2NDHOMES TAMPERE LTD
2ndhomes Tampere Ltd (Business ID 2889484-3)
PERSON IN CHARGE OF REGISTER
COO & Partner
2ndhomes Tampere Ltd.
+358 400 214 114
NAME AND CONTENT OF THE REGISTER
2ndhomes Tampere Ltd's customer register (hereinafter "Customer Register").
CRITERIA FOR THE PROCESSING AND RECORDING OF PERSONAL DATA
To the extent that the Customer Register contains personal data, its processing complies with the Data Protection Act and other applicable laws, regulations, orders and official instructions concerning the processing of personal data. Personal information refers to information that can be combined to a specific person. This document describes in more detail the procedures for the collection, processing and disclosure of personal data and the rights of the customer concerning it.
Purpose of collection and processing of personal data:
1. Contractual, customer or similar relationship
The purpose of the customer register is for the registrar to:
a contractual or customer relationship with the other party to the transaction (e.g., tenant or lessor)
the relationship related to fulfilling the service with other parties of the transaction (e.g., a member of the tenant’s family)
a relationship based on a marketing authorization granted by the customer, the purpose of which is, inter alia, multi-channel marketing communications to the customer, for example by e-mail, online, telemarketing or mail
The Registrar may also collect information from other persons present in the apartment it manages in order to prevent, monitor and investigate crime or misconduct, or by other means to identify potential customer interests or to establish a subsequent customer relationship / provide and market services of the registrar.
The persons described above are referred to in this document as a “Customer”.
2. Statutory control of money laundering
Pursuant to Chapter 3, Section 3 of the Act on the Prevention of Money Laundering and Terrorist Financing (444/2017, hereinafter “the Money Laundering Act”), customer information and other personal data in accordance with the law are stored, stored and used and for the purpose of investigating the offense for which the benefit of money laundering or terrorist financing have been obtained. Customer identification or other personal information obtained solely for the purpose of preventing and disclosing money laundering and terrorist financing shall not be used for a purpose incompatible with those purposes.
3. Data storage based on consent
To the extent that the right to register customer information described above is exceeded or there is no other legal basis mentioned, the Customer will be asked separately for consent to the storage, processing and storage of personal data. The customer may also be specifically asked for consent to analyze the information provided and customer behavior for marketing purposes.
Penalties for failure to obtain the mentioned information
If the Registrar does not receive the above-mentioned information, the customer relationship may not be initiated or continued, or another agreement may be entered into or participate in legal proceedings with the Customer.
Purpose of the data collected
The information in the customer register is mainly used for the following purposes:
customer relationship management and development
production, provision, development and improvement of services
invoicing, collection and verification of customer transactions
analysis and statistics on services
customer communication, marketing and advertising
targeting marketing content based on information and behavior provided by the Customer
protection and safeguarding the rights and / or property of the Registrar and other persons and entities involved in the production of the Registrar's services
fulfilling the statutory obligations of the Registrar
other similar uses
INFORMATION CONTAINED IN THE CUSTOMER REGISTER
2ndhomes Tampere Ltd processes information in its Reservation Management System, in the register information concerning the supervision of the Money Laundering Act and in the customer contact information listing.
These entities and their annexes may cover data belonging to the following categories:
Basic customer information such as full name, address, language, date of birth
the personal identification number of the person acting on his/her own behalf or on behalf of the company, and possibly the company business ID for reliable identification
billing and collection information
information related to the customer relationship and the contractual relationship, such as the services provided to the Customer, the date of their use, the date and time of purchase and acceptance of the services and other similar information
authorization information and prohibitions, such as direct marketing authorizations and prohibitions
information on Customer interests
other transaction information concerning the services provided
complaints and information on their handling
tenant credit information and other financial information for assessing the ability to pay rent
a copy of the Customer's ID
other information provided by the Customer
information on the Customer's operations, quality and scope of business, financial position, grounds for the use of the transaction or service and information on the origin of funds and other information referred to in section 4 (1) of the Money Laundering Act acquired to know the Customer
Information related to the determination of the origin of funds pursuant to Section 4 (3) of the Money Laundering Act, and information necessary to fulfill the enhanced duty of knowledge related to a politically influential person pursuant to Section 13
in the case of a foreign Customer who does not have a Finnish personal identity number, information on the Customer's citizenship and copy of the travel document
DATA RETENTION PERIOD
All information described above will be retained for ten (10) years from the end of the service / lease / customer relationship.
Data in accordance with the Money Laundering Act shall be retained for five (5) years, unless further retention of such data is necessary to safeguard a criminal investigation, a pending proceeding or the rights of the controller or its employee. The need for further retention of data and documents will then be examined no later than three (3) years after the previous review of the need for retention (Law on the Prevention of Money Laundering and Terrorist Financing, 444/2017, section 4).
Other personal data will be deleted when there is no longer a need to retain personal data. If the collection and storage of personal data has been based solely on the Customer's consent, the personal data will be deleted at the Customer's request.
REGULAR SOURCES OF INFORMATION
Personal data is collected from the data subject himself, among other things, when the data subject uses the data controller's services or plans to use them (for example, when booking an apartment or registering as a Registrar's customer). Personal information may also be collected directly from the registrant himself, for example through contact forms, e-mail inquiries, newsletter subscriptions, customer satisfaction surveys or raffles. Personal data can also be collected and updated from, for example, the population register and other authority registers as well as credit data registers.
DISCLOSURE OF INFORMATION
Access to all data relating to the data subject shall be limited to those persons to whom access to the data contained in the register is necessary for the maintaining purposes of processing the register or for the production of other tasks related to the services provided by the Registrar. The Registrar may disclose personal data to the extent permitted and binding by applicable law and for the purpose of implementing an agreement between the parties or establishing a material connection. Thus, personal data may be disclosed, for example, to the authorities, partners involved in the provision of the service and, in the event of a dispute, to legal assistants.
Data may also be transferred or given outside the European Union or the European Economic Area as permitted by law, provided that contractual arrangements guarantee an adequate level of data protection. Transfers outside the EU can also take place in connection with the use of various cloud services.
Information is provided to the authorities in cases required by law.
In connection with the outsourcing of the controller's information management, the processing of personal data may also take place by the controller's subcontractors, but in that case only on behalf of the controller. Such subcontractors may be, for example, the service providers of the registrar's reservation management system, as well as the parties maintaining the housing sales notification portals and the companies performing customer satisfaction measurements. 2ndhomes Tampere Ltd's subcontractors include Guesty (Privacy Statement is available at https://privacy.guesty.com/), Almamedia (Privacy Statement is available at https://www.almamedia.fi/en/tietosuoja/data-privacy/), Schibsted (Privacy Statement is available at https://info.privacy.schibsted.com/en/) and Wix (Privacy Statement is available at https://www.wix.com/about/privacy).
PRINCIPLES FOR THE PROTECTION OF THE REGISTER
Access to the register requires a user ID issued by the administrator of the Customer Register. The administrator also determines the level of access to be granted to other users. Only those partners, employees and employees of subcontractors of the Registrar shall have access to the information necessary for the performance of their work-related tasks. The information is collected in databases, which are protected by firewalls, passwords and other technical means. Customer information is stored electronically. If personal data containing a personal identity number is transferred from 2ndhomes Tampere Ltd, for example by e-mail, this always requires the permission of the owner of the personal identity number.
1. Checking, obtaining and transmitting data
The customer has the right to check what information about him is stored in the Customer Register. The customer must submit the request for verification to the data controller in a handwritten form in writing or in an equivalent certified document, or by e-mail.
By way of derogation from the above, the Customer is not entitled to inspect information obtained in order to fulfill the notification or reporting obligation provided for in the Money Laundering Act (Section 4: 3 of the Money Laundering Act). However, the Data Protection Officer may, at the Customer's request, verify the lawfulness of the processing of this information.
The Registrar shall provide the above information to the Customer within 30 days of the submission of the inspection request.
The customer has the right to have the customer data about him / her supplied to him / her transferred to a third party in a structured and commonly used machine-readable form. However, the controller will retain the transferred data in accordance with this privacy statement.
2. Correction of incorrect information
The customer has the right to correct the personal data stored in the personal register insofar as they are incorrect.
3. Opposing or restricting the processing of data and deleting data
The customer has the right to object to the processing of personal data for direct advertising, remote marketing and other direct marketing, market and opinion research and the development of the controller's business, and to restrict the processing of personal data already registered for that purpose.
4. Withdrawal of consent
If the information in the register is based on the consent given by the Customer, the consent may be revoked at any time by notifying the representative of the Registrar mentioned in this description. Upon request, all information that is not or cannot be retained pursuant to law or any other basis mentioned in this Privacy Statement will be deleted.
5. Procedure for the exercise of rights
An inspection, correction or other request may be made by contacting the controller with the contact details provided in this leaflet.
The Customer has the right to refer the matter to the Data Protection Officer if the Registrar does not comply with the Customer's request for rectification or other change.
PROFILING AND AUTOMATIC DECISION MAKING
The registrar does not perform profiling on the basis of personal data or use automatic decision-making.