Icon RE Oy Privacy Policy

This Privacy Policy discusses the principles according to which Icon RE Oy (“Icon”, “we” or “Controller”) store and process personal data. This Privacy Policy details the personal data we collect about our customers and website users, how we process said personal data, and how you as a data subject can exercise your rights related to your personal data.


Icon RE Oy (business ID 2716238-4)
Melkonkatu 28D
00210 Helsinki

Contact person

Icon has appointed a Data Protection officer who can be contacted by e-mail at: iod.iconre@outsourcing24.pl.

Processing of personal data

Icon processes the following personal data of its customers and website users who submit their contact details through the http://www.satamakatu4.fi website:
Basic information of the data subject: your name, surname, postal address, e-mail address, phone number, preferred way of communication

Marketing data: marketing efforts performed; preferences and interests e.g. related to types of housing, apartments, and features, residential areas and locations; size of household, type of housing; number of apartments owned by the data subject; other interests and information provided by the data subject; marketing permissions and consents (opt-in), restrictions and bans (opt-out);

Customer history: term of customer relationship and the way of creation and termination of the relationship; data of product or service contracts, purchase orders, suspensions and cancellations, and deliveries; customer feed-back and claims, recorded customer service calls; responses to customer and market surveys and research; other interactions; data of invoicing, payment, debt collection, and creditworthiness;
National identity numbers are processed only for purposes permitted by law when it is important to identify the data subject for example in the sale or rental of apartments, granting of credit, or debt collection. Only basic data and marketing data as defined above are processed for the purposes of direct marketing.
Icon collects personal data regarding their customers as well as the users who submit their contact details through the http://www.satamakatu4.fi website for the purposes of marketing. The legal basis for Icon’s processing of personal data are:
1 Execution of contracts
Fulfilment of requests of the data subject prior to entering into a contract, e.g. requests for information or quotation, newsletter subscriptions or purchase orders. The purpose of personal data processing is to collect, process and verify personal data before concluding a product and service agreement and to document and carry out contractual obligations.
2 Legitimate interest of the controller or a third party
Icon processes personal data in order to carry out marketing, product and customer analyses. Data collected in this connection is used, for example, in product and service development.
3 Consent of the data subject
Icon requests the consent of the data subject to the transmission of electronic direct marketing. You may withdraw your consent at any time.

Sources of Information

Personal data is mainly collected from data subjects themselves when the data subject is using the website; sending request for contact or information or filling in a form; contracting or otherwise interacting with the Controller digitally. Personal data can also be collected from public registers maintained by the authorities, such as the Population Register Centre, execution authorities and the Post, as well as tax administration registers, business register and registers of supervisory authorities.

Social media plug-ins

Facebook. Our website contains plug-ins to Facebook (Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA). Facebook plug-ins may be recognised with the Facebook logo or the ‘Like’-button on our site. In order to view the Facebook plug-ins, see https://developers.facebook.com/docs/plugins/.

When you visit our site, Facebook may receive information on the visited sites from your IP address. When you click on the ‘Like’-button when you are logged to your Facebook account, you may combine the content of our website with your Facebook profile. As a result, Facebook can associate your visits to our site with your user account. You should remember that as the operator of this site we act as a controller only to the extent of the data transfer to Facebook and we have no knowledge on how Facebook uses the data. For more information about the legal basis for processing the data, what information is collected, for what purposes the data is used and what are your rights and possibilities in order to protect your privacy, see Facebook privacy policy at https://www.facebook.com/about/privacy/.

If you do not want Facebook to associate your visit to our site with your Facebook account, log out from your Facebook account. Please notice that even if you are not logged in to your Facebook account or even if you do not have a Facebook account, data may be transferred to Facebook when you visit our website.

Instagram. Our website contains functions of Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA). If you are logged to your Instagram account, you may click on the Instagram button to combine the content of our website with your Instagram profile. This means that Instagram can associate your visits to our website with your user account. As the provider of this website, we explicitly note that we do not receive any information of the content of the transmitted data and the use thereof by Instagram. Instagram is the data controller of the data transferred to Instagram from our website as a result of clicking the Instagram icon.

If you do not want Instagram to associate your visit to our site with your Instagram account, log out from your Instagram account. Please notice that even if you are not logged in to your Instagram account, data may be transferred to Instagram when you visit our website. For more information, view Instagram privacy policy at: https://instagram.com/about/legal/privacy/.

Google maps. Our website uses the Google Maps service to facilitate the location of places indicated by us on the website. In order to use Google Maps, information about you, including the IP address is saved and transferred to Google’s (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) server in the USA where it will be stored. We use the Google Maps in order to make the site more attractive and to facilitate the location of places indicated by us on the website. Therefore it is our legitimate reason to able Google collect your data. More information on processing your personal data by Google can be found at https://safety.google/privacy/.

Analytics service

Our website uses Google Analytics – an analysis of viewing of websites. Google Analytics uses cookies that are stored on the computer and support an analysis of your using the site. The information generated by the cookies about your use of our website is generally transmitted to a server of Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) in the USA and stored there. You can prevent the storage of the cookies by selecting appropriate settings in your browser. We wish to stress that this may mean that you will not be able to enjoy full functionalities of our website.

You may prevent the transfer of the data generated by cookies concerning the use of the site (including your IP address) to Google and to have the data processes by Google when you download and install a plug to the browser available at: https://tools.google.com/dlpage/gaoptout?hl=en.

Transfer and disclosure of personal data

We may outsource ICT, marketing, communication and other functions to third party suppliers, vendors, or other sub-contractors. In such case Icon may transfer personal data to these sub-contractors to the extent necessary for the provision of their services. These sub-contractors will process personal data on behalf of the Controller and must comply with the Controller´s instructions and this privacy policy. Controller will ensure through contractual measures that the personal data is processed in compliance with the legislation.

Personal data may be transferred outside the European Union or the European Economic Area. However, if any transfer outside the EU or EEA is necessary, the Controller will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual clauses approved by the European Commission.

Data protection

Access to personal data will be permitted only to persons who need to process data as a part of their employment or other duties. Digital data is protected by firewalls, passwords and other technical means. All data is kept in locked premises secured with physical access control.

Data retention

After the customer relationship personal data will be retained until contractual as well as legal rights and obligations have been fulfilled and to the end of retention and liability periods based on for example Housing Transactions Act, Consumer Protection Act and Accounting Act.
After the customer relationship the Controller may keep anonymized data as well as the above described basic data (excluding national identity number) and marketing data of the data subject for direct marketing purposes.

Rights of the data subject

Right of access. You have the right to know what kind of personal data has been collected and processed by Icon. Upon a request you are entitled to receive a copy of the personal data being processed.

Right to require rectification, erasure or restriction of processing. You have the right to have any data on the register rectified or deleted if such data is contrary to the purpose of the register, incorrect, superfluous, incomplete or outdated. You also have the right to require Icon to restrict the processing of your personal data, for example if you are waiting for a response to a request from Icon for the rectification or deletion of such data.

Right to object to the processing of personal data. You may have the right to object to the profiling and other processing activities to which we are subjecting your personal data. Upon the objection we shall no longer process the personal data unless the grounds for data processing are based on the legitimate interests of Icon which override the interests, rights and freedoms of the data subject. If the personal data is processed for direct marketing, you have the right to object to the processing without any specific grounds, after which we will no longer process the data for purposes of direct marketing.

Right to withdraw consent given. If personal data is processed on the basis of your consent, you have the right to withdraw such consent by notifying Icon thereof.

Right to data portability. You have the right to receive your personal data you have provided to Icon and the processing of which is automated and based on an execution of a contract or on your consent, in a structured, commonly used and machine-readable format and have the right to transmit the data to another controller (where technically possible).

Right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with a supervisory authority, if we have not complied with the applicable data protection regulation. The complaint shall be lodged to the supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement of data protection regulation. In Finland, the supervisory authority is the Data Protection Ombudsman.

Exercising your rights

You can exercise your above-mentioned rights or ask any questions relating to this privacy policy by contacting our data protection officer by email at iod.iconre@outsourcing24.pl or by mail at e.biuro@iconre.pl. We may need to ask additional information to confirm the identity of the data subject.