The privacy notice of the client and partner register of the University Properties of Finland Ltd
1. Data controller
The University Properties of Finland Ltd (hereafter SYK Ltd)
VAT ID FI22686373
Box 310, FIN-33101 Tampere
Street address: Tietotalo 2nd floor, Korkeavuorenkatu 1, 33720 TAMPERE
2. Contact person
With matters regarding this privacy notice, please email us to the following address: firstname.lastname@example.org
3. Register name:
Client, contract, and partner register
4. The purpose of data collection and use
The purpose of data collection is to carry out the rights and obligations related to the lease and/service contract between SYK Ltd and the customer or between the data controller and the partner, as well as the implementation of measures preceding a contract, and/or the legitimate interest of SYK Ltd.
The purposes if the use of personal data are management, maintenance and development of customer relation (including potential customers), analysis, compilation of statistics, customer communication, event organisation, conducting customer experience surveys, identifying customer users, user management, and the management of partner relations.
In addition, personal data is used for direct marketing (including electronic newsletters), personalized online advertising and profiling, and the development and planning of the data controller’s products and services.
5. Whose personal data we collect?
SYK Ltd collects the personal data of existing and potential customers, the decision-makers and contact persons of suppliers and partners, and newsletter subscribers.
6. Collected data
Data related to accounts, contract management and maintenance, such as the data regarding the contract party representatives and contact persons.
The data processed in our register consists of names, addresses, email addresses, telephone numbers and data regarding the use of electronic services (such as browsing and search data, IP addresses, and cookies).
The data processed in the register also includes documents of communication between SYK Ltd and the aforementioned parties, as well as data regarding contracts between customers and SYK Ltd.
7. Regular data sources
The data regarding contract parties and partner contact persons that is stored in the systems is obtained from the data subjects, their respective employers, meetings, contract relations or online.
Personal data can be collected and updated also via public and private registers, such as the population register, other authorities, credit agencies, contact information providers, and other reliable sources.
8. Transfer of personal data to a third country
As a rule, personal data is not transferred to third counties outside the EU or EEA.
For some systems, the personal data described in this privacy notice may be processed outside the EU or EEA, and in such cases, the data controller has ensured that its data processing subcontractor has a Privacy Shield certificate or a similar system in place.
9. Data disclosures
As a rule, SYK Ltd does not disclose personal data to third parties.
The data controller uses third party subcontractors to execute actions described in this privacy notice, and these subcontractors work on behalf of the data controller. The subcontractors – i.e., recipients of personal data – include but are not limited to marketing and communications agencies, event organisers, information system providers, as well as partners providing property and facility services. The data controller is liable for the actions of its subcontractors. The data controller uses data processing contracts with the subcontractors to ensure their commitment to processing personal data as described in this privacy notice. In addition, the data controller may disclose the personal data of data subjects to its subcontractors to market its services.
The data controller uses third party subcontractors to execute actions described in this privacy notice, and these subcontractors work on behalf of the data controller.
10. Principles of data protection
Only the employees, whose work involves processing personal data, have access to the systems containing personal data. Each employee has a unique user ID and password. The data is collected into databases that are protected by firewalls, passwords and other technical means. The databases and their back-up copies are located in locked facilities, and only pre-appointed employees are able to access the databases.
Data stored on paper is located in access-controlled storage rooms.
11. Data storage period
Unless otherwise required by legislation, SYK Ltd stores personal data as long as one of the grounds for data processing mentioned in section 4 is valid and the personal data is necessary for the purpose of processing.
Personal data can be deleted if a data subject withdraws their informed consent or opposes the processing of their personal data based on the legitimate interest of the data controller or public interest, and there are no other grounds for data processing.
12. The rights of the data subject
The data subject has the right to access and review their data stored in the register, request for the rectification of incorrect data and the erasure of their personal data.
The data subject has the right to object the processing of their personal data for direct marketing, market research or opinion poll purposes and the profiling related to such activities. This kind of request can be made any time by contacting SYK Ltd by email on email@example.com, or by unsubscribing to the mailing list as instructed in the marketing emails.
The requests must be made in writing and submitted to the office of SYK Ltd with verification of the data subject’s identity.
The data subjects must present a review request in person at the office.
The reply to the review request will be sent to the data subject’s address that has been verified from the population register.