RAKSYSTEMS PRIVACY STATEMENT
Updated 11 April 2022.
Privacy statement for customers and stakeholders
In this privacy statement, we explain how we collect, process, disclose and protect the personal data of our customers and stakeholders. By personal data, we mean all the data that concerns you as an identified or identifiable natural person. This includes data such as your name, address, phone number and photo. We also explain your rights as the data subject.
Any questionnaires and feedback you receive may include links to other companies’ sites or services that have their own privacy policies. We recommend that you familiarize yourself with the privacy policies of such third parties.
At Raksystems, we comply with the General Data Protection Regulation of the European Union (‘EU’) and other applicable data protection legislation in our processing of personal data. Below, you can find further information about how we process your personal data. If some matter remains unclear, please contact us for more information.
The controller is either Raksystems Insinööritoimisto Oy or another company of the Raksystems Group (hereinafter referred to as ‘we’ or ‘the controller’) which processes personal data concerning customers, partners and other stakeholders.
Recipients of personal data
Your personal data is processed only by those members of the Raksystems Group who require the data for carrying out their work duties.
Your personal data may also be transferred to contracted external service providers for processing on our behalf. For example, the data and your responses in any questionnaires and feedback forms may also be handled, to the extent necessary, by our contract partners. Such subcontractors include, for example, IT service providers who handle technical system maintenance or processing of feedback. The service providers process your personal data only as specified by us and for the provision of our services; they do not have the right to use your data for their own purposes.
We use external service providers for purposes such as service research and development, marketing, customer relationship management, billing and debt collection, delivery and maintenance of systems, and the provision of various technical platforms.
Purpose of personal data processing
Maintenance, administration and statistics for data concerning customers, partners and stakeholders; business development; and maintenance, administration and statistics for information on data subjects areas of interest. Maintenance and management of order and billing data; execution of assignments; maintenance of customer, author and object data required for the content and delivery of reports; statistics; provision of services and products; marketing; business development and related customer service development; management and development of the customer relationship; and monitoring and analysis of service-related choices and wishes.
We also collect and process your personal data in order to comply with our statutory requirements in areas such as accounting or to comply with legal requests from public authorities.
We also process your personal data in connection with the collection, use, processing and publication of surveys and feedback as well as for registration and participation in events. We may publish and use your feedback on our website and in newsletters, marketing, social media, internal training and operational development. We will inform you as part of a feedback survey when your response is processed anonymously or if your feedback is not published.
We may also photograph and video meetings, events and functions that we organize, In such cases, the material may be used in our internal and external communications, including websites, social media and print publications.
Bases for personal data processing
We process your personal data according to one of the following bases:
- a joint agreement (e.g. a subscription agreement).
- your consent (e.g. electronic direct marketing). In this case, you can withdraw your consent at any time.
- our legitimate interest (e.g. the transfer of your personal data within our group).
- a statutory obligation that we as a company must comply with.
- legal requests from public authorities.
Categories of persons in the register
Customers and their representatives, such as real estate agents or property managers. Additionally, partners and other stakeholders or their representatives.
We only process your personal data to the extent necessary. The following data may be collected from data subjects:
- name, personal identification number and date of birth, language, photo, video image, address, email address, telephone number and object data.
- job title, education, language skills, title, organization.
- contact details, call requests and other inquiries, consent to direct marketing or receiving a newsletter and data on the withdrawal of such consent.
- quotation requests, sent quotations, orders, customer number.
- data from third party registers stored with your consent.
- data provided by you on interests, areas of interest, and other matters.
- data on your satisfaction with the services and your comments on the controller’s services.
- other data you have provided and added, as well as attachments together with accompanying images.
- when you respond to feedback forms and questionnaires, we collect both the feedback itself and also background data about you for statistical and service delivery purposes, including the length of ownership and the number of people living in the same household.
- data on participation in events and training. We also collect data needed for our events and trainings, such as dietary preferences and requirements. The event enrolment data you provide may include some of your health data, such as information about allergies.
- for our applications and browser-based services, we also collect data about your username and password and about your browsing history.
- in addition, we may record calls to ensure customer satisfaction and effective service encounters as well as for training purposes.
Regular sources of data
As a rule, we receive the data either from you yourself or from third party registers based on either your consent or your endorsement given in some other way.
The main sources of data are the subscription agreement and data received from the data subject themselves, for example when they call us, receive customer service, or interact in some other way. Company data can also be collected from various public registers and from companies’ websites.
In addition, customers and other stakeholders can add their own data into the systems, for example when participating in training sessions or filling in questionnaires and feedback forms. Other sources of data may include our website and data provided / filled in by you yourself. Additionally, the process of setting up different services involves collecting your data through order forms and customer service encounters as well as from the database of our customer data system.
Data may be collected directly from you as part of the registration process or alternatively from partners or from contact details published through different media.
Regular data disclosures and transfer of data outside the EU and European Economic Area
Data may be disclosed and transferred within the Group for purposes such as performing tasks necessary for maintaining the customer relationship; providing services and enabling invoicing; providing and marketing services for ourselves and our partners; and managing customer relations or cooperation. Data may also be disclosed to persons who have a statutory right to receive the data. Reports on orders and personal data related to these reports may be disclosed to the ordering party, their representative or to a third party to the extent permitted by law.
As a rule, we process data within the EU and the European Economic Area. Therefore, data is not normally transferred or disclosed outside the EU and the European Economic Area unless this is necessary for processing the above-mentioned personal data, in which case we ensure an adequate level of data protection as required by legislation in general and particularly by Articles 45 to 46 of the EU General Data Protection Regulation. Please note that some of our partners may process your personal data outside the EU (e.g. Google and Facebook).
Retention period for personal data
The data is only retained for as long as is necessary for our operations or as long as is required by law. The data retention period may vary according to the type of data. Storage of data and reports is important, for example, to determine for new orders whether we have previously conducted inspections, studies, or other actions that may be relevant to the new order. In addition, guidelines such as the “Ordering Party’s Guideline for Condition Assessments Carried Out During Real Estate Sales” (KH 90-00393), require that the report be retained for at least 10 years.
Principles of personal data protection
Personal data is primarily stored in an electronic format and protected by the necessary technical measures. Appropriate technical and organisational security measures are in place to protect personal data against loss, misuse, disclosure, alteration and destruction. Physical materials containing personal data are stored in locked rooms / filing cabinets which are accessible only to designated persons who are authorised to access them for work purposes. Access to databases and systems and the use of personal data is restricted to those employees, professionals and other persons employed by the controller who require access to the database in order to perform their work duties and who have the right to process such personal data for work purposes.
Rights of the data subject
The data subject has:
- the right to request from the controller access to, rectification of and erasure of personal data or restriction of processing of data concerning the data subject as well as the right to object to processing of their data and the right to data portability;
- to the extent that the processing of personal data is based on the consent of the data subject, the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right not be subject to automated decision-making without a legitimate basis;
- the right to lodge a complaint with the supervisory authority concerning the processing of personal data.
Right to lodge a complaint with a supervisory authority
If you believe that we are not processing your personal data in accordance with the data protection regulations, you can lodge a complaint with the supervisory authority in the EU Member State where you have your permanent address or place of work or where you believe an infringement has occurred.
In Finland, the authority in question is the Data Protection Ombudsman
Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4
Postal address: PO Box 800
Tel. (switchboard):+358 29 566 6700