Privacy policy
Client register privacy policy
1. Controller
TA-Yhtymä Oy and Maapohjola Oy (on behalf of all subsidiaries of the TA-Yhtymä and Maapohjola Groups, hereinafter referred to as “TA”)
Kutojantie 6-8, 02630 Espoo
Tel. 04577343777
2. Contact person in matters concerning the register
Lawyer Liisa Salmela
Kutojantie 6-8, 02630 Espoo
Tel. +358 (0)40 9222 860
3. Register name
TA Client register (hereinafter referred to as “the Register”).
4. Legal basis for the processing of personal data
The processing of personal data is based on the legitimate interest of TA or the client, an agreement between TA and the client, the consent provided by the client or compliance with a legal obligation.
The legitimate interest of TA is related to the client relationship between TA and the client or TA’s commercial interests, such as the measurement of client satisfaction, service quality control or the development of services. TA’s legitimate interest may also be related to the assessment and control of risks as well as the protection of rights and property.
Based on the agreement, personal data that the client provides when applying for an apartment or during the contractual relationship are processed.
The personal data are processed for the purpose of digital direct marketing if the client has provided their consent for the processing of their personal data. The client has the right to withdraw their consent.
5. Purposes of processing personal data
TA processes the personal data of its clients insofar as necessary for the purpose of renting apartments and providing housing agency services as well as the maintenance of properties.
The processing of personal data is based on the client having applied for a TA apartment, living in a TA apartment, having previously lived in a TA apartment, requesting information about vacant/soon-to-be-vacant TA apartments or subscribing to the TA newsletter.
TA uses the personal data of its clients for the following purposes, among others:
- resident selection
- reservation management
- establishment and management of rental and right-of-occupancy agreements
- management and development of client relationships
- ensuring and carrying out the rights and obligations of the lessor/building owner
- property maintenance and defect report management
- rent and maintenance charge accounting and other payment traffic management
- marketing and communications
- customer service
- client communications
- housing counselling, resident democracy, resident activities, client surveys and client announcements
- service development, production, delivery and provision
- business management and development
- statistics
- advertisement, marketing and market research related to the services and products of other companies within the Group as well as direct marketing, if the client has provided their consent for this
- delivery of the newsletter, client event invitations and bulletins
- ensuring safety and legal protection.
6. Personal data to be processed
The Register may include the following information on rental and right-of-occupancy apartment applicants, tenants and right-of-occupancy holders and their spouses, joint payers, other residents, attorneys, subtenants and secondary tenants and apartment buyers:
Basic data
The person’s name, date of birth, personal identity code or another identifier such as passport number if the person has no personal identity code, phone number, email address, address and language used in the provision of services.
Data regarding the need for housing and resident selection
Waiting number and data regarding previous address and apartment, employment, profession, duration and type of employment relationship, income and wealth, tax, debt and debt arrangements, residence permit, guardianship and representation, credit and payment behaviour, housing allowance and other information submitted by the client, such as health information, marital status and gender.
Data related to housing
Non-disclosure of information decreed by an authority, distraint data, security deposit data, authorisation data, rental and right-of-occupancy agreement data, invoicing, payment and collection event data, deed of sale data, pledge data, rent and maintenance charge payment data, participation in activities arranged by the lessor or building owner, participation in resident committee activities, bank account data for the purpose of refunds or reimbursement, possible marketing consent and prohibition, key and access data if the apartment is equipped with a digital lock system, communications with a TA representative and data related to the service transactions carried out by the personnel.
Call recordings
TA also collects call recording data as far as calls between customers and employees belonging to certain TA personnel groups are concerned. These personnel groups of the registrar include sales staff, property managers, property managers, property secretaries and customer service. When registered persons belonging to these groups call customers or customers call them on business matters, the voice and personal data of the customers appear on the call recordings.
Other data
Information system access and related restriction data, name and email address of access rights holders, usernames and passwords and the log data stored during the use of information systems.
The systems may store the IP addresses and internet access data of persons accessing the TA website retrieved by the means of cookies.
In addition, TA may collect camera surveillance data for the purpose of ensuring safety and legal protection in TA’s premises, properties and their exterior areas, such as the vicinity of entrances, waste collection points and parking garages. The camera surveillance data are used in the investigation of criminal activities and damages and, if necessary, to identify any persons accessing the premises.
7. Sources of obtaining personal data
In principle, TA obtains the client’s personal data from the apartment application form and the related appendices submitted by the client. In addition, TA obtains personal data from the client during the validity of the client relationship. Personal data may also be collected from cohabiting partners, maintenance companies, contractors and real estate and rental agencies. Personal data may also be collected from and updated based on the information of the Suomen Asiakastieto Oy credit register and authorities such as the Digital and Population Data Services Agency, National Enforcement Authority Finland and the Social Insurance Institution of Finland Kela.
8. Disclosure and transfer of personal data
TA does not publish any personal data it collects and complies with the confidentiality obligation with regard to personal data, unless required otherwise by legislation or for the establishment, exercise or defence of legal claims.
The data are not transferred outside TA with the exception of for the purpose of carrying out an outsourced service, such as the management of a client relationship or service, property maintenance services, a part of collection, construction or repair services and operative contractual partners that are bound by the confidentiality principle and data processing agreements as well as parties such as certain authorities that, in accordance with legislation, have the right to access the data. The data are disclosed only insofar as necessary and legally required.
In the case of state-subsidised Arava apartments, interest-subsidised rental apartments and right-of-occupancy apartments, the Housing Finance and Development Centre of Finland (ARA) and municipalities and, in the case of apartments in the Hitas system, the City of Helsinki act as supervisory authorities that are authorised to access the data they require in order to carry out supervisory activities. TA also discloses data to the ARA waiting number register. Furthermore, data may be disclosed to the City of Helsinki for the purpose of selecting residents for Hitas apartments. Kela has the right to receive data on its beneficiaries.
The data are not disclosed or transferred outside the EU or the European Economic Area or to international organisations.
9. Storage periods of personal data
The personal data of a client who has submitted an apartment application are stored for three years from the date on which the client has initiated the latest application/reservation process, unless a rental or right-of-occupancy agreement has been concluded with the client.
The data related to a rental or right-of-occupancy agreement or the purchase of an apartment are stored for ten years from the end date of the latest contractual relationship, the date of a purchase and the obligations related to the contractual relationship of both parties have been fulfilled. This storage period applies to all persons living/having lived in an apartment as well as other dialogue/communications with the resident. The storage period applied is based on statutory limitation periods for legal claims and prescription periods.
In the case of data stored in the client register, storage periods required by legislation, including the Accounting Act, are applied. The data required by the Accounting Act are stored for as long as required by the Accounting Act.
Possible information system access management data are stored for six years from the date of the removal of the access rights.
The data collected by the means of cookies are stored, depending on the nature of cookies, for a maximum of three years.
Camera surveillance data are stored for 50 days from the date of recording the material. The recordings are deleted automatically after this period. The data may be stored for a longer period of time if there are grounds for this (e.g. compliance with a legal obligation or for the establishment, exercise or defence of legal claims).
The locking system logs store about 500 of the latest lock opening events for each lock. The locking system log data of the systems used by TA are normally stored for an average of 2–3 months from the date of the log event. In connection with the investigation of damages or a property offence, we may store the event log data for as long as necessary in order to claim compensation, comply with a legal obligation or for the establishment, exercise or defence of legal claims.
The companies acting as registrars keep call recordings and the personal data they contain, basically, for three years after the recording of the material. Recordings older than this are automatically destroyed.
After the storage period stated here has ended, the data are either deleted or anonymised so that the data of individual users cannot be identified.
10. Register protection principles
TA complies with the legislative and official provisions and the TA data protection and data security policy with regard to the protection of the personal data of its clients. The personal data can only be processed by persons required to access the data for the purpose of carrying out their duties.
TA stores the manual material reliably in locked and supervised premises. Only persons appointed by TA can access the digital material with a personal username and password. Access rights to the registers are specified based on duties. TA’s internal processes are applied in the specification of access rights. The databases and networks used to store the data are protected with organisational and technical measures. The supervision and protection of the Register comply with the provisions applied in the EU.
11. Client’s rights
The client has the right to access their data.
The client has the right to know whether TA is processing personal data on them, and if so, the client has the right to inspect what personal data on them have been stored by TA. TA may request the client to sufficiently specify what personal data or processing operations the client’s request applies to. The client’s right to obtain the personal data may be limited by virtue of the General Data Protection Regulation, or it can be rejected if the provision of personal data would have a harmful effect on the rights and freedoms of others. Such protected rights include TA’s business secrets and the personal data of another person. The client’s right may also be limited by national legislation.
The aim is to enforce the right to inspection without delay, but the maximum deadline for fulfilling the request is one month. If there are more than one or complex requests, the controller may indicate in its response that it needs more time to process them. However, in this case, the right to inspection is enforced with a maximum deadline of three months from the presentation of the request. If the client’s right to inspection is manifestly unfounded or unreasonable, especially if the client presents inspection requests repeatedly or requests several copies, TA may collect a fee based on the administrative costs of carrying out the request or refuse to act on the request.
Right to rectification
The client has the right to request TA to rectify any inaccurate and incorrect personal data on them without undue delay. Any incorrect personal data detected can be rectified once TA receives the correct personal data from the client or another reliable source. After receiving information about or detecting incorrect data, the client must without undue delay rectify, delete or complete any personal data contrary to the purpose of the Register and any incorrect, unnecessary, incomplete or obsolete personal data on their own initiative. The client is responsible for the confidentiality of a potential user-specific username and how it is used to access systems. In principle, certain personal data such as sound or image on video or call recordings cannot be corrected or corrected.
Right to erasure (right to be forgotten)
Upon the client’s request, TA must delete the personal data on the client without undue delay if any of the following prerequisites is met:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The client objects to the processing of personal data and there are no legitimate grounds for the processing.
- The client objects to the processing of their personal data for the purpose of direct marketing (processing remains possible for other purposes).
- The personal data are unlawfully processed.
Even if one of these prerequisites is met, the personal data do not need to be deleted if the processing is necessary in order to fulfil a statutory obligation based on EU law or national legislation or for the establishment, exercise or defence of legal claims.
Right to object to processing of personal data
The client has the right to object to the processing of their personal data on grounds relating to their particular situation if the personal data are processed on the basis of legitimate interest.
The client does not have the right to object to the processing of their personal data if the processing is based on an agreement between TA and the client.
If the client has objected to the processing of their personal data on grounds relating to their particular situation, the client must specify the particular situation based on which they are objecting to the processing based on legitimate interest. TA has the right to continue the processing of personal data regardless of the objection if there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the client or for the establishment, exercise or defence of legal claims.
The client has the right to object to the use of the personal data on them for the purpose of direct marketing at any time. If the client objects to the processing of personal data for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Right to restriction of processing
Upon the client’s request, TA must restrict the active processing of personal data in the following circumstances:
- The accuracy of the personal data is contested by the client, in which case the processing must be restricted for a period enabling TA to verify the accuracy of the personal data.
- The processing is unlawful and the client opposes the erasure of the personal data and requests the restriction of their use instead.
- TA no longer needs the personal data for the purposes of the processing of personal data, but they are required by the client for the establishment, exercise or defence of legal claims.
- The client has objected to the processing of personal data and the verification of whether the legitimate grounds of TA override those of the client is pending.
For the duration of the restriction of processing, the personal data can principally be only stored. The personal data may be processed for the establishment, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest.
Right to data portability
Insofar as the client themselves have provided TA with personal data processed with the assistance of automated information processing and based on an agreement between TA and the client, the client has the right to obtain these personal data primarily in a machine-readable format and to transmit the personal data from TA to another controller, if technically possible.
Right to lodge a complaint with a supervisory authority
The client has the right to lodge a complaint with a competent supervisory authority if the client considers that TA has not complied with the applicable data protection regulations in its activities. The Office of the Data Protection Ombudsman’s phone number is +358 (0)29 5666 700 and the email and street addresses are tietosuoja(at)om.fi and Lintulahdenkuja 4, 00530 Helsinki. The website of the Data Protection Ombudsman can be accessed at https://tietosuoja.fi/en/home.
12. Requests related to the exercise of the client’s rights
In any matters related to the processing of personal data and the exercise of personal rights, the client may contact the TA contact person specified in section 2.
Requests related to the right to inspection or the exercise of other client rights must be made in writing by email at tietosuoja@ta.fi or mailed to the address TA-Yhtiöt/Tietosuoja, Knitter Business Park, Kutojantie 6–8, 02630 Espoo. Requests can also be presented in person at any TA office. An inspection request template can be found on the TA website, and it can be picked up from any TA office.
To ensure that the client’s personal data are not disclosed to anyone but the client themselves, TA may ask the party presenting the request to verify their identity with an official identity card or another reliable manner.
Privacy policy updated on 15 August 2023
Job applicant register privacy policy
1. Controller
TA-Yhtymä Oy and Maapohjola Oy (on behalf of all subsidiaries of the TA-Yhtymä and Maapohjola Groups, hereinafter referred to as “TA”)
Kutojantie 6-8, 02630 Espoo
Tel. 04577343777
info@ta.fi
2. Contact person in matters concerning the Register
Lawyer Liisa Salmela
Kutojantie 6-8, 02630 Espoo
Tel. +358 (0)40 9222 860
tietosuoja@ta.fi
3. Register name
TA job applicant register (hereinafter referred to as “the Register”).
4. Legal basis for the processing of personal data
The processing of the applicant’s personal data is based on the applicant’s consent or TA’s legitimate interest. The legitimate interest of TA may be related to the establishment, exercise or defence of legal claims.
5. Purposes of processing personal data
TA processes the personal data of the applicant for the purpose of carrying out and managing recruitment operations. The processing of personal data is based on the applicant applying for a job at TA. The job application may be related to a specific position or it may be an open application. The data obtained from the applicant are processed for the purpose of assessing the aptitude of the applicant and contacting the applicant in matters related to the application and selection process.
TA may process the personal data in the register for the purpose of fulfilling statutory obligations related to the selection of employees and for the establishment, exercise or defence of legal claims. The applicant’s personal data may also be processed for statistical purposes.
TA may carry out camera surveillance in its premises to ensure the personal safety of its employees and other individuals visiting the premises, to protect property and to prevent and investigate situations that compromise the property and safety. If the applicant visits the premises of TA, the camera surveillance systems may store video material of the applicant.
6. Personal data to be processed
The register may include the following personal data:
Basic data
First and last name, email address, home address, phone number, citizenship, gender, date of birth and native language.
Data related to employment history
Previous employers, duties, department, start and end date and duration of employment relationships, job descriptions, references and their contact information and job certificates.
Data related to education
Basic education, year of completion, degrees, educational specialisation, major subject, percentage completion of an incomplete degree, educational institution and study certificates.
Qualifications
Language skills, representative positions, completed courses and qualifications and data related to expertise.
Call recordings
Calls are recorded only for certain work phone numbers used by personnel groups working in the customer interface. These groups include sales staff, property managers, property managers, property secretaries and customer service staff. When the registered persons belonging to these groups make or are called on business matters, the call recordings also contain the voice and personal data of customers, representatives of other personnel groups and other persons with whom the persons belonging to the mentioned personnel groups deal with business matters. When people belonging to those personnel groups, whose work numbers are included in the scope of recording, make work calls, both the calls they make to others and the calls they receive are recorded. Calls are recorded regardless of whether these calls are made or received from outside or internal numbers. This means that the call recordings also include calls from persons belonging to personnel groups employed by the data controllers, whose work numbers are otherwise not included in the recording.
Other data
Photo, LinkedIn profile, application letter, résumé, preferred salary, position applied for, information related to the progress of the recruitment process, results of an aptitude assessment, credit score report, hobbies and other information submitted by the applicant to advance the process of selection. The systems may also store the IP addresses and internet access data of persons accessing the TA website retrieved by the means of cookies.
If the applicant visits the premises of TA, the camera surveillance systems may store video material of the applicant. TA may carry out camera surveillance in its premises to ensure the personal safety of its employees and other individuals visiting the premises, to protect property and to prevent and investigate situations that compromise the property and safety. Camera surveillance is not used to monitor any specific job applicant(s). Bathrooms, locker rooms or any other similar areas or staff facilities are not equipped with camera surveillance.
7. Sources of obtaining personal data
In principle, TA obtains the applicant’s personal data from the job application and the related appendices submitted by the applicant. Furthermore, TA may retrieve personal data on the applicant from the parties the applicant has specified as sources of additional information in the job application or in an interview. If TA carries out a personal assessment with the consent of the applicant, TA obtains personal data on the applicant from the party carrying out the assessment. TA obtains credit score reports from Alma Talent Oy.
TA may also obtain personal data on the applicant from a temporary workforce service provider, in which case the service provider is the employer of the applicant selected for the vacancy. In this case, the temporary workforce service provider is the controller and TA is the processor of personal data.
Camera surveillance recordings are obtained from those properties and premises where camera surveillance is in use. The employer receives call recordings from the system used to deliver call solutions, which defines the employees’ work phone numbers to which incoming and outgoing calls are recorded.
8. Disclosure and transfer of personal data
TA does not publish any personal data it collects and complies with the confidentiality obligation with regard to personal data, unless required otherwise by legislation or for the establishment, exercise or defence of legal claims.
The applicant’s personal data are not transferred outside TA, with the exception of any possible parties that carry out the employee recruitment or personal assessment on behalf of TA. TA’s contractual partners are bound by the confidentiality principle and a data processing agreement. TA may also disclose the personal data to any party that has a statutory right to access the data. The data are disclosed only insofar as necessary and legally required.
The data are not disclosed or transferred outside the EU or the European Economic Area or to international organisations.
9. Storage periods of personal data
TA primarily stores the personal data of applicants for two years from the date of selecting an applicant for a vacant position.
The data collected by the means of cookies are stored, depending on the nature of cookies, for a maximum of three years.
The camera surveillance material recorded from TA’s premises are commonly stored for 50 days from the date of recording. The camera surveillance recordings are stored in Finland and they are not transferred outside the EU or EEA. However, the data may be stored for a longer period of time than 50 days if there are grounds for this (e.g. compliance with a legal obligation or for the establishment, exercise or defence of legal claims).
TA may store the personal data of applicants for as long as necessary for the purpose of processing personal data with regard to the storage periods and statutory limitation periods for legal claims and prescription periods arising from legislation, including but not limited to the Employment Contracts Act, Occupational Safety and Health Act, Accounting Act and Tax Prepayment Act.
10. Register protection principles
TA complies with the legislative and official provisions and the TA data protection and data security policy with regard to the protection of the personal data of the applicants. The personal data can only be processed by persons required to access the data for the purpose of carrying out their duties.
TA stores the manual material reliably in locked and supervised premises. Only persons appointed by TA can access the digital material with a personal username and password. Access rights to the registers are specified based on duties. TA’s internal processes are applied in the specification of access rights. The databases and networks used to store the data are protected with organisational and technical measures. The supervision and protection of the Register comply with the provisions applied in the EU.
11. Applicant’s rights
Applicant’s right to access their data
The applicant has the right to know whether TA is processing personal data on them, and if so, the applicant has the right to inspect what personal data on them have been stored by TA. TA may request the applicant to sufficiently specify what personal data or processing operations the applicant’s request applies to. The applicant’s right to obtain the personal data may be limited by virtue of the General Data Protection Regulation, or it can be rejected if the provision of personal data would have a harmful effect on the rights and freedoms of others. Such protected rights include TA’s business secrets and the personal data of another person. The applicant’s right may also be limited by national legislation.
The right to inspection is enforced without delay with a maximum deadline of three months from the presentation of the request. If the applicant’s right to inspection is manifestly unfounded or unreasonable, especially if the applicant presents inspection requests repeatedly or requests several copies, TA may collect a fee based on the administrative costs of carrying out the request or refuse to act on the request.
Right to rectification
The applicant has the right to request TA to rectify any inaccurate and incorrect personal data on them without undue delay. Any incorrect personal data detected can be rectified once TA receives the correct personal data from the applicant or another reliable source. After receiving information about or detecting incorrect data, the applicant must without undue delay rectify, delete or complete any personal data contrary to the purpose of the Register and any incorrect, unnecessary, incomplete or obsolete personal data on their own initiative. The applicant is responsible for the confidentiality of a potential user-specific username and how it is used to access systems.
Right to erasure (right to be forgotten)
Upon the applicant’s request, TA must delete the personal data on the applicant without undue delay if any of the following prerequisites is met:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The applicant withdraws their consent on which the processing has been based on and there is no other legal basis for processing.
- The personal data are unlawfully processed.
- The personal data must be deleted for compliance with a legal obligation in Union or Member State law.
Even if one of these prerequisites is met, the personal data do not need to be deleted if the processing is necessary in order to fulfil a statutory obligation based on EU law or national legislation or for the establishment, exercise or defence of legal claims.
Right to object to processing of personal data
The applicant has the right to object to the processing of their personal data on grounds relating to their particular situation if the personal data are processed on the basis of legitimate interest.
The applicant does not have the right to object to the processing of their personal data if the processing is based on an agreement between TA and the applicant.
If the applicant has objected to the processing of their personal data on grounds relating to their particular situation, the applicant must specify the particular situation based on which they are objecting to the processing based on legitimate interest. TA has the right to continue the processing of personal data regardless of the objection if there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the applicant or for the establishment, exercise or defence of legal claims.
Right to restriction of processing
Upon the applicant’s request, TA must restrict the active processing of personal data in the following circumstances:
- The accuracy of the personal data is contested by the applicant, in which case the processing must be restricted for a period enabling TA to verify the accuracy of the personal data.
- The processing is unlawful and the applicant opposes the erasure of the personal data and requests the restriction of their use instead.
- TA no longer needs the personal data for the purposes of the processing of personal data, but they are required by the applicant for the establishment, exercise or defence of legal claims.
- The applicant has objected to the processing of personal data and the verification of whether the legitimate grounds of TA override those of the applicant is pending.
For the duration of the restriction of processing, the personal data can principally be only stored. The personal data may be processed for the establishment, exercise or defence of legal claims or for the protection of the rights of another person or for reasons of important public interest.
Right to data portability
Insofar as the applicant themselves have provided TA with personal data processed with the assistance of automated information processing and based on an agreement between TA and the applicant or the consent of the applicant, the applicant has the right to obtain these personal data primarily in a machine-readable format and to transmit the personal data from TA to another controller, if technically possible.
Right to lodge a complaint with a supervisory authority
The applicant has the right to lodge a complaint with a competent supervisory authority if the applicant considers that TA has not complied with the applicable data protection regulations in its activities. The Office of the Data Protection Ombudsman’s phone number is +358 (0)29 5666 700 and the street address is Lintulahdenkuja 4, 00530 Helsinki.
12. Requests related to the exercise of the applicant’s rights
In any matters related to the processing of personal data and the exercise of personal rights, the applicant may contact the TA contact person specified in section 2.
Requests related to the right to inspection or the exercise of other applicant rights must be made in writing by email at tietosuoja@ta.fi or mailed to the address TA-Yhtiöt/Tietosuoja, Kutojantie 6–8, 02630 Espoo. Requests can also be presented in person at any TA office. An inspection request template can be found on the TA website, and it can be picked up from any TA office.
To ensure that the applicant’s personal data are not disclosed to anyone but the applicant themselves, TA may ask the party presenting the request to verify their identity with an official identity card or another reliable manner.
Privacy policy updated on 16 January 2024
Sivu päivitetty viimeksi: 11.12.2024