Privacy Policy

1. Data controller

For questions on processing personal data related to rental operations, please contact:

Kiinteistö Navigare Oy

Y-tunnus: 2345437-1

Pasi Venho

Jousitie 5, 20760 Kaarina

+358 4054 144 50

pasi.venho@navigarekiinteistot.fi

2. Purpose of processing personal data

In rental operations, personal data is collected to select a tenant, enter into the lease agreement, manage the lease, and develop rental operations. If the security deposit is given by way of a personal guarantee, personal data is also collected to make a guaranteed obligation.

Processing of personal data is based on an agreement between the tenant or the person providing a guaranteed obligation or on performing pre-agreement actions at the request of an applicant. Processing of personal data can also be based on tenant consent. For other persons living in the same apartment with the tenant, for the tenant’s contact person (if any), and for a secondary tenant, the processing is based on the landlord’s legitimate interest.

3. Data included in the registry

The following data is stored in the rental operations registry:

Name, address, phone number, and email address
Tenant’s and guarantor’s social security number or business ID, birth year for other residents
Information related to the lease
Information related to invoicing and collecting
Financial information to evaluate financial standing
Information concerning the need for an apartment
Other information disclosed by the tenant when applying
Opt-ins and opt-outs (such as opt-out of direct marketing if data is used for direct marketing purposes)

4. Data sources and data retention

Data concerning the applicant is primarily collected from the applicant. Applicant’s credit information is checked with a credit information or enforcement registry maintained by a party specialized in credit references. If an application fails to lead to an agreement, data concerning the applicant is retained for as long and to the extent necessary for selecting a tenant and for any related legal actions.

Data concerning the tenant and the persons living in the same apartment, tenant’s contact person (if any), secondary tenant, and guarantor are primarily collected from the tenant and the guarantor. Tenant’s and guarantor’s credit information is checked with a credit information or enforcement registry maintained by a party specialized in credit references. Data related to the lease is retained for the entire duration of the lease. The controller shall not retain personal data for longer than is necessary for use. The personal data of the tenant will be kept for the duration of the tenancy and a period of 5 calendar years after the end of the tenancy. Data relating to an unsuccessful rental housing application personal data including the application and its annexes will be kept for 6 months after submission of the application.

If a rental broker is used for selecting the tenant and managing the lease, data concerning the applicant, tenant, and guarantor are provided by the broker.

5. Disclosure of data

As a rule, data stored in the rental operations registry are not disclosed to other parties nor transferred outside the European Union or the European Economic Area.

The tenant’s name, contact information, and information regarding the lease can be disclosed to the housing company’s list of residents.

6. Data protection

All processing of personal data respects the privacy of the individuals in the registry, and access to the data is only available to those who require it for carrying out their duties.

The data is stored in electronic systems and protected with user-specific IDs, passwords, and access rights. The data registry is backed up regularly. Documents printed on paper are stored securely and protected from external access.

7. Rights of the data subject

The data subject is entitled to review the data stored in the registry and demand correction or removal of any erroneous or inaccurate information. The data subject’s data can be removed at the request of the data subject if the legal basis for processing the data no longer exists.

Any requests for reviewing or rectifying the data must be presented to the data controller in writing. Reviewing the data and demanding rectification are free of charge.

The data subject can opt out of data processing for direct marketing.

The data subject is entitled to file a notice of appeal regarding the data controller’s actions to a supervisory authority. In Finland, the data protection ombudsman is the national GDPR supervisory authority.

Privacy Policy

Data controller

Kiinteistö Navigare Oy

Business ID: 2345437-1

Jousitie 5, 20760 Kaarina, Finland

Pasi Venho

Jousitie 5, 20760 Kaarina, Finland

+358 4054 144 50

pasi.venho@navigarekiinteistot.fi

Purpose and legal basis for processing of personal data

The data controller processes personal data only to the extent necessary for apartment rental and brokerage operations, as well as for property maintenance.

The processing of personal data is based on one or more of the following conditions: The person has applied for an apartment from the data controller, the person resides in an apartment owned by the data controller, the person has previously resided in an apartment owned by the data controller, or the person has requested information about available or soon-to-be-available apartments.

The data controller uses personal data for purposes such as tenant selection, creation and management of lease agreements, maintenance and development of the tenancy relationship, fulfilment of the rights and obligations of the landlord/housing company, property maintenance and fault reports, rent and maintenance fee accounts and other payment transactions, marketing and communication, customer service, customer communication, housing counselling, tenant activities, business management and development, sending newsletters, tenant event invitations and notices, and ensuring security and legal protection.

The processing of personal data is based on an agreement between the data controller and the person, a consent given by the tenant, or compliance with a statutory obligation.

The data processed under an agreement consists of personal data provided by the tenant when applying for an apartment or during the contractual relationship.

Personal data being processed

The register may contain the following information about applicants for rental apartments, tenants, their spouses, joint payers, other persons moving in, representatives, sub- and re-tenants, and apartment buyers:

Basic information, such as the person’s name, date of birth, personal identity code or, in the absence of a personal identity code, an identifier from a travel document, such as passport number, telephone number, email address, and language of communication.

Information related to housing needs and tenant selection, such as previous address and information about the previous apartment, employment, profession, duration and nature of employment, income and asset information, tax information, debt and debt restructuring information, residence permit information, guardianship or trusteeship information, credit and payment behaviour information, and housing allowance information.

Sources of personal data

The data controller primarily collects personal data from the apartment application form filled out by the person and its attachments. In addition, the data controller receives personal data from the person themselves during the tenancy relationship. Personal data may also be collected and updated from private credit information registers and from authorities.

Disclosure and transfer of personal data

The data controller processes personal data for the purposes stated in this privacy policy. Personal data is not disclosed to external parties unless required by law. In such cases, information may exceptionally be disclosed to an authority as required by law.

Personal data is not transferred outside the data controller, except in cases where third parties perform tasks on its behalf, such as maintenance of a customer relationship management system, management of customer relationships or services, property management and maintenance services, rent control, debt collection, construction, or repairs. The data controller’s contractual partners have a contractual relationship with the data controller and may only use personal data to benefit the data controller and may not disclose personal data to third parties. Personal data may also be disclosed to authorities legally entitled to access such information. Information is only disclosed to the extent necessary or as required by law.

Data is not transferred or disclosed outside the EU or EEA area or to international organizations.

Personal data retention period

The data controller does not retain personal data longer than necessary for its intended purpose.

The tenant’s personal data is retained for the duration of the tenancy relationship and for 5 calendar years after the termination of the tenancy relationship. Personal data related to a rejected rental apartment application, including the application and its attachments, is retained for 6 months after the submission of the application.

Principles of register protection

The data controller complies with legislation and regulatory requirements for the protection of personal data. Personal data is processed only by persons authorized to do so by virtue of their duties. Physical documents are stored in a locked space to which only pre-defined persons have access. Electronic files are accessible only to pre-defined persons, and access requires login credentials.

Data subject’s rights

The data subject has the right to know whether the data controller processes their personal data, and if so, the data subject has the right to inspect what personal data has been stored about them.

The data subject has the right to demand that the data controller rectifies inaccurate or incorrect personal data. Incorrect personal data can be corrected when the data controller receives the correct information from the person themselves or from another reliable source.

The data subject has the right to request the deletion of their personal data if the personal data is no longer needed for the purposes for which it was collected or processed, or if the data subject withdraws the consent on which the processing of personal data has been based, and there is no other legal basis for the processing, or if the personal data has been processed unlawfully. However, the data controller cannot delete personal data if the processing is necessary for compliance with a statutory obligation based on EU law or national legislation, or for the establishment, exercise, or defence of a legal claim.

The data subject has the right to request the data controller to restrict the processing of their personal data if the data subject disputes the accuracy of their personal data and if their processing is unlawful and the data subject requests the restriction of their use instead of deletion, or if the data controller no longer needs the personal data, but the data subject needs it for the establishment, exercise, or defence of a legal claim. During the restriction of processing, personal data may generally only be stored. However, personal data may be processed for the establishment, exercise, or defence of a legal claim, for the protection of the rights of another person, or for important public interest reasons.

The data subject has the right to lodge a complaint with the competent supervisory authority if the data subject considers that the data controller has not complied with applicable data protection regulations.

Requests related to the exercise of data subject’s rights

In matters concerning personal data processing and in situations related to the exercise of their rights, the data subject can contact the register contact person mentioned above.

To ensure that the data subject’s personal data is not disclosed to anyone other than the data subject themselves, the data controller may ask the requester to prove their identity with an identity document or in another reliable manner. Kiinteistö Navigare Oy