Information of Client Data Processing for Stakeholders
The personal data are processed only to the necessary extent needed in real estate business activities and other activities of Y-Foundation Corporation. Data processing is based on General Data Protection Regulation of EU 2016/679. This statement illustrates how we process your client data and what your legal rights are based on the General Data Protection Regulations. If you need further information, please contact our client service.
By Y-Foundation Corporation, we mean Y-Foundation, M2-Kodit and other companies of the corporation. In this statement, all of these are called the Foundation. We guarantee that your personal data are processed appropriately and that your data are not provided to third parties. Our personnel have been briefed on the matters of data protection and data security. In addition, we have signed a non-disclosure agreement. We conform to the regulations and official guidelines and we require the same from our data processing partners.
This privacy statement illustrates the basics of the personal data processing and the rights of registered persons as is required by General Data Protection Regulations. If you need more detailed instructions to handle your case, you can contact our client service.
Keeper of the Register
Y-Foundation (registered in the Register of Foundations)
Persons in charge of Register Matters and their Contact Information
Quality manager Päivi Raami is responsible for the Register.
Corporate lawyer Timo Mutalahti is the Data Protection Officer of the Foundation.
Contact the client service in the matters related to the register.
Name of the Register
Stakeholder Register of the Y-Foundation (hereinafter referred to as the “Register”).
The Register consists of the following subregisters.
- Acquisition subregister which includes the personal data of service and product providers and suppliers.
- Partnership subregister which includes the personal data of cooperation partners and authorities.
- Marketing, sales and communication subregister which includes personal data of for example persons invited to events, receivers of marketing and communication and persons who have shown interest in the Foundation’s activities.
The Use of the Personal Data
We process your personal data as far as it is necessary for conducting the contractual and cooperation relationships as well as meeting the requirements of the laws and regulations. One of the missions of the Foundation is to reduce homelessness and, therefore, the personal data of those interested in the activities and events of the Foundation are also processed. Your personal data is primarily needed for communication and as well as for the fulfilment of our mutual rights and obligations. We use your personal data for example for the following purposes:
- fulfilment of contractual or cooperation responsibilities,
- fulfilment of legal obligations and requirements of notifications and inspections,
- invitations, organisation and assessment of various events and happenings,
- communication and marketing,
- fulfilment of other legitimate interests of the Foundation.
In addition, we use personal data on a general level in the development of our services to better meet the needs of our stakeholders and our organisation. Use of the data in research is carefully guided as well as made anonymous or pseudonymous. We also use personal data in order to make direct marketing and target marketing more interesting for the stakeholders Personal data is partly processed automatically. However, decisions concerning our clients’ rights or responsibilities are not made solely based on automatic processing or profiling.
Contents of the Register
The register only contains the personal data that are required for each stakeholder role. The following personal data can be processed in the register:
- name, contact address, phone number, email, stakeholder organisation
Other possible information
- titles, employer, corporation or place of study with its contact information,
- information, such as the national identification number, tax number and bans on business activities, required by the Act on the Contractor’s Obligations and Liability when Work is Contracted Out and by The Reporting Requirement in the Construction Industry,
- national identification number, home address and bank information of persons who are not on the prepayment register,
- usernames and related identification and log data of information systems,
The IP addresses of those who have visited the ysaatio.fi and m2kodit.fi web pages as well as information on Internet usage collected with cookies can be recorded in the systems.
We store your personal data for the time period specified by the basis on compilation. The time period, concerning different pieces of data, is determined by the legislation, official guidelines and contracts. We erase the data when there is no more legitimate grounds for the processing. The data collected with cookies are stored no more than three (3) years depending on the nature of the cookies.
Sources of Information
We collect your personal data primarily and directly from you. In addition, we can collect your personal data from the stakeholder you represent (employer, colleague, main contractor, other collaborators or public sources of information). The collection of data from persons invited to various events and happenings can also be based on the recommendation of a third party. IP addresses and cookies can be recorded when the web pages of the Foundation are used.
The data for the management of the information system are collected from you or your employer. Log information are automatically recorded when you use the information system of the Foundation.
When we have the right and obligation to inspect your credit and payment behaviour, we collect information from Suomen Asiakastieto Oy, Tilaajavastuu.fi and the registers of the Tampuuri enterprise resource planning system. The Foundation can update contact information, phone numbers and other personal data from liable, paid or free sources of information offered by third parties.
Disclosure and Transfer of Data
As a rule, we do not disclose your information outside the Foundation. An exception to this rule is the disclosure of your information, in a necessary extent, to the partners acting to the Foundation’s account (such as maintenance companies) to fulfil our services. Legitimate rights or obligations to disclose such data are also an exception. These include for example inspections of authorities. We can disclose your data to other parties with your written consent. We do not transfer your data outside EU or EEA countries.
Principles of the Register Protection
We comply with the legislation and official guidelines, good practice on information management and data security and data safety policies of the Foundation in the protection of your personal data. Personal data can be processed only by persons who have been entitled to do so in the capacity of their tasks.
We store manual data reliably in a secure space. Only persons appointed by the Foundation can access the digital data. These persons are given temporary user names and passwords. The right to use the register is designated from task to task. The data is recorded in secured and monitored spaces.
You have the right to know if we process your personal data. You have the right to check what information about you has been recorded. If there are errors in your information, you can ask them to be rectified. You have the right to request your information to be erased (‘right to be forgotten’) unless the processing or storage of the data is based on a contractual relationship or other legitimate interest of the Foundation. If necessary, you can obtain more detailed instructions of the fulfilment of the rights of the registered party.
In addition, you have the right to get matters relating to the fulfilment of your rights examined by a competent authority (data protection supervisor), if, in your opinion, we have not complied with the rules or official guidelines regarding data protection. The phone number of the data protection supervisor’s office is +358 (0)29 5666 700 and address is Ratapihantie 9, 00520 Helsinki, Finland.
You can direct all the informal questions and inspection requests concerning personal data processing to the client service of Y-Foundation in person or in writing. We will answer your messages as soon as possible. You can use your right for an inspection once per year. If your inspection requests are visibly groundless or unreasonable, especially if they are made repeatedly or multiple copies are requested, we will charge a fee of 50 euros per request to cover the administrative costs or we will decline to fulfil the request.