Skip to content
EKE-Rakennus Oy, rakentamisen moniosaaja

Data protection policy

1. Data controller

EKE-Rakennus Oy, Business ID: 2321457-0
Piispanportti 11, 02240 Espoo
Other contact information (e.g. phone number during office hours, email address)

2. Contact person for matters regarding the register

Hannu Niemi
Piispanportti 11, 02240 Espoo
Other contact information (e.g. phone number during office hours, email address), tel. +358 9 613 03450

3. Register name

Client and marketing register

4. Purpose of the processing of personal data

Personal data is processed for purposes relating to management, administration and development of the client relationship; providing, selling and delivering services and products; developing, analysing and producing statistics on services and products; and invoicing. Personal data is also processed in relation to registering reservations and sales and drawing up deeds of sale. Personal data is also processed for the purposes of investigation of any complaints and other claims. 

Personal data is processed in communications aimed at clients, such as bulletins and newsletters. Furthermore, personal data is processed for marketing, market research and organising marketing competitions by the controller and other companies in the same group, as a part of which, personal data is also processed for purposes relating to direct marketing and electronic direct marketing. The client has the right to prohibit any direct marketing aimed at them.

5. Legal bases for processing

The legal bases for the processing of personal data are: 

(a) the data subject has given consent to the processing of their personal data for one or more specific purposes; 

(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

(c) processing is necessary for the purposes of realising the legitimate interests pursued by the controller or by a third party.

Such legitimate interest is based on there being a relevant and appropriate relationship between the data subject and the controller as the data subject is a client or potential client of the controller, and when the data subject could reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.

6. Data content of the register

In general, the register contains the following personal data for all data subjects:

(a) Basic information and contact information for the individual: such as first name, last name, address, phone number, email address. 

(b) Details of the individual’s interests.

(c) Information relating to the individual’s company or other organisation, and their position or job title in the company or organisation, as well as a scan of their business card.

(d) Email correspondence with the individual and minutes of phone calls.

(e) Data collected through website cookies, including but not limited to data about the device used by the data subject, such as device type, browser, IP address and other device data. You can familiarise yourself with the details of our use of cookies on the Cookiebot statement on the website.

(f) Data collected via social media channels (Facebook, LinkedIn, Instagram). 

(g) Potential other data collected with the consent of the data subject.

The data in the register is not processed with automated decision-making means.

The controller will always notify the individual of the collection of the data and whether providing their data is obligatory. As you are a client of the controller and/or the primary contact of the company you represent, not providing data may influence the client relationship between the controller and you and/or the client relationship between the controller and the company you represent.

7. Regular sources of data

Personal data is collected from the data subject themselves.

Data may be collected via our website, emails, text messages or other electronic and written forms, or in person.

8. Regular recipients of data

Personal data is disclosed to other companies in the EKE Group for financial administration, shared systems, and reporting purposes. 

When processing personal data, the controller uses subcontractors, i.e. personal data processors, who process personal data for and on behalf of the controller. These subcontractors include but are not limited to personal data processors used for the implementation of ICT services. 

The controller users the following personal data processors:

Furthermore, personal data is transferred to the EKE Group’s parent company, EKE-Finance Oy, when it offers financial administration and access control services to the controller in the position of personal data processor.

9. Transfer of data outside the EU and EEA

In general, data is not transferred outside the EU or EEA.

If personal data is transferred to or stored on a server outside the EU/EEA for processing by the Controller or on its partner for processing on the Controller’s behalf, we will ensure that the appropriate protective measures are taken as required by the EU’s General Data Protection Regulation (GDPR) and the Finnish Data Protection Act.

10. Storage periods for personal data

Personal data collected for managing the client relationship is stored for the duration of the client relationship. 

Furthermore, personal data is stored for the following periods:

(a) Personal data relating to management of the client relationship is stored for ten (10) years following the end of the client relationship. 

(b) Material relating to accounting is stored for six (6) or ten (10) years following the current year in accordance with the Finnish Accounting Act (1336/1997). 

(c) The data of clients who purchase an apartment is stored for 10 years.

The controller assesses whether storing the data is necessary on a regular basis. Furthermore, the controller carries out all possible reasonable measures to ensure that, regarding processing purposes, inaccurate, incorrect or outdated personal data is removed or rectified immediately.

11. Principles for protection of the register

Manual material
Personal data is stored in locked premises to which access is restricted.

Data processed in data systems
Personal data stored electronically is protected with firewalls, passwords and other technical means. Access rights to the data are restricted, and are protected with usernames and passwords.

12. Data subjects’ rights

Data subjects have the rights set out below:

Requests to exercise the data subject’s rights should be addressed to the aforementioned contact person for the controller.

The controller may supplement this data protection policy by publishing a new version on its website. Clarifications to the data protection policy shall be valid from the date of publication.