Privacy policy

This privacy policy provides information on how Fidus, as a controller, collects, uses, discloses and stores
your personal data in accordance with the European Union General Data Protection Regulation (2016/679)
(hereinafter the GDPR). This privacy policy is dated 2 March 2022.

Fidus processes the data subject's personal data in accordance with this privacy policy, the GDPR and other applicable legislation. Fidus may amend this privacy policy in the event of changes in the processing of personal data, for example, due to changes in the services provided by Fidus or changes in legislation. Fidus will publish an updated privacy policy on its website.

1. Data controller

The data controller under the GDPR is Fidus Vuokratalot II Oy (hereinafter Fidus or we). The
contact details of the controller are as follows:

Fidus Vuokratalot II Oy (3201806-1)
Erottajankatu 5
00130 Helsinki
Finland

Contact details for data protection matters:
Thomas Castrén
Email: thomas.castren@sirius.fi

2. Personal data processed and sources of personal data

Tenants’ personal data is in most cases collected from the tenants when they, for example, apply for a rental apartment and sign a lease agreement. Personal data may also be collected from tenants during the tenancy, for example when they interact with Fidus or its service providers.

In addition, we may also collect data on tenants from other sources, such as publicly available records (for example the Population Information System). We may also collect data related to the management of access rights when using a locking system, such as lock event log information and access right identification information (such as name, apartment number and key identification information).

Personal data collected and processed on tenants may include, for example:

  • Basic information such as name, age, gender and social security number
  • Contact information, such as telephone number and email address
  • Information related to the lease agreement, such as the apartment to be rented, lease term and amount of rent
  • Information related to customer service, such as the tenant's contacts with customer service
  • Information about the rented apartment, such as reports of faults, repairs carried out and water consumption
  • Billing information
  • Tenant credit information to the extent permitted and required by law
  • Information necessary for collection purposes, such as information on payments and debts transferred to debt collection.

3. Purpose and legal grounds for processing personal data

3.1. Purpose

We process personal data for the following purposes:

To provide our services and perform our obligations under contractual relationships (legal basis: performance of the contract and legitimate interest)

We process your personal data to administer the tenancy and to fulfil our obligations under the lease agreement. We also process data to provide housing-related services, to manage access rights, to safeguard the property of the housing association and its occupants and to deal with damage situations.

To comply with our legal obligations (legal basis: fulfilling a legal obligation)

We process your personal data to administer and fulfil our legal obligations. For example, we may process the data to fulfil our accounting obligations and to provide information to competent authorities such as tax authorities.

For customer service and communication (legal basis: legitimate interest)

We may process personal data to process and respond to customer feedback and service requests. We also process your personal data to communicate with you about our services and any possible changes to them. If you contact our customer service, we will use the information you provide to answer any questions you may have and to resolve any problems you encounter with our services.

Claims handling and legal proceedings (legal basis: legitimate interest)

We may process personal data in connection with the processing of claims and legal proceedings.

3.2 Legal grounds for processing

We process your personal data to fulfil our obligations under mandatory legislation and our contractual obligations as your contractual party. We may also process your personal data on the basis of our legitimate interests in order to carry out, maintain and develop our business activities and to manage our customer relationships.

In some cases, we may ask for your consent to process your personal data. In these cases, you have the right to withdraw your consent at any time.

4. Recipients of personal data

We share your personal data within Fidus and its organization and only to the extent reasonably necessary for the purposes set out in this privacy policy. In addition, we may share your personal data with the group companies of Fidus (such as limited liability housing companies) and companies that manage the group companies.

However, in certain circumstances, our activities may require us to share personal data with parties outside Fidus. In the situations described below, personal data will be transferred or disclosed in accordance with and only to the extent permitted by the GDPR and other applicable legislation and this privacy policy.

Service Providers

We use third party service providers for our business. Cooperation between service providers and Fidus requires the transfer of personal data to such third parties, including Realia Services Oy, a provider of real estate management services, and service providers of IT systems or accounting, security and maintenance services, or parking operators. Personal data may also be disclosed to a debt collection agency for the purpose of debt recovery. These service providers process your personal data on behalf of or for Fidus as processors of personal data. Realia also acts in part as an independent controller for personal data of applicants for rental housing. For more information, please see Realia's privacy policy.

Authorities

We may be required to transfer or disclose personal data to public authorities (such as the police, the Social Insurance Institution and tax authorities) based on applicable law or the fulfilment of legal obligations.

The data will be used for legal purposes or in legal proceedings

We may also share your personal data with third parties outside of Fidus if we consider that access to and use of the personal data is reasonably necessary to: (i) comply with applicable laws and regulations and/or a court order; (ii) detect and prevent misuse, crime, technical failures and information security problems; and/or (iii) guarantee our and your safety and the protection of property, as well as the public interest. We will notify you directly of any such processing, if possible in that case.

The data will be used for other legitimate reasons

If Fidus is a party to a merger, asset deal or other acquisition, we may transfer your personal data to a third party involved in the process, such as a prospective buyer and its advisors.

5. International data transfers outside Europe

In principle, we process your personal data within the territory of the Member States of the European Union (EU) and in the European Economic Area (EEA).

However, the service providers we use may process personal data on our behalf on servers located outside the EU or EEA. Where personal data is transferred to countries outside the EU/EEA, we will ensure that the transfer of personal data only takes place in accordance with the appropriate safeguards of the GDPR, for example by means of standard contractual clauses approved by the European Commission. For the current standard contractual clauses, please visit the European Commission's website.

6. Storage period

As a general rule, we will only store your personal data for as long as necessary for the purpose(s) for which your personal data was collected. The data will be deleted when it is no longer needed for the purpose for which it was collected, unless it is necessary to store the personal data for longer than is necessary for the purposes of the specific processing in order to comply with the requirements of applicable laws (for example, for accounting purposes).

Personal data of tenants will be stored for at least the duration of the tenancy. Some personal data may also be stored after the end of the tenancy, within the maximum periods allowed by the applicable legislation.

7. Your rights

You have various rights regarding our processing of your personal data. These rights include, in particular, the rights listed below. These rights are not absolute, and each right is subject to exceptions and conditions as set out in applicable legislation which are not exhaustively described below.

  • Right of access to data: You have the right to access or obtain a copy of the data we process about you. We may refuse to provide you with a copy of your data if doing so would compromise the rights and freedoms of others.
  • Right to request the correction of data: You have the right to require us to correct or complete any inaccurate or outdated personal data that we store about you.
  • Right to request the deletion of data: You may request us to erase personal data about you from our systems in certain circumstances, such as where the personal data is no longer necessary for the purposes for which it was collected, where the processing of such data is unlawful, or where the data has been processed on the basis of consent and you withdraw your consent. We will take the requested action unless we have a legitimate reason not to delete the data.
  • Right to object to data processing: You always have the right to object to the processing of your personal data for direct marketing purposes. In addition, you may object to the processing of your personal data based on legitimate interests on the basis of your particular situation, unless we can demonstrate compelling legitimate grounds for such processing.
  • Right to restrict the processing of data: You may request us to restrict your personal data processing, for example, for the period required for verifying the correctness of your personal data if you have denied the accuracy of your personal data.
  • Right to withdraw consent: Where we process personal data on the basis of your consent, you have the right to withdraw your consent at any time by sending an email or postal letter to the email or postal address provided in this privacy policy. Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out prior to the withdrawal.
  • Right to transfer data from one system to another: You have the right to receive your personal data from us in a structured and commonly used format and the right to transfer the data independently to a third party.

8. Lodging a complaint

If you consider that our processing of personal data infringes the applicable data protection laws, you may lodge a complaint with a local supervisory authority. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/home.

9. Security of information

We use technical and organizational safeguards to protect the personal data we collect and process. The measures we use include data encryption, firewalls, secure facilities and systems protected by limited access rights and passwords. Our security measures are designed to maintain an appropriate level of data confidentiality, integrity, availability, fault tolerance and recoverability. We regularly test our services, systems and other hardware for vulnerabilities.

10. Exercise of rights

Fidus is the controller of the personal data processed as described in this privacy policy. If you have any questions or comments about the processing of your personal data or this privacy policy, or if you wish to exercise your rights, you may contact us by letter or email at the addresses set out at the beginning of this privacy policy.