Data protection

This privacy notice explains how Espoon Asunnot collects, uses and discloses personal data obtained from its customers.

Protecting the privacy of our customers is important to us, and it is also included in our code of ethics that we follow in our work. We process personal data of our customers for various purposes in order to offer apartments and ensure a smooth living experience for our customers.

Espoon Asunnot Oy is the controller of your personal data. As a controller, Espoon Asunnot is responsible for ensuring that your personal data is processed in accordance with this privacy notice and applicable data protection laws.

We only collect data relevant for the purposes described in this privacy notice. In the first instance, we obtain the necessary data directly from customers when they apply for an apartment, enter into a rental agreement, or otherwise interact with us. In addition, data may also be collected from other sources, such as credit registers and the population register.

Data collected on housing applicants and other persons moving into the apartment

• Basic data, such as the applicant's name, personal identity code and nationality, passport number or EU identity card number, if necessary;
• Contact details, such as telephone number, email address, and street address;
• Data about income, assets and debts;
• Data about the current living situations, such as the number of residents, type of housing, floor area and the type of housing tenure
• Details related to the need for housing, such as family, work, studies or current apartment;
• Credit rating;
• Other information required by the ARA housing selection process.

Necessary data during the rental relationship

• Data about the rental agreement;
• Move-in and move-out dates;
• Transfer of keys, parking spaces, and sauna bookings;
• Information on payment defaults, collection and eviction;
• Changes in living arrangements, such as other persons living in the same apartment or termination of the lease, as well as other measures and decisions related to the tenancy;
• Fault notifications, maintenance and repair work done on the apartment;
• Complaints and warnings;
• Contact requests, complaints, and feedback, as well as actions taken as a result of them;
• Consumption and energy data for the apartment, such as water usage and temperature;
• Possible information about involvement in resident  activities;
• Data collected by the electronic locking system in use, such as key stamp number and associated apartment number, information about access rights attached to the key, and information on logging into the locking system in common areas of the building.

Other necessary data:

• Customer service calls, including the name of the caller, the time when the call started, the name of the answering customer service employee, the customer’s telephone number (if the caller ID is not hidden), and the duration and topic of the call;
• Recordings of customer service calls
• Contact information for members of the resident committee and information for payment of compensation;
• Images and videos recorded by CCTV systems.

Selection of residents

We process the personal data of apartment applicants for the purpose of the selection of residents. Residents are selected on the grounds of social appropriateness and financial needs. With regard to the selection of residents, the collection and processing of personal data is based on legal obligations and the necessity to take steps prior to entering into a lease agreement.

Rental relationship

We process our residents' personal data to take care of rental relationships and obligations related to them. Residents’ personal data is processed for purposes such as

• monitoring of rent and other payments;
• communication regarding rental relationships, such as upcoming maintenance and increases in rents;
• actions related to the maintenance and repair of the apartment;
• key management;
• parking spaces and sauna reservations;
• invoicing and collection of rental receivables and other apartment-related expenses;
• management of housing disturbances;
• inspection of the apartment upon moving out;
• housing counselling.

The processing of personal data in the rental relationship is based on a lease agreement between the parties and a legal obligation.

Communication and newsletters

We may inform our customers by mail, email, or text message about matters related to buildings and apartments, customer relationships, the company's operations and new apartments. We do not send direct marketing messages to our customers. Here, the processing of personal data is based on the rental agreement between the parties and our legitimate interests to provide our customers with information about the company's operations, new development projects, and other relevant housing matters. We may also occasionally organize lotteries and voluntary competitions for our customers.

Newsletter mailing list for new apartments

When you subscribe to the mailing list, your personal data will be processed based on your consent.

Customer surveys and business development

We survey customer satisfaction through feedback and customer satisfaction surveys sent by email or text message. Recordings of customer service calls may be used to ensure the quality of customer service. Processing of personal data in this regard is based on our legitimate interest in improving our services by collecting feedback on the services we provide.

Camera surveillance and electronic locking

For safety purposes, some of our properties have camera surveillance. In areas where camera surveillance is present, its usage is clearly indicated through appropriate signage. Processing of personal data in this regard is based on our legitimate interest in ensuring the safety of our staff and customers. Camera surveillance recordings are only viewed to investigate disturbances. If an electronic locking system is in use at the property, we process the data collected by the locks of common areas only to investigate incidents of damage and crimes that have occurred on the premises.

Resident Activities

In order to implement resident activities according to the Act on Joint Management of Rental Buildings, the members of the resident committee are requested to provide necessary contact information and consent for sharing them with other residents of the building for tasks related to resident activities. If compensation is provided for the resident activity task, the operators are asked to provide payment details for compensation purposes. The processing of information in connection with resident activities is based on consent.

We only retain your personal data for as long as it is necessary. The duration of the retention period depends on the specific purpose of the use of the personal data and legislation. The data will be deleted once we no longer need it for the purposes it was collected for.

Personal data about apartment applicants is generally retained for three years from the date of application.

Personal data about residents is generally retained for five years from the end of the lease agreement. Rental payment data is generally retained for six years in accordance with the Accounting Act, unless we are entitled or obligated to retain personal data for a longer period under applicable laws or contractual relationship, such as for the collection of rental receivables.

Customer call recordings are generally retained for three months from the date of recording.

We may disclose personal data to third parties in, for example, the following situations:

• to authorities, such as Kela, social and child welfare units, and the City of Espoo, on the basis of law or as permitted by law;
• to trusted service providers that operate on behalf of us, such as maintenance companies, debt collection agencies, and IT system service providers;
• when so required by law, such as in response to a summons or in relation to a legal action;
• if Espoon Asunnot is a party to a merger or business transaction;
• when the disclosure of data is necessary to protect our interests or the safety of you or others, to investigate criminal activities or to respond to official requests.

We ensure the compliance of data protection and data security in accordance with the General Data Protection Regulation (GDPR) when disclosing or transferring information. Information is not transferred or disclosed outside the European Union or the European Economic Area.

You have the right to access your personal data and to request corrections and updates to them. You may also request the deletion of your personal data. However, please note that during the rental agreement, some personal data may be necessary to fulfil the rights and obligations related to the rental agreement, and therefore cannot be deleted.

You have the right to restrict the processing of your personal data within the limits of applicable data protection legislation.

You have the right to receive a copy of your personal data. If you wish to access your personal data, we kindly ask that you submit the request to us via email or mail using the contact details provided at the end of this privacy notice. Please include your name and address in the request and indicate whether you would like to access specific information or all personal data concerning you. A copy of your personal data will be provided to you in person upon presentation of a valid identification document.

Please note that if requests for access to personal data are clearly groundless or unreasonable, especially if they are frequent or if multiple copies are requested, Espoon Asunnot as the data controller may charge a reasonable fee based on administrative costs of fulfilling a request, or refuse to comply with the request.

You have the right to file a complaint with the national data protection authority if you consider there to be a violation of data protection legislation in processing your personal data. In Finland, you can address your complaint to the Data Protection Ombudsman: www.tietosuoja.fi.

We use appropriate technical and organizational measures to protect your personal information against destruction, loss, alteration, unauthorized access and unauthorized disclosure.

Access to personal data is restricted to employees who require it for performing their work duties as well as trusted service providers who may only process personal data in accordance with our instructions. All individuals with access to personal data are bound by confidentiality obligations.

Systems and networks used for data storage are protected through organizational and technical measures.

This Privacy notice may be updated due to changes in our services and operations or amendments to legislation. If required by law, we will notify registered individuals of such changes.

This Privacy notice is available in Finnish, Swedish and English. In the event of any discrepancies between different language versions, the content of the Finnish language version will be considered primary.

For questions related to this Privacy notice or the processing of your personal data, you can contact us via email at tietosuoja@espoonasunnot.fi. Alternatively, you can send mail to Espoon Asunnot Oy / Tietosuojavastaava, Suomenlahdentie 1, 02230 Espoo.