RAKSYSTEMS PRIVACY STATEMENT
In this privacy statement, we explain how we collect, process, assign and protect your personal data. The term “personal data” refers to any and all information regarding an identified or identifiable natural person, i.e. you. Such data includes your name, address and phone number, for example. We also explain your rights as the data subject.
When processing personal data, Raksystems follows the General Data Protection Regulation and other applicable data protection legislation.
For more information on how we process your personal data, please see below. We have divided the information under subheadings so that you can easily find what you are looking for. If you have any questions that are not answered here, please feel free to contact us.
Who is the data controller?
Raksystems Insinööritoimisto Oy (business ID 0905045-0)
Vetotie 3 A
FI-01610 Vantaa, Finland
Tel. +358 30 670 5500
Contact information in all matters concerning the register
Tel. +358 30 670 5500
Why does Raksystems process my personal data?
We collect and process your personal data to better serve you. We have a comprehensive approach towards our customer relations, customer service and recruitment processes, and we develop and maintain our operations and the service and marketing of our services. We use the data for statistical purposes and profiling, as well as to manage information on your interests. We also collect and process your personal data in order to meet our statutory obligations.
Examples of situations in which we process personal data:
- Raksystems must process your personal data in order to manage, develop and maintain customer relations. Such cases include replying to invitations to tender and contact requests. We also need your personal data to maintain and manage our order and invoicing data. To perform its expert duties and deliver the promised reports, Raksystems needs your personal data. The data will be entered into our systems and handed over to the expert who performs your inspection/survey. We could not perform the service you have purchased without your contact details and the address of the site, for example.
- When arranging events or training courses, we need your personal data in order to ensure that you will receive the appropriate training materials, for example.
- We also process your personal data when carrying out surveys and collecting feedback, as well as when utilising, processing and publishing the obtained information. We may publish or utilise your feedback on our website, in newsletters, marketing, social media, internal training and the development of our operations. When collecting feedback, we will always notify you if your answers will be anonymously processed or the feedback will not be published. We process your personal data in order to create statistics, as well as to monitor and analyse your interests and your service-related choices.
- We process, collect, maintain and manage the personal data of people involved in our recruitment processes, such as work experience. Processing the personal data is necessary for us to contact you when you are applying for a job.
What is the justification for Raksystems to process my personal data?
We process your personal data on the basis of one of the following:
- Mutual agreement (e.g. when you place an order for a condition inspection)
- Your consent (e.g. direct marketing in electronic format); in such a case, you have the right to withdraw your consent at any time
- Our legitimate rights (e.g. statistics and assignment of your personal data within our Group)
- Statutory obligations we must meet as a company (e.g. retaining your invoicing details for accounting purposes, which is mandatory by law, or fulfilling requests by authorities based on legislation)
To which target groups does the registration apply?
We register personal data for the following target groups:
- Our customers and their agents (such as real estate agents or property managers), our cooperation partners and parties who send invitations to tender to us
- People who send us a contact request or provide us with feedback
- People who use our apps, our website or our browser-based services
- People and companies who reply our surveys and provide us with feedback, such as customers, cooperation partners and people who participate in training courses we arrange
- People who attend our events or participate in our competitions
- Recipients of our newsletters, people who have given their consent to electronic direct marketing and people who have withdrawn their marketing consent
- Reporters in a variety of media
- Job applicants, including people seeking for apprenticeship training or an internship
Which pieces of personal data does Raksystems process?
We only process your personal data to the extent required.
We may collect the following information about you:
- Name and contact details (postal address, email, telephone number)
- Date of birth/age
- Customer number
- Service language
- Site data (address, number of storeys, floor area, year of construction, apartment type, additional information)
- Company, title and business ID
- Details of an authorised person or agent (if such information has been provided)
- Contact details, contact history, enquiries, feedback and complaints, including their content
- Invitations to tender and offers, order history, as well as chosen and performed services
- Consent to electronic direct marketing and sending of the Raksystems newsletter, any withdrawal of these consents and any refusal of direct marketing or telemarketing by the data controller or a third party
- Data saved from registers maintained by third parties based on your consent
- Information on participation in events and training courses
- Announced interests and other information
- Information related to service satisfaction and your comments on the controller’s services
- Any other information or attachments provided by you, including images
We also collect the following:
- Background information for statistical purposes and provision of our services when you fill out a feedback form or questionnaire, such as period of ownership of a site and the number of people living in the same household
- Information required when arranging an event or a training course, such as dietary information for catering purposes; the information you provide when enrolling for an event may include information on your health, such as allergies
- In the case of our apps and browser-based services, we also collect information on your user ID, password and usage history
- If you are a representative of the media, we will save your title, your sphere of operations, the media you represent and the type of articles you write, as well as information on the publication you represent
- If you are a job applicant, we will collect the information provided by you in your CV or job application, such as work history, education, qualifications, language skills and references, as well as information on the processing of your application, the starting and ending date of the job application process, any information obtained from third party registers to the saving of which you have given your consent, information on how satisfied you were with the job application process and any related comments, your requested salary level and any other information you provide, which includes but is not limited to gender, social security code and photo
What are the main data sources used by Raksystems?
As a general rule, we receive information from you, based on your specific consent or from registers of third parties in a way to which you contribute.
Raksystems’ main data sources include your order agreement and the information provided in connection with the agreement, invitations to tender, assignment requests, communication in its various forms, survey and feedback forms, the customer register, our website and you yourself. Furthermore, when providing our services we collect information about you through order forms and in connection with customer service, as well as from the customer database. Information can also be obtained directly from you during registration, from our cooperation partners or from contact details published by a variety of media. We also obtain contact information from a variety of registers and the websites of other companies.
If you are a job applicant, our data sources include your job application, any information obtained from your temping agency (if any) in connection with your job application and any other information or contact details you have submitted to us. We may also obtain information about you from the Raksystems website.
What is the Raksystems policy regarding the regular assignment of information and transferring information to outside the EU or the EEA?
We will not hand over or transfer any of your personal data to outside the EU/EEA, unless it is absolutely necessary to perform customer service and meet our statutory obligations, in which case we will follow Finnish legislation, EU regulations on data transfer and other applicable rules.
Please note, however, that some of our cooperation partners will process your personal data outside the EU (such as Google and Facebook in the United States of America, in which case the assignment of your data is protected by the EU-US Privacy Shield).
We will assign and transfer your information within the Raksystems Group when it is necessary for the processing of your personal data, to perform surveys or assignments, to manage your customer relationship or complaints, to enable invoicing or to arrange an event, or if the assignment of your data is based on compliance with statutory obligations. Furthermore, we will assign and transfer your data within the Raksystems Group when offering or marketing our services and the services of our cooperation partners, during cooperation and when providing the Raksystems newsletter service. We will also assign and transfer your data within the Raksystems Group in order to perform duties involving your job application process or the signing of your employment contract, or the management of these.
We will only hand over your data to third parties based on your consent or based on a separate regulation on the assignment of data, in connection with a corporate acquisition or corporate restructuring, or if the assignment of your data is necessary to enable invoicing or debt collection. For example, the Finnish Tax Administration has the right to receive your data under certain circumstances. Your customer information will also be processed by our service providers and cooperation partners based on an assignment from us. Such subcontractors include IT service providers that handle the technical maintenance of systems or process feedback. For example, a cooperation partner processes replies to customer survey forms in electronic format. Whenever your personal data is being processed on our behalf, the cooperation partner is bound by a confidentiality obligation, and the partner does not have the right to assign your information to any third parties or use the data for any other purpose than the completion of our assignment.
Who in Raksystems will process my personal data?
Your personal data will be processed by our employees and the employees of our cooperation partners whose work duties require the processing of the data. For example, the information and replies you have provided on survey or feedback forms will be processed by us and our cooperation partner as necessary. The persons processing your personal data are always bound by a confidentiality obligation.
How long will Raksystems retain my personal data?
We will only retain your personal data as long as it is necessary to complete the actions for which the personal data was collected, until the expiration of the retention period laid down by law or until any disputes have been resolved. We can delete your data at an earlier point in time based on your request if there is no other justification for the retention of your data. If your personal data cannot be deleted because of software restrictions, your data will be made passive until it expires.
Examples of personal data retention periods:
- Retaining your personal data and expert reports is important, because when you place an order for a new assignment, we should be able to determine whether we have previously performed any inspections, surveys or other actions at the site, as that could be significant in terms of the new assignment. For example, the Client Instructions for a Condition Evaluation in Connection with Real Estate Transaction (Kuntotarkastus asuntokaupan yhteydessä, Tilaajan ohje, KH 90-00393) state that the report must be retained for ten years.
- Your data involving our newsletter service will be retained as long as the newsletter service is valid. If the newsletter service is discontinued, your personal data will be deleted within a reasonable time.
- Personal data collected in connection with a job application process will be retained for a period of six (6) months from the application submission date. After that time, your data will be automatically deleted, unless you renew your application.
What are Raksystems’ register protection principles?
We mostly use electronic registers. Your data is saved in a protected data system of a third party, which is physically located in the EU/EEA. Raksystems uses appropriate protection when processing personal data. Hence, your personal data is protected from loss, abuse, assignment, modification and destruction.
The servers used to process your data are located in locked premises protected with access control systems. Unauthorised access is also prevented by means of firewalls, technical protection methods and password protection. Physical access to the data is prevented by means of the access control systems and other security measures. Only people who need your personal data when providing our services and taking care of their work duties have access to your personal data. Any hard copies are stored in a locked office of the person managing the register in premises protected by an access control system. The users are bound by a confidentiality obligation. Only people whose work duties involve the processing of personal data have the right to modify the register.
What are my rights as the data subject?
You have the following rights:
- The right to request from us access to and rectification or deletion of your personal data or a restriction of the processing of the data, or to object to the processing of the data, as well as the right to transfer the data to another system.
- If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. However, such a withdrawal of consent will not affect the lawfulness of processing based on consent before the withdrawal.
- The right to review your personal data and have any incorrect or erroneous data rectified without undue delay. In such a case, please submit a request to us in writing.
- The right to have your personal data deleted when the data is no longer needed for the purpose for which it was collected or for which it was being processed.
- The right to lodge a complaint on the processing of your personal data with a supervisory authority.
You have the right to lodge a complaint with a supervisory authority
If you are of the opinion that we have not processed your personal data in accordance with the data protection regulations, you can lodge a complaint with the supervisory authority in the EU member state in which you have a permanent domicile or a place of work, or in which you consider the violation to have taken place. In Finland, the supervisory authority is the Data Protection Ombudsman.
Office of the Data Protection Ombudsman
Street address: Ratapihantie 9, 6th floor
FI-00520 Helsinki, Finland
Postal address: PO Box 800
FI-00521 Helsinki, Finland
Tel. (exchange): + 358 29 56 66700
Fax: + 358 9 56 66735