Privacy Policy

Processing of customer data of Asuntoyhtymä Group Oy

1. Controller

Asuntoyhtymä Group Oy, PL 196, 00101 Helsinki, Finland

Tel. +358 (0)20 766 1390


Asuntoyhtymä Group Oy (controller) processes personal data in compliance with applicable data protection legislation.

2. The purposes of processing the personal data of customers and potential customers

Asuntoyhtymä Group Oy processes personal data related to the management of customer or lease relationship, marketing, communications and the electronic locking system.

The purpose of the processing of personal data is the acquisition, management, admin-istration and maintenance of customer relations related to rental housing as well as the development of rental housing services and, regarding electronic locking systems, the protection of people and property.

The controller also stores and evaluates information regarding visits to the controller’s website and uses the information to target advertising. This information is also used to develop advertising and housing services provided by the controller.

3. Legal basis for processing personal data

The processing of personal data by the controller is based on a contract between the customer and the controller, the consent of the customer or a potential customer, or the legitimate interest of the controller.

The processing of personal data related to the establishment and management of customer and lease relationships is based on a contract. The processing of personal data regarding electronic locking is based on a contract or a legitimate interest of the control-ler to protect property.

The processing of personal data used for the quality control and development of the controller’s housing services is based on the legitimate interest of the controller.

In addition, data can be collected from potential customers for sales and marketing purposes. The processing is then based on the legitimate interest of the controller or the consent of the data subject, depending on the source of the information.

4. Categories of personal data that are processed

Asuntoyhtymä Group Oy collects the following personal data:

  • Tenants as customers and those living with them, including their possible representatives or contact persons

    • Name and date of birth
    • Contact details: telephone number, address and email
    • Personal identity code of the tenant or the business ID of a company for invoicing, etc.
    • Language for communications
    • Information on the tenant’s guardianship, when necessary

  • Customers who have lodged an application for an apartment and their representatives

    • Name, personal identity code or business ID
    • Contact details and previous address
    • Regarding private persons: information on employment or study as well as possible default data (yes/no) in credit information

  • Potential customers, for example, people contacted through online services or campaigns

    • Name and contact data (telephone number, email and address)
    • Information regarding the need for an apartment
    • Data collected from the website, such as via cookies

  • People using the electronic access control system

    • Name, apartment number and keycode
    • Date, time and place registered by the electronic access control system

5. Regular sources of data

Personal data is collected from the following sources:

  • The information necessary for the management of the customer relationship is collected directly from the data subject
  • The credit information of potential tenants can be checked from Suomen Asiakastieto Oy's credit information register
  • The electronic locking information is collected from the locking system
  • The data related to potential customers is collected from online services, social media services, and participants in customer meetings, campaigns or events.

Asuntoyhtymä Group Oy may, if necessary, also check and update contact details and other personal data from other reliable sources of information provided by public or private parties.

6. The recipients of personal data/disclosure and transfer of personal data

The data controller does not, as a rule, disclose the personal data of the data subjects to third parties.

The controller may disclose registered data to the authorities for the investigation of suspected criminal offences. The data may also be disclosed to other authorities subject to a specified legal basis.

However, the controller may transfer personal data in such a way that the processor uses the transferred data on behalf of and for the account of the controller, for example a housing manager, a security services supplier, a locksmith or a contractor, in the per-formance of their contractual duties.

The controller shall not transfer the data outside the European Union or the European Economic Area. However, the controller may not prevent the possible transfer of third-party cookie data from the website outside the European Union or the European Economic Area.

7. The storage period of personal data

The controller shall process and store the data only for as long as is necessary for the purpose. The retention period varies depending on the type of personal data, depending on the specific purpose of processing thereof.

The personal data of customers, that is, tenants and those who have applied for rental housing, will be retained for the period required by the assignment and any tenancy, but may also be retained and used for the duration and to the extent necessary for invoicing, recovery and legal action. The personal data of the customer relationship will be deleted no later than three years after the end of the said customer relationship.

Data from potential customers, such as those who have given their consent in online services or events, will be kept for the time being; that is, until the consent is withdrawn or for as long as such personal data can be used for customer communication or marketing.

Electronic access control data is stored on the same bases as other data based on the rental agreement.

More detailed information on the storage periods of cookie data regarding the controller's website can be found in the information on cookies.

8. Data subjects’ rights

Data subjects have the right to:

  • Withdraw their consent to the processing of personal data at any time.
  • Receive confirmation from the controller that their personal data is being processed or is not being processed.
    • If such personal data is processed, the data subject has the right to access the data.
  • Check their personal data; that is, data subjects have the right to request the controller to correct any inaccurate and incorrect personal data without undue delay.
  • Have their personal data deleted without undue delay.
  • Object to the processing of their personal data.
  • Restrict the processing of their personal data.
  • Transfer their personal data from one system to another.
  • Notify the Office of the Data Protection Supervisor ( if the data subject considers that the controller is in breach of data protection legislation.

To exercise the aforementioned rights, please contact Asuntoyhtymä Group Oy’s customer service. Contact details can be found in item 1 of this Privacy Policy.

9. Processing and profiling of personal data

The controller does not process personal data by means of automated decision-making.

10. Further processing of personal data

The controller does not process personal data for purposes other than those described in this Privacy Policy.

Should the controller process personal data for other purposes, the controller is obliged to inform the data subjects of this purpose before further processing.

11. General description of the appropriate technical and organisational measures of the controller

The registers are accessible only to those employees of the controller who have com-mitted to the company’s written data protection instructions and confidentiality provisions.

The security of information systems is organised by appropriate measures: encryption and technical restrictions, as well as security software and firewalls. The systems can only be accessed with passwords. Personal data is only processed in premises with access control. Materials containing any personal data are disposed of securely.

12. Changes to the Privacy Policy

This Privacy Policy was updated on 14 September 2021.

The controller has the right to change this Privacy Policy. The controller shall inform da-ta subjects of specific changes to this Privacy Policy before they take effect.

If you have any questions regarding our data processing, we kindly ask you to contact us by means of sending an email to info(at) or calling us on +358 (0)20 766 1390.