Privacy statement of the stakeholder register

Information of Client Data Processing for Stakeholders

At the Y-Foundation Group, we process personal data only to the extent necessary to conduct real estate business activities and other activities of the Group. Our data processing methods are based on the General Data Protection Regulation (EU) 2016/679. This statement illustrates how we process your personal data and what legal rights you have under the General Data Protection Regulation. If you need further information, please contact our customer service.

By Y-Foundation Group, we mean the Y-Foundation, Kiinteistö Oy M2-Kodit and other companies of the Group. In this statement, these are together referred to as the Foundation. We are responsible for ensuring that your personal data is processed appropriately and that your data is not wrongfully disclosed to third parties. Our personnel have been briefed on the matters of data protection and information security. In addition, we have signed a non-disclosure commitment. We conform to the regulations and official guidelines and require the same from our partners that process personal data.

This privacy statement provides a basic account of our personal data processing methods and the rights of data subjects as required by the General Data Protection Regulation. If you need more detailed information for your specific situation, you can contact our customer service.

Data Controller

Y-Foundation (registered in the Register of Foundations)

Person in Charge of the Register and their Contact Information

Data Protection Officer Timo Mutalahti is responsible for the Register.

Please contact our customer service in matters related to the register.

Name of the Register

The Stakeholder Register of the Y-Foundation (hereinafter referred to as the “Register”).

The Register consists of the following subregisters:

  • Acquisition Subregister, which contains personal data about our service and product providers and suppliers.
  • Partnership Subregister, which contains personal data about our partners and authorities.
  • Marketing, Sales and Communications Subregister, which contains personal data about, for instance, recipients of event invitations, recipients of our marketing messages and other communications, and persons who have shown interest in the Foundation’s activities.

Purpose of Processing Personal Data

We process your personal data in so far as it is necessary to fulfil our contractual and partnership obligations as well as to meet legal and regulatory requirements. One of the missions of the Foundation is to reduce homelessness, which is why we also process the personal data of those interested in the activities and events of the Foundation. Your personal data is primarily needed for communication and as well as for the fulfilment of our mutual rights and obligations. We use your personal data, for example, for the following purposes:

  • fulfilment of contractual or partnership responsibilities,
  • fulfilment of legal obligations and requirements regarding notifications and inspections,
  • invitations to and the organisation and assessment of various events and happenings,
  • communications and marketing,
  • fulfilment of other legitimate interests of the Foundation.

In addition, we use personal data on a general level in the development of our services to better meet the needs of our stakeholders and our organisation. Data usage for research purposes follows strict guidelines, and the data is made either anonymous or pseudonymous. We also use personal data for direct marketing and in order to tailor marketing to our stakeholders and their interests. Personal data is partly processed automatically. However, decisions concerning our clients’ rights or responsibilities are not made solely based on automatic processing or profiling.

Contents of the Register

The Register only contains the personal data required from each type of stakeholder. The following personal data may be processed in the Register:

Basic information

name, contact address, phone number, email, stakeholder organisation

Possible additional information

  • titles, employer, company or educational institution and its contact information,
  • information required by the Act on the Contractor’s Obligations and Liability when Work is Contracted Out and by the Reporting Requirement in the Construction Industry, such as personal identity code, tax number and bans on engaging in commercial activities,
  • personal identity code, home address and bank information of persons who receive remuneration and are not in the prepayment register,
  • usernames and related identification and log data in our information systems,

The IP addresses of the visitors of the ysaatio.fi and m2kodit.fi websites as well as data collected by cookies on their browsing activities may be recorded in our systems.

Data Retention

We store your personal data for the time period determined by the grounds for processing. The time period for different types of data is determined by the legislation, official guidelines and contracts. We erase the data when there are no more legitimate grounds for processing. The data collected by cookies is stored no more than three (3) years depending on the nature of the cookies.

Regular Sources of Information

We receive personal data about you primarily from you. In addition, we may collect personal data about you from the stakeholder you represent (employer, colleague, main contractor, other partners or public sources of information). The collection of data about persons invited to various events and happenings may also be based on the recommendation of a third party. IP addresses and information on cookies may be collected when visitors browse the Foundation’s websites.

The data for the management of our information systems are collected from you or your employer. Log data is recorded automatically when you use the Foundation’s information systems.

When we have the right and obligation to inspect your credit and payment behaviour, we collect this data from Suomen Asiakastieto Oy, vastuugroup.fi and the registers of the Tampuuri enterprise resource planning system. The Foundation may update your contact information, phone numbers and other personal data based on reliable, paid or free sources of information offered by third parties.

Disclosure and Transfer of Data

As a rule, we do not disclose your data outside the Foundation. An exception to this rule is the disclosure of your data to the partners acting on behalf of the Foundation to the extent necessary to perform our services. Legal rights and obligations to disclose data are also an exception. These include, for example, regulatory inspections. We may also disclose your data to other parties with your explicit written consent. We do not transfer your data outside the EU or EEA.

Principles of Register Protection

We comply with the legislation and official guidelines, data management best practices and the Foundation’s data protection and information security policies in the protection of your personal data. Personal data may only be processed by persons authorised to do so as part of their duties.

We store physical data securely in a locked space. Only persons appointed by the Foundation can access the digital data. These persons are given temporary usernames and passwords. The right to access the registers is determined on a task-by-task basis. The data is recorded in locked and monitored spaces.

Your Rights

You have the right to know if we process your personal data. You have the right to check what information has been recorded about you. If the data is incorrect, you have the right to ask for rectification. You have the right to request the erasure of your personal data (‘right to be forgotten’) unless the processing or storage of the data is based on a contractual relationship or other legitimate interest of the Foundation. If necessary, you can contact our customer service to obtain more detailed instructions on the fulfilment of the rights of data subjects.

If technically possible, you have the right to have your data transferred to another data controller in a machine-readable form. You have the right to prohibit the use of your data for direct marketing or research requests. Disabling cookies does not affect the use of the websites.

In addition, you have the right to have matters relating to the fulfilment of your rights examined by the competent authority (Data Protection Ombudsman), if, in your opinion, we have not complied with the rules or official guidelines regarding data protection. The phone number of the Data Protection Ombudsman’s office is +358 (0)29 5666 700 and the address is Ratapihantie 9, 00520 Helsinki, Finland.

You can direct all questions and inspection requests concerning personal data processing to the customer service of Y-Foundation in a free format in person or in writing. We will respond to you as soon as possible. You can use your right for an inspection free of charge once per year. If your inspection requests are manifestly groundless or unreasonable, especially if they are made repeatedly or multiple copies are requested, we will charge a fee of 50 euros per request to cover the administrative costs or we will decline to fulfil the request.