YIT PLUS PRIVACY POLICY                                                          


This Privacy Policy regulates the manner in which YIT Rakennus Oy (“YIT” or “we”) processes personal data collected from YIT’s customers and the users of YIT Plus Services. This Privacy Policy applies to personal data that we receive from individuals (the “Users”) via our website yitplus.com, our online services and our customer data file.

 

Please note that this Privacy Policy only applies to the use of the YIT Plus Services (“Services”) and the processing of personal data carried out by YIT. This Privacy Policy does not apply to, nor is YIT responsible for, the processing of personal data carried out by third parties. The service may contain links or portals to other websites and services, and our Service may be integrated into third-party services. Third parties will process the personal data according to their own Privacy Policy. Please note that the Privacy Policy for these third parties may differ from our Privacy Policy.

 

Privacy, safety and information security are important to us, and we process all personal data with appropriate care and in adherence to the applicable legislation and regulations.

 

 

1.     CONTROLLER

YIT Rakennus Oy

Panuntie 11, 00621 Helsinki
tel.: 020 433 111 (exchange)
Business ID 1565583-5

 

2.     CONTROLLER CONTACT INFORMATION

You can always contact us by filling this form or by email to privacy@yit.fi.

 

You can also contact our local service points in each country of YIT´s operations: 

 

GDPR contact person: 

Tarmo Nikkilä, Legal Council

P.O. Box 36, Panuntie 11

00621 Helsinki

Finland

tarmo.nikkila@yit.fi

Puh. +358 40 821 1214 

 

Person in charge of the register matters:

Hannele Laine, Development Director, Housing Finland and CEE at YIT

P.O. Box 36, Panuntie 11

00621 Helsinki

Finland

hannele.laine@yit.fi

Puh.+358 40 749 4966

 

3.     NAME OF DATA FILE


YIT Plus Customer data file

 

 

4.     PURPOSES AND LEGITIMATE GROUNDS FOR PROCESSING OF PERSONAL DATA

 

YIT processes personal data for several purposes. The purpose of the processing may vary depending on the category of personal data being processed in each case.

 

In order to provide our Services and to fulfil our obligations based on contractual relationships

 

We primarily process personal data in order to provide Services to our Users and to carry out, maintain and develop our business. In some cases, personal data may be processed in order to fulfil an obligation towards the User that arises from the contractual relationship. If a User contacts our customer service, we use the provided information in order to answer questions and solve any possible problems.

 

Furthermore, your personal data may be processed in order to find the best possible apartment for you as a customer, and for the purposes of developing our services and offering additional services.

 

For customer communication

We may process personal data in order to contact Users in relation to our Services and in order to communicate regarding changes to the Services. The data is also used for research and analysis purposes in order to improve our Services.

 

For the purposes of improving quality and analysing development trends

We may process data concerning the use of the Services in order to improve the quality of our Services, such as by analysing the different development trends related to the use of the Services. Whenever possible, we aim to use anonymous information that does not allow for an individual to be recognised.

 

Grounds for processing

We process personal data in order to fulfil our obligations towards the User arising from contractual relationships. Furthermore, we process personal data in order to maintain and develop our business.

 

In some parts of the Services, Users are requested to give their consent to the processing of personal data. In these cases, Users may withdraw their consent at any time.

 

In addition, we may use the User’s personal data for the following purposes:

·       customer relationship management and development;

·       execution of the YIT Plus service;

·       authentication and verification of customer transactions;

·       offering products and services

·       paying for products and services and management of payments

·       developing customer service and business

·       research and development activities

·       digital direct advertising, remote sales, promotional competitions and other direct marketing from the controller and select partners

·       surveys and market research

·       analysis and compiling statistics

·       ensuring that the information you provided is correct in order to adhere to our legal obligations

 

 

5.     SOURCE OF PERSONAL DATA

You understand and acknowledge that, by signing up via our website or another Service, you are authorising us to process the data you provide us and, in accordance with applicable legislation, to request additional data from third-party data files that are required for the assessment and verification of data that concerns a possible assignment. Personal data is compiled from the controller’s other systems and the service user (data subject) themselves when they sign up for the service and use the service.

 

For the purposes pursuant to this Privacy Policy, we may compile personal data from the following reliable sources:

 

·       the Users themselves;

·       the data files of the controller, companies in the same group as the controller or their partners;

·       the Population Information System (data for confirming the personal identification number and address data);

·       sources offering credit data for Users;

·       preference service data files maintained by the Data & Marketing Association of Finland;

·       other similar public and private data files; and

·       databases maintained by the authorities in ways pursuant to the legislation.

 

YIT has outsourced the updating of the apartment owner and tenant information, the verification of their currency and the Service access permissions by contract to the client ordering the Service, as agreed in the Service Agreement.

 

6.     DATA CONTAINED IN THE DATA FILE

The data file contains the contact details for the properties covered by the YIT Plus service and their contact persons, service partners, apartment owners and other users who have signed up on the YIT Plus portal and the information concerning their objects of interest, combined with the basic data and status data for the properties and apartments that are for sale/that have been sold by companies belonging to the same group with the controller.

We collect the following personal data that is necessary for fulfilling the purpose of the data file:

-        first names and surname

-        contact information, such as address, telephone numbers and email addresses

-        date of birth

-        sign-up information and profile information, such as the user ID for the YIT Plus portal, the nickname or other unique identifier, and the other profile information the data subject has provided on the service, such as objects of interest, gender, profile photo, number of people in the household and other information the data subject has personally recorded

-        Information concerning the implementation and use of the Service, such as browsing and search information, discussions, service requests, calendar events, photos and other documents saved in the service, discussion groups and the list of buyers/owners of apartments and other property.

Furthermore, other information related to the customer relationship is saved in the data file, such as

-        the start and end date for the customer relationship and apartment ownership, and the basic information concerning the apartment and property

-        the benefits and campaigns targeted towards the User and their use

-        information related to invoicing and debt collection

-        contacts and communication across different channels with the controller (including claims for compensation and feedback, for example)

-        direct marketing permissions and prohibitions and information related to targeted marketing

-        a housing cooperative’s board members and messages sent between the board members on the service

-        material personally produced by the data subject or concerning them (such as ownership and family relationships, sharing of access permissions with family members or tenants)

-        as regards underage persons, contacts made with the custodian, such as agreement to the processing of personal data, unless an underage person of at least 15 years of age has prohibited the processing of such data.

 

7.     REGULAR DATA DISCLOSURE AND TRANSFER OF DATA OUTSIDE THE EU AND THE EEA

At the request of the User, YIT may disclose data to those partners of YIT whose products or services the controller is forwarding to customers, such as lessors or accommodation service providers.

Data is not disclosed to other third parties unless this is deemed necessary in order to fulfil YIT’s statutory or contractual obligations.

 

YIT is entitled to use subcontractors for the provision and implementation of its services. These subcontractors include, for example, the providers of ICT, marketing and communications services. In this case, personal data may be transferred to subcontractors insofar as is necessary for the provision of the services. These subcontractors process personal data on YIT’s behalf in accordance with YIT’s instructions and this Privacy Policy. YIT will ensure by means of contracts that personal data is processed in accordance with the legislation.

 

Personal data is not regularly transferred outside of the EU or EEA. If, however, data transfer is necessary, YIT will ensure that the European Commission has approved that the level of data protection in the target country is appropriate, or agreed on the transfer using the standard contract clauses approved by the European Commission.

 

8.     PRINCIPLES OF PROTECTING THE DATA FILE AND DATA RETENTION TIME

Only persons who are entitled to process customer data as part of their work have access to the data. Each user has a separate user ID and password. The electronic data is protected by means of firewalls, passwords and other technical means. The data is stored in locked premises and premises equipped with access control.

 

Generally speaking, we will only store a User’s personal data for as long as the legislation requires or for as long as they are necessary in order to fulfil the purposes specified hereinabove.

 

The personal data will be stored after the termination of the customer relationship until all warranty obligations and other contractual and statutory requirements have been fulfilled and the retention times defined in the legislation, such as the Housing Transactions Act, Consumer Protection Act and the Accounting Act.

 

Following the termination of the customer relationship, YIT may retain anonymised data and, for direct marketing purposes, the data subject’s basic data defined hereinabove in this Privacy Policy (with the exception of the personal identification number) and marketing data.

 

9.     RIGHTS OF THE DATA SUBJECT

The User is entitled to check the information concerning them saved in the personal data file and to request the rectification of inaccurate data.

 

The User is entitled to prohibit YIT from processing data concerning them for the purposes of direct advertising, remote sales and other direct marketing as well as market research and surveys.

 

The User may also request that we delete their personal data from our systems. We will take action according to your request unless a justified reason exists for not deleting the data. Once the active data has been deleted, all residual copies may not necessarily be immediately deleted from all of our servers or our backup systems or other redundancy systems. These copies will be deleted as soon as it is feasible.

 

Pursuant to the General Data Protection Regulation, the User is entitled to oppose the processing of their data or request its limitation, withdraw their consent and to file a complaint regarding the processing of personal data with the local data protection supervisory authority.

 

The data subject is entitled to receive their personal data from us in a structured, generally used format, and to individually transfer the data to a third party.

 

The requests and prohibitions may be made to the contact person listed under section 2. In order to ensure data protection, the customer must be able to verify their identity upon request.

 

10.  COOKIES

 

YIT may employ “cookies” or other industry standard technologies, such as tracking pixels, web beacons and other similar technologies.

 

A cookie is a small text file saved on the User’s device in order to maintain a file containing data pertaining to the User in question. Tracking pixels and web beacons are small graphic images located on YIT’s website that allow for determining whether a specific function has been completed.

 

YIT’s websites may also contain third-party advertisements that send cookies or other tracking technology onto your device in order to track your online activities on third-party websites or services for marketing purposes.

 

Users may disable cookies via their browser settings or set a warning for cases where cookies are set. More information on cookie management is available online. For example, the following links offer information on altering cookie preferences in the most popular browsers:

 

Safari

Google Chrome

Internet Explorer

Mozilla Firefox

 

Please note that some parts of our Services may not work correctly if cookies are disabled.

 

Google Analytics

Our Services use Google Analytics and other web analysis tools in order to compile technical information and reports on the use of our website, for the purposes of improving our Services. For further information regarding Google Analytics, please visit the Google Analytics website. You can opt out of the data collection performed by Google Analytics by downloading the following browser add-on: Google Analytics opt-out add-on.