PRIVACY POLICY – Consumer Customer Register

Controller

Fira Oy
Address: c/o Fira Oy, Teknobulevardi 3-5, 001530 Vantaa
Business ID: FI32430013
Contact person: Ayala Maimon, ayala.maimon@fira.fi

Name of register

Consumer Customer Register (“Register”)

Introduction

Fira Oy and its subsidiaries (“Fira” or “we”) collect personal data for the Consumer Customer Register for the purposes of sales activities and customer service.

This Privacy Policy discusses the principles according to which we store and process personal data saved in the Register. This Privacy Policy details the personal data we collect, how we process said personal data, and how you can exercise your rights related to your personal data. We can update this Privacy Policy if the way in which we process the data changes or if updating it otherwise becomes necessary. The up-to-date version is available on our website. [www.fira.fi/en/privacy-policy/].

Our service may include elements provided by a third party. This Privacy Policy does not cover a third party’s principles applicable to data processing or to the protection of privacy, nor are we responsible for data processing carried out by any third parties. Please refer to their own policies to check their data protection principles.

Purpose of and grounds for processing

We may use your personal data for the following purposes:

  • To provide services and to fulfil our contractual obligations such as customer service and communicating service-related information to the users
  • To improve quality, analyse trends and for the purposes of customer service
  • We can process your data to improve the quality of our services and products by analysing various trends related to the use of the services, for example. Whenever possible, we aim to use anonymous data from which individuals cannot be identified. We can use the data in managing the customer relationship and for customer service and communications.

Fira processes your personal data to fulfil its contractual obligations towards its contractual partners and to act according to statutory requirements. We also process personal data to develop our consumer services.

Data storage period

We store the personal data only for as long as necessary, considering the purposes specified in this Privacy Policy. We will remove the personal data or anonymise it as soon as possible after its storage is no longer necessary.

The processed data and its sources

We collect user data for the Register from the users themselves, from third parties (e.g. building management companies and credit reporting agencies) and in connection with the use of the service.

Collected data may include:

– name

– personal identity code

– email address

– phone number

– IP address

– project address

– project identifier

– information related to project scheduling (e.g. apartment-specific dates)

– additional work and modifications to apartment

– creditworthiness

Cookie

We use numerous technologies, including cookies, to collect and store data when you use our service and website. The cookies help us to count the total number of visitors to our pages and to monitor the use of our service and website. This helps us to improve our service. We also use cookies that make the use of our service and website easier for you by remembering user IDs, passwords or (language) choices, for instance. We also use monitoring and analytical cookies to follow our users’ attitudes towards the service we provide.

You can prevent the use of cookies in your browser and set your browser to alert you whenever there is an attempt to install cookies. Please note that if you decide to prevent the use of cookies, some functionalities of the service may not work in the intended way. For further information about cookies and their removal, go to www.allaboutcookies.org.

Transfer and disclosure of personal data

We can transfer or disclose personal data to our partners if it is necessary for the purposes pursuant to this Privacy Policy. Such partners may include:

  • system providers
  • suppliers
  • consultants
  • subcontractors

Our services use Google Analytics and other analysis tools to create reports on the use of our website, so that we can improve our website and service. For further information on Google Analytics, go to http://www.google.com/analytics. You can opt out of the collection of data by Google Analytics by downloading the browser add-on available at https://tools.google.com/dlpage/gaoptout.

In such cases, personal data is processed in accordance with valid legislation.

We may also use third party service providers, for example providers of payment services, collection services and analytics services, to carry out certain tasks that include processing personal data on our behalf.

We can furthermore transfer or disclose personal data to our group companies and any party continuing our business operations as a result of corporate arrangements or the disposal, merger, de-merger, bankruptcy or liquidation of business operations.

Otherwise we will not sell or disclose your data to third parties. We also do not transfer data outside of the EEA.

Should applicable laws so require, personal data can also be transferred or disclosed to the authorities.

Your rights

Right of access

Fira offers you right of access to your personal data processed by us. You can contact us to request access to the personal data we process with regard to you and the grounds for such processing. If less than 12 months have passed since your previous request for access, we can charge a fee for carrying out the measures related to the request.

Right to request rectification of data

You are also entitled to have erroneous, incomplete, outdated or unnecessary data rectified or supplemented by contacting us.

Right to request removal of data

You can also ask us to remove your personal data from our systems. We will carry out the measures in accordance with your request unless we have a justified reason for not removing your data, for example to fulfil our statutory obligations. The data may not necessarily be removed immediately from all backup copies or other equivalent systems in our use.

Right to oppose

You can also request restrictions to the processing of your personal data if the data is processed for purposes other than the performance of our services or for the fulfilment of a statutory obligation. You can also state your opposition to any further processing of your personal data, even if the processing were based on previous consent from you. Opposition to the processing of personal data may lead to more limited possibilities to use our website and services.

Right to restrict processing of data

You can ask us to restrict the processing of certain personal data. A request concerning the restriction of the processing of your personal data may lead to more limited possibilities to use our website and services.

Right to transfer data from one system to another

You are entitled to receive your personal data from us in an analysed and commonly employed format so that you can pass the data on to another controller.

Exercising your rights

You can exercise your above-mentioned rights by sending a message using the above-mentioned contact details. We have to be able to identify you in order to respond to your request. We may request additional information necessary to verify your identity. We may reject requests that are repeated unreasonably often or that are excessive or groundless. If you believe that the processing of your personal data conflicts with the applicable legislation, you can submit a complaint to the local authority that supervises data protection, especially in the member state where you have permanent residence or workplace or where the alleged breach of the personal data regulation took place. In Finland, the supervisory authority is the Data Protection Ombudsman. http://www.tietosuoja.fi/fi/index/yhteystiedot/nainkysytneuvoa.html

Information security

We have protected our register of personal data from unauthorised access with a variety of technical and organisational means and arrangements. The personal data is saved on servers and systems protected with a firewall and passwords. The servers are protected from third parties. Personal data is processed only by people committed to non-disclosure who have a justified reason for processing the data based on their job. We nevertheless wish to emphasise that no service provided through the internet is perfectly secure.