Privacy Notice for the customer register of Lahden Talot

Updated on March 8, 2022

1 Data controllers and contact details for matters related to the privacy

Lahden Talot Group, Mariankatu 19, 15110 Lahti, Finland; tel. +358 3 851 570

Lahden Talot Oy (1108275-0)

Lahden Asunnot Oy (2108080-4)

Lahden Palveluasunnot Oy (2110856-3)

The group’s data-protection officer:

In its role as a data controller, each company that is part of the Lahden Talot Group is responsible for processing the personal data of its respective customers. Lahden Talot Oy maintains the personal data of the customers of all companies belonging to the group and processes said data for administrative purposes and in connection with the planning and development of the group’s business operations.

2 For what purposes and on what grounds do we process your personal data?

The data processing is based on an agreement, such as a rental application or rental agreement, registration as a user of Lahden Talot’s service channel, the law (for example, legislation on rental housing financed by Arava or loan-interest subsidies), Lahden Talot’s legitimate interests (in, for example, debt collection, direct marketing, and investigation of abuses), and consent granted by you (for example, cookies). The purpose of our data processing is to

  • offer apartments for rent, maintain and develop customer relationships, and perform invoicing and debt collection
  • maintain Lahden Talot’s service channel and sell and market services related to housing
  • conduct customer-satisfaction and other surveys and engage in communications and direct marketing
  • renovate the apartments and perform maintenance
  • develop services related to housing and business operations and prepare associated statistics and reports
  • detect, prevent, and investigate abuses, fraud, and other criminal offenses

3 What data do we collect, and what is the source of the data?

We process the following data pertaining to our customers (applicants for rental housing, tenants, joint tenants, and visitors who register for our service channel). The data type/source is determined by the purpose of the processing.

For rental-housing applicants and tenants

Basic information and personally identifiable information:

  • the tenant’s name, personal identity code, and contact information (postal address, telephone number, and e-mail address)

Data related to the customer relationship, including details on the application for rental housing and the management of the rental agreement:

  • the relevant customer number and the start date of the customer relationship
  • the name and personal identity code of any spouse or common-law partner living in the household
  • the names and personal identity codes of all household members living in the unit
  • information on housing needs and on the housing occupied prior to the customer relationship
  • information on any custodial relationship
  • information related to the ability to pay rent, such as data on financial status, including employment details (the duration and type of the employment relationship, et al.), income and assets, credit data, and any debt-adjustment arrangements
  • the tenant selection-related information required by law (including relevant annexes) in connection with state-subsidized ARA housing as it pertains to the tenant
  • information on the rental agreement, rental relationship, and rental history, such as details of payments and debt collection, the deposit or other guarantee, and termination of the rental agreement
  • Communications on complaints, feedback, and other matters related to the customer relationship and associated notices and measures, including phone calls recorded for the purpose of developing the provision customer service
  • the marketing measures employed, their use, and information provided in conjunction with them
  • bank account information in cases of termination of the rental agreement and reimbursement of the deposit
  • information related to the use of the website, service channel, and other electronic services, such as registration information (e-mail address and information pertaining to strong ID verification), browsing and search information, cookies, and IP addresses
  • permissions and refusals related to direct marketing

For contact persons, those making decisions on tenants’ behalf, and associations and companies applying for apartments

  • basic information: name, title, employer/company, and contact details (postal address, telephone number, and e-mail address)

Primarily, the personal data stored in the register are collected from you in conjunction with the application and the signing of the rental agreement and while the rental agreement is valid. Also, personal data may be collected and updated via public and private registers (as in the case of credit data).

4 Which parties do we disclose data to?

Personal data is disclosed only to competent authorities or other parties specified by law to the extent permitted or mandated by law. Customer information may be disclosed to the Lahden Talot Group’s service providers, with which the Lahden Talot Group has agreed on the realization of services, such as payment services. The service providers must comply with the data protection and privacy regulations pursuant to the laws and guidelines governing the sector. In addition, we disclose your personal data to

  • the parties selecting tenants pursuant to regulations pertaining to the Housing Finance and Development Centre of Finland (ARA)
  • the authorities – Customs, the police, the Social Insurance Institution (KELA), debt-related enforcement authorities, social services, and the housing advisor
  • debt-collection services for the collection of payments
  • third parties if you, as a user of our service channel, reserve and/or order services via our service channel provided by a third party. In this case, the service provider is responsible for data processing and for privacy obligations for its part as a data controller in accordance with its privacy policy.

We use service providers to handle the following data-processing-related activities on our behalf:

  • maintaining information on applicants and tenants and information related to rental activities
  • recording customer-service calls
  • performing the tasks a maintenance company is responsible for, such as apartment-specific services, including parking space reservation and sauna bookings
  • handling tasks related to management and handing over of keys
  • carrying out customer-satisfaction surveys and sending newsletters
  • maintaining the service channel
  • offering housing-related services.

The service providers, subject to a privacy agreement, process the data only to the extent necessary for provision of the service.

5 Do we disclose data to parties outside of the ETA?

Data is not disclosed to parties outside of the ETA.

6 How do we protect the data, and how long do we retain the data?

The data stored in the information systems is only accessible by a separately specified restricted set of employees. These employees may access the data only upon logging in with their personal username and password. The information systems are protected with appropriate virus-protection software and firewalls. The databases and the backups of them are on locked premises, where the data can be accessed only by designated persons.

The data is stored as long as the application process or rental agreement necessitates. Rental applications are stored for five years from the receipt of the application. Pursuant to the Accounting Act (1336/1997), data pertaining to tenants are stored for the full rental agreement term and then six years after termination of the agreement, unless a longer retention period is required by law. In addition, Lahden Talot complies with the regulations and guidelines pertaining to rental housing financed by Arava or loan-interest subsidies with regard to storage times, and rental decisions are stored for 10 years from the start date of the rental agreement.

7 What rights do you have as a data subject?

Any requests related to the rights of data subjects must be delivered to the postal address specified in Section 1. As a data subject, you have the following rights:

  • The right to inspect the data pertaining to you and request that erroneous data be corrected or deleted
    • You have the right to inspect the data pertaining to you that are stored in the register and request the rectification of erroneous data or the deletion of said data.
  • The right to withdraw consent
    • You have the right to withdraw your consent to the processing of data at any time. Withdrawing consent does not affect the legality of processing performed prior to the rescinding of permission.
  • The right to refuse direct marketing
    • You have the right to withhold permission for the processing of your data for purposes of market research, opinion polls, and related profiling. In addition, you may prohibit direct marketing at any time or revoke your electronic consent for direct marketing, by sending your refusal to the postal address specified in Section 1 or submitting it via the link provided for this purpose in any direct-marketing message.
  • The right to restrict processing or to object to it
    • You have the right to object to the processing of your data or to request restrictions or postponement to it.
  • The right to lodge a complaint with a supervisory authority
    • If you believe your data to have been processed in a way that violates the EU’s General Data Protection Regulation, you have the right to file a complaint with a supervisory authority, particularly in the EU member state where you reside or work or the one in which the violation took place.