security sectors.
Technically, each report made through the A-Kruunu reporting channel includes:
- an identifier, a number that only the declarant knows
- information on the status of the relevant report: received / processing / processed
- additional requests and answers without details
Only identified controllers shall have access to the data contained in the register with the right granted by the controller. The declarant can only see their own notification in the system.
How can you check and update your personal data in the register?
On the basis of the Data Protection Law, the data subject has the right to check what information relating to them is stored in the personal register. You can send an inspection request to vuokraus@a-kruunu.fi.
We will respond to the request no later than one month after it has been submitted and at the same time we will verify the identity of the person making the request. The data subject may request the rectification of incorrect data, in which case the controller shall decide on the rectification of the data.
You have the right to lodge a complaint with the Data Protection Ombudsman at tietosuoja@om.fi if you believe that we, in our role as the controller, have not complied with the data protection regulations in force.