Privacy Statement

Regulation (EU) 2016/679 of the European Parliament and of the Council on data protection

1. Name of the Register

Customer and Marketing Register

2. Data Controller

Riihimäen Tilat ja Kehitys Oy
Business ID: 0348794-2
Kaartokatu 2, 11110 RIIHIMÄKI
Phone: +358 44 775 0572

3. Contact Person for Register Matters

Kirsi Akola, Finance and Office Assistant
Riihimäen Tilat ja Kehitys Oy
Phone: +358 44 775 0572
Email: kirsi.akola@riihimaki.fi

4. Data Protection Officer

Samuel Koivisto, CEO
Riihimäen Tilat ja Kehitys Oy
Phone: +358 40 841 0700
Email: samuel.koivisto@riihimaki.fi

5. Data Content of the Register

For consumer customers: name, address, personal identity number, phone number, and email address.
For corporate customers: contact person’s name, company represented, position in the company, email address, and phone number.
Lease agreement details: property information, rental period, rent amount, and other contract terms.

6. Purpose of the Register

Personal data is collected for managing customer relationships and communication.

7. Regular Sources of Data

Data is collected:

• Directly from the individual with their consent, orally, in writing, via email, or phone.
• From official registers within legal limits (e.g., ytj.fi) and public sources such as company websites.

8. Legal Basis for Processing

Processing is based on Article 6(1) of the EU General Data Protection Regulation (EU 2016/679):
a) The data subject has given consent for one or more specific purposes.
b) Processing is necessary for the performance of a contract or for pre-contractual measures at the request of the data subject.

The legal basis depends on the case and may be a contractual relationship with the company and the execution of that contract.

9. Regular Disclosures of Data

Data may be disclosed to authorities within the limits and obligations of applicable legislation.
Data may be transferred to third parties only when they act on behalf of the data controller, such as a debt collection agency.

10. Transfer of Data Outside the EU or EEA

Data is not regularly transferred outside the company.
Information systems and technologies used for processing are located within the EU.

11. Data Retention Period

Data is retained only as long as the customer relationship is active or as required by applicable legislation for the purpose of the register.

12. Automated Decision-Making

Data is not used for automated decision-making or profiling.

13. Rights of the Data Subject

The data subject has the right to inspect what personal data has been stored.
A written and signed request must be sent to the contact person listed above.

The data subject has the right to request correction or deletion of incorrect or outdated data, or transfer of data to another system.
They also have the right to restrict or object to processing under Articles 18 and 21 of the GDPR.

The data subject may withdraw previously given consent and file a complaint with the supervisory authority regarding data processing.

The data subject also has the right to prohibit the use of their data for direct marketing purposes.