Icon RE Oy (business ID 2716238-4)
Icon has appointed a Data Protection officer who can be contacted by e-mail at: email@example.com.
Processing of personal data
Icon processes the following personal data of its customers and website users who submit their contact details through the http://www.satamakatu4.fi website:
Basic information of the data subject: your name, surname, postal address, e-mail address, phone number, preferred way of communication
Marketing data: marketing efforts performed; preferences and interests e.g. related to types of housing, apartments, and features, residential areas and locations; size of household, type of housing; number of apartments owned by the data subject; other interests and information provided by the data subject; marketing permissions and consents (opt-in), restrictions and bans (opt-out);
Customer history: term of customer relationship and the way of creation and termination of the relationship; data of product or service contracts, purchase orders, suspensions and cancellations, and deliveries; customer feed-back and claims, recorded customer service calls; responses to customer and market surveys and research; other interactions; data of invoicing, payment, debt collection, and creditworthiness;
National identity numbers are processed only for purposes permitted by law when it is important to identify the data subject for example in the sale or rental of apartments, granting of credit, or debt collection. Only basic data and marketing data as defined above are processed for the purposes of direct marketing.
Icon collects personal data regarding their customers as well as the users who submit their contact details through the http://www.satamakatu4.fi website for the purposes of marketing. The legal basis for Icon’s processing of personal data are:
1 Execution of contracts
Fulfilment of requests of the data subject prior to entering into a contract, e.g. requests for information or quotation, newsletter subscriptions or purchase orders. The purpose of personal data processing is to collect, process and verify personal data before concluding a product and service agreement and to document and carry out contractual obligations.
2 Legitimate interest of the controller or a third party
Icon processes personal data in order to carry out marketing, product and customer analyses. Data collected in this connection is used, for example, in product and service development.
3 Consent of the data subject
Icon requests the consent of the data subject to the transmission of electronic direct marketing. You may withdraw your consent at any time.
Sources of Information
Personal data is mainly collected from data subjects themselves when the data subject is using the website; sending request for contact or information or filling in a form; contracting or otherwise interacting with the Controller digitally. Personal data can also be collected from public registers maintained by the authorities, such as the Population Register Centre, execution authorities and the Post, as well as tax administration registers, business register and registers of supervisory authorities.
Social media plug-ins
Facebook. Our website contains plug-ins to Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). Facebook plug-ins may be recognised with the Facebook logo or the ‘Like’-button on our site. In order to view the Facebook plug-ins, see https://developers.facebook.com/docs/plugins/.
If you do not want Facebook to associate your visit to our site with your Facebook account, log out from your Facebook account. Please notice that even if you are not logged in to your Facebook account or even if you do not have a Facebook account, data may be transferred to Facebook when you visit our website.
Instagram. Our website contains functions of Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). If you are logged to your Instagram account, you may click on the Instagram button to combine the content of our website with your Instagram profile. This means that Instagram can associate your visits to our website with your user account. As the provider of this website, we explicitly note that we do not receive any information of the content of the transmitted data and the use thereof by Instagram. Instagram is the data controller of the data transferred to Instagram from our website as a result of clicking the Instagram icon.
Google maps. Our website uses the Google Maps service to facilitate the location of places indicated by us on the website. In order to use Google Maps, information about you, including the IP address is saved and transferred to Google’s (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) server in the USA where it will be stored. We use the Google Maps in order to make the site more attractive and to facilitate the location of places indicated by us on the website. Therefore it is our legitimate reason to able Google collect your data. More information on processing your personal data by Google can be found at https://safety.google/privacy/.
You may prevent the transfer of the data generated by cookies concerning the use of the site (including your IP address) to Google and to have the data processes by Google when you download and install a plug to the browser available at: https://tools.google.com/dlpage/gaoptout?hl=en.
Transfer and disclosure of personal data
Personal data may be transferred outside the European Union or the European Economic Area. However, if any transfer outside the EU or EEA is necessary, the Controller will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual clauses approved by the European Commission.
Access to personal data will be permitted only to persons who need to process data as a part of their employment or other duties. Digital data is protected by firewalls, passwords and other technical means. All data is kept in locked premises secured with physical access control.
After the customer relationship personal data will be retained until contractual as well as legal rights and obligations have been fulfilled and to the end of retention and liability periods based on for example Housing Transactions Act, Consumer Protection Act and Accounting Act.
After the customer relationship the Controller may keep anonymized data as well as the above described basic data (excluding national identity number) and marketing data of the data subject for direct marketing purposes.
Rights of the data subject
Right of access. You have the right to know what kind of personal data has been collected and processed by Icon. Upon a request you are entitled to receive a copy of the personal data being processed.
Right to require rectification, erasure or restriction of processing. You have the right to have any data on the register rectified or deleted if such data is contrary to the purpose of the register, incorrect, superfluous, incomplete or outdated. You also have the right to require Icon to restrict the processing of your personal data, for example if you are waiting for a response to a request from Icon for the rectification or deletion of such data.
Right to object to the processing of personal data. You may have the right to object to the profiling and other processing activities to which we are subjecting your personal data. Upon the objection we shall no longer process the personal data unless the grounds for data processing are based on the legitimate interests of Icon which override the interests, rights and freedoms of the data subject. If the personal data is processed for direct marketing, you have the right to object to the processing without any specific grounds, after which we will no longer process the data for purposes of direct marketing.
Right to withdraw consent given. If personal data is processed on the basis of your consent, you have the right to withdraw such consent by notifying Icon thereof.
Right to data portability. You have the right to receive your personal data you have provided to Icon and the processing of which is automated and based on an execution of a contract or on your consent, in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller (where technically possible).
Right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with a supervisory authority, if we have not complied with the applicable data protection regulation. The complaint shall be lodged to the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement of data protection regulation. In Finland, the supervisory authority is the Data Protection Ombudsman.
Exercising your rights