Lahden Talot Privacy Policy

Updated on October 3, 2019

1 Data controllers and contact details for matters related to the register

Lahden Talot Group, Mariankatu 19, 15110 Lahti, Finland; tel. +358 3 851 570

Lahden Talot Oy (1108275-0)

Lahden Asunnot Oy (2108080-4)

Lahden Palveluasunnot Oy (2110856-3)

The group’s data-protection officer: tietosuojavastaava@lahdentalot.fi

In its role as a data controller, each company that is part of Lahden Talot Group is responsible for processing the personal data of its respective customers. Lahden Talot Oy maintains the personal data of the customers of all companies belonging to the group and processes said data for administrative purposes and in connection with the planning and development of the group’s business operations.

2 For what purposes and on what grounds do we process your personal data?

The data processing is based on an agreement, such as a rental application or rental agreement, the law (for example, legislation on rental housing financed by Arava or loan-interest subsidies), and Lahden Talot’s legitimate interests (in, for example, debt collection, direct marketing, and investigation of abuses). The purpose of our data processing is to

  • offer apartments for rent, maintain and develop customer relationships, and perform invoicing and debt collection
  • conduct customer-satisfaction and other surveys and engage in communications and direct marketing
  • renovate the apartments and perform maintenance
  • develop services related to housing and business operations and prepare associated statistics and reports
  • detect, prevent, and investigate abuses, fraud, and other criminal offenses

3 What data do we collect, and what is the source of the data?

We process the following data pertaining to our customers (applicants for rental housing, tenants, and joint tenants). The data type/source is determined by the purpose of the processing.

For rental-housing applicants and tenants

Basic information and personally identifiable information:

  • the tenant’s name, personal identity code, and contact information (postal address, telephone number, and e-mail address)

Data related to the customer relationship, including details on the application for rental housing and the management of the rental agreement:

  • the relevant customer number and the start date of the customer relationship
  • the name and personal identity code of any spouse or common-law partner living in the household
  • the names and personal identity codes of all household members living in the unit
  • information on housing needs and on the housing occupied prior to the customer relationship
  • information on any custodial relationship
  • information related to the ability to pay rent, such as data on financial status, including employment details (the duration and type of the employment relationship etc.), income and assets, credit data, and any debt-adjustment arrangements
  • the tenant-selection-related information required by law (including relevant annexes) in connection with state-subsidized ARA housing as pertains to the tenant
  • information on the rental agreement, rental relationship, and rental history, such as details of payments and debt collection, the deposit or other guarantee, and termination of the rental agreement
  • communications on complaints, feedback, and other matters related to the customer relationship and associated notice and measures, including phone calls recorded for the purpose of developing the customer service
  • the marketing measures employed, their use, and information provided in conjunction with them
  • bank account information in cases of termination of the rental agreement
  • permissions and refusals related to direct marketing

For contact persons, those making decisions on tenants’ behalf, and associations and companies applying for apartments

  • basic information: name, title, employer/company, and contact details (postal address, telephone number, and e-mail address)

Primarily, the personal data stored in the register are collected from you in conjunction with the application and the signing of the rental agreement and while the rental agreement is valid. Also, personal data may be collected and updated via public and private registers (as in the case of credit data).

4 Do we disclose or transfer data to third parties?

Personal data are disclosed only to competent authorities or other parties specified by law to the extent permitted or mandated by law. We disclose your personal data to

  • the parties selecting tenants pursuant to regulations pertaining to the Housing Finance and Development Centre of Finland (ARA)
  • the authorities – Customs, the police, the Social Insurance Institution (KELA), debt-related enforcement authorities, social services, etc.

We use service providers to handle the following data-processing-related activities on our behalf:

  • maintaining information on applicants and tenants and information related to rental activities
  • recording customer-service calls
  • performing the tasks a maintenance company is responsible for, such as apartment-specific services, including parking spaces’ reservation and sauna bookings
  • handling tasks related to management and handing over of keys
  • carrying out customer-satisfaction surveys and sending newsletters

The service providers, subject to a privacy agreement, process the data only to the extent necessary for provision of the service.

5 Do we transfer data outside the EU/EEA?

Data are not disclosed to parties outside the EU or the EEA.

6 How do we protect the data, and how long do we retain the data?

The data stored in the information systems are accessible by only a separately specified restricted set of employees. These employees may access the data only upon logging in with their personal username and password. The information systems are protected with appropriate virus-protection software and firewalls. The databases and the backups of them are on locked premises, where the data can be accessed only by designated persons.

The data are stored as long as the application process or rental agreement necessitates. Rental applications are stored for five years from the receipt of the application. Pursuant to the Accounting Act (1336/1997), data pertaining to tenants are stored for the full rental agreement term and then six years after termination of the agreement, unless a longer retention period is required by law. In addition, Lahden Talot complies with the regulations and guidelines pertaining to rental housing financed by Arava or loan-interest subsidies with regard to storage times, and rental decisions are stored for 10 years from the start date of the rental agreement.

7 What rights do you have as a data subject?

Any requests related to the rights of data subjects must be delivered to the postal address specified in Section 1. As a data subject, you have the following rights:

  • the right to inspect the data pertaining to you and request erroneous data to be corrected or deleted
    • You have the right to inspect the data pertaining to you that are stored in the register and request the rectification of erroneous data or the deletion of said data.
  • the right to withdraw consent
    • You have the right to withdraw your consent to the processing of data at any time. Withdrawing consent does not affect the legality of processing performed prior to the rescinding of permission.
  • the right to refuse direct marketing
    • You have the right to withhold permission for the processing of your data for purposes of market research, opinion polls, and related profiling. In addition, you may prohibit direct marketing at any time or revoke your electronic consent for direct marketing, by sending your refusal to the postal address specified in Section 1 or submitting it via the link provided for this purpose in any direct-marketing message.
  • the right to restrict processing or to object to it
    • You have the right to object to the processing of your data or to request restrictions or postponement to it.
  • the right to lodge a complaint with a supervisory authority
    • If you believe your data to have been processed in a way that violates the EU’s General Data Protection Regulation, you have the right to file a complaint with a supervisory authority, particularly in the EU member state where you reside or work or the one in which the violation took place.