Statement on customer, partner and marketing data protection

Updated: 8 September 2023

1. Register keeper

AVIA Properties 2 Oy (VAT FI33628494)
Rahtitie 3
01530 Vantaa
FINLAND
(further “we” or ”AP2”)

2. Contact person in register matters

Niina Kemi
Rahtitie 3, 01530 Vantaa
FINLAND
info@aviarealestate.fi

3. Register name

Avia Properties 2 Oy Statement on customer, partner and marketing data protection.

Customers are both long- or short-term tenants and users of business premises, conference rooms, meeting rooms, sauna and parking facilities (excluding users of Koy Vantaan Kolmiparkki parking for which there is a separate data protection statement), as well as the contact persons of contracting parties and stakeholder groups.

Potential customers are parties who have contacted us, for example, through the website contact form.

4. Which personal information do we process and why, on what legal basis?

Collection of personal information is conditional on the establishment of our contractual and/or customer relation. Without the necessary personal information we are unable to fulfil the tenant obligations, deliver the product and/or the service.

TYPES OF PERSONAL DATA PURPOSE OF PROCESSING LEGAL BASIS
Basic information of the registered such as name, customer number and language of communication

Contact details of the registered such as e-mail address, telephone number, address

Information concerning corporate customers and their contact persons such as names, titles and contact details of contact persons

Information related to parking  such as plate number, payment data, parking time, holder of parking card

Delivery, arrangement and development of our services Legal interest
Fulfilment of our contractual and other promises and obligations Enforcement of contract
Digital direct marketing  (incl. online questionnaires and surveys) Consent (private persons) or legal interest (businesses).
Management of our customer relations incl. arrangement of events, sending customer satisfaction surveys Legal interest
Direct marketing consents and bans Digital direct marketing  (incl. online questionnaires and surveys) Consent (private persons) or legal interest (businesses).
Personal information collected at events such as registrations for event, special diets, billing information Arrangement of events Legal interest
Consent
Information related to customer relation, potential customer relation and/or contracts such as information on offers submitted, earlier and current contracts and assignments, information related to keeping contact, billing information Fulfilment of our contractual and other promises; submittal of offers Enforcement of contract
Management, development and maintenance of potential or existing customer relation Legal interest
Technical data on connection and terminal device data

such as IP address, device ID or other identification data and cookies*

Behaviour analysis, profiling Consent

*for cookies, see cookie policy

5. Where do we get information from?

We get information primarily from the following sources: from yourself, from the systems you use, credit card companies, providers of contact detail services and other similar reliable parties.

In addition, we may also collect and update such personal information for the purposes described in this data protection statement as is in public domain and based on information received from the authorities or other third parties within the limits of applicable legislation. Such updating of information is carried out manually or by automatic means.

6. To whom do we submit or transfer information; do we transfer information outside the EU or the EEA?

As the main rule, information is not submitted to outsiders. Some selected information may be submitted for carrying out a targeted marketing campaign assigned to a third party by the register keeper. We submit personal information based on legislation to the authorities, such as the police, the tax authority and similar, if obliged to do so under valid legislation.

We use subcontractors for processing personal information on our behalf. We have outsourced the IT management to an outside service provider who administers and protects the server where the personal information is saved.

In addition, we have outsourced to outside service providers the facility maintenance, cleaning and reception services, security and access control services of our properties (incl. CCTV camera surveillance) and services related to car parking.

As the main rule, we do not transfer personal information outside the EU / the EEA. However, the IT management services we use may give the service provider access to the information also from outside the EU / the EEA. Whenever personal information is processed from outside the EU or the EEA, we will see to it that the service provider is committed to observe protective measures under the General Data Protection Regulation, such as the standard clauses applicable to personal data processing issued by the EU.

7. How do we protect the information and for how long will we keep it?

Only those employees of our company are allowed to use the system containing personal information who are entitled to process such information owing to their work duties. Each user has a separate username and password to the system. The information is collected to data bases protected by firewalls, passwords and other technical means. The data bases and their back-up copies are located in locked premises, and the information can only be accessed by certain persons who have been assigned the task in advance.

We make regular assessments to establish whether it is necessary to keep the saved information under applicable legislation. In addition, we ensure such reasonable measures as enable making sure that the information saved in the registers does not contain incompatible, expired or faulty personal information considering the purpose of processing. We correct or delete any such information without delay.

8. What are your rights as the registered?

You have a right to verify the information that is saved in the personal register on you, and a right to require correction or removal of any faulty, expired or unnecessary information or information that goes against law.

You have a right to object to, or ask for restriction of, the processing of your data, or a right to file a complaint on the processing of your personal information to the supervisory authority.

For special reasons of personal nature you also have a right to object to the processing measures related to information concerning you in case the information is processed based on legal interest. When you make the demand, you must describe  the specific situation in basis of your objection. We can refuse from fulfilment of your request concerning the objection only on legal grounds.

9. Whom can you contact?

All communications and requests concerning this statement must be presented in writing or in person to the contact person mentioned in Section two (2).