Date 9th January 2024
Sponda Ltd (business ID: 0866692-3)
Yrjönkatu 29 C, P.O. box 940, FI-00101 Helsinki
tel. +358 (0)20 43131
2. Contact details for register matters
Yrjönkatu 29 C, P.O. box 940, FI-00101 Helsinki
tel. +358 (0)20 43131
3. Name of the register
4. Purpose and legal basis of the processing of personal data
Personal data is processed for the purpose of sending announcements, press releases and marketing messages from the controller and/or its group companies.
Personal data can also be processed in connection with the controller’s direct marketing, opinion and market surveys or other comparable addressed mail, including electronic direct marketing. Personal data may also be processed in order to create classifications, categories or profiles, and to create targeted marketing that is more interesting to the data subject.
The legal basis for the processing of personal data is an agreement with the controller, the controller’s legitimate interest and/or the data subject’s consent. In cases where the legal basis for the processing is a legitimate interest, the interest refers to the controller’s needs to market its products and services effectively and develop its services.
Processing tasks can be outsourced to external service providers, in accordance with and within the limits set by data protection law.
5. Data content of the register
The following data of data subjects can be saved:
- Personal information and contact details: first name, last name, e-mail address, gender, address, postal code, telephone number age/year of birth, language, profession and/or title.
- Information related to the order and feedback: newspaper subscription type, particular areas of interest, customer feedback, contacts and responses to competitions, and classification data related to facilities searches
- Information related to the device and connection: device identifier, operating system IP address and cookies
- Information related to the use of services: for example, browsing and search data
- Other data that is collected with the data subject’s consent, if any.
6. Storage period of personal data
The data stored in the register may be stored for as long as necessary for the original purpose of the collection and processing, or for as long as required by the law and regulations.
7. Regular sources of data
The data subject and the data that is generated when the data subject uses the services. Other sources of data are tenants, the property owner and/or the representatives of these. Other possible sources of data are publicly-available or commercial external databases of decision-makers and enterprises.
8. Regular disclosure of data and recipient categories
Data may be disclosed between the group companies of the controller. Data may be disclosed in connection with the sale, transfer or other disposal of a site or business. Data may be disclosed to competent authorities, for example, in order to identify misuse.
9. Transfer of data outside the EU or the EEA
Personal data may be transferred outside the European Union or the European Economic Area in accordance with and within the limits of data protection law.
The controller, the controller’s subcontractors or partners may use companies that are located outside the EU or the EEA to assist in the processing of personal data, or they may use workforce or other resources that are located outside the EU or the EEA for processing personal data. It is also possible that a co-operation partner selected by the controller to which the controller decides to transfer data is located outside the European Union or the European Economic Area, for example, in the United States. The legislation of non-EU/EEA countries does not necessarily provide the same level of protection for personal data as the European Union. However, the controller tries to ensure the protection of personal data in these cases by using the safeguards required under data protection law, such as the standard contractual clauses of the European Commission.
10. Protection principles of the register
Any manual materials are stored in a locked room that only authorized persons can access.
The register is stored in electronic form, appropriately protected from outsiders with the help of firewalls and other technical measures. Only designated employees of the controller and representatives of partners have the right to process the data stored in the register.
The aim of the measures described above is to safeguard the confidentiality, availability and integrity of the personal data stored in the register and to permit the exercise of the data subject’s rights.
11. Automatic decision-making
Personal data is not used for automatic decision-making that would have legal or other similar effects on data subjects.
12. Right to object to the processing of one’s personal data
Where the ground for the processing of personal data is the legitimate interest of the controller, the data subject has the right to object to the profiling or other processing of any personal data relating to their particular situation.
13. Right to object to direct marketing
The data subject may give their consent or refusal to direct marketing to the controller channel-specifically, and the content or refusal also covers profiling for direct marketing purposes.
14. Other rights of the data subject related to the processing of personal data
Right of access to personal data
Right to request rectification or erasure of personal data or restriction of processing
The data subject must, without undue delay and after noticing or becoming aware of the mistake, rectify, erase or complement any data in the register that violates the purpose of the register, is incorrect, unnecessary, in-complete or outdated, if the data subject can do this him- or herself.
In addition, the data subject has the right to request the controller to restrict the processing of their personal data, for example, while the data subject is waiting for the controller’s response to the rectification or erasure request.
Right to move data between systems
Insofar as the data subject has submitted data to the register that is processed on the basis of the data subject’s consent, the data subject has the right to receive such data in a form that is readable by a computer and to move them to another controller’s system.
Right to lodge a complaint with a supervisory authority
The data subject has the right to lodge a complaint with a competent supervisory authority if the controller has not complied with applicable data protection regulations in its operations.
The data subject should contact the controller if they have any questions concerning the processing of personal data and the exercise of their rights. The data subject may exercise this right by sending a request to the controller via e-mail to firstname.lastname@example.org or by mail to Sponda Ltd, Yrjönkatu 29 C, P.O. Box 940, FI-00101 Helsinki.