Privacy Policy
Euroopan Unionin yleisen tietosuoja-asetuksen (2016/679/EU) ja tietosuojalain (1050/2018) mukainen yhdistetty tietosuojaseloste ja informointiasiakirja.
A combined privacy policy and document providing information in accordance with the European Union’s General Data Protection Regulation (2016/679/EU) and the Data Protection Act (1050/2018).
A combined privacy policy and document providing information in accordance with the European Union’s General Data Protection Regulation (2016/679/EU) and the Data Protection Act (1050/2018).
We thank all our valued Metsätilat network customers and website visitors for your interest in us. In order to implement the service, we need some information on you. We process this data in the same way as we process our own data: we want to be worthy of your confidence. In this privacy policy, we strive to explain with the greatest possible openness and transparency how we process your data. Take your time to read the document and do not hesitate to contact us if you have any questions.
1. Controller’s contact information
Metsätilat.fi Palvelut Oy
Kiikanojantie 23, 38300 Sastamala
Business ID 3097457-8
2. Person managing the register
Harri Huupponen
+358 (0)44 555 0481
harri.huupponen@metsatilat.fi
3. Data subjects
- Website users, including those who bid on the objects offered for sale;
- contracting parties in property sales transactions;
- customers of the Metsätilat network;
- subscribers of alert emails;
- subscribers of the Metsätilat newsletter.
4. Legal basis and purposes of the processing of personal data
The personal data of the website users and Metsätilat network customers is processed for the purpose of responding to them when they contact us.
The personal data of users bidding on the objects on sale is processed for the purpose of processing their bids as part of the bidding process.
The personal data of the contracting parties in property sales transactions is processed for the purpose of drawing up the agreement documents and retaining them as required by legislation.
The personal data of subscribers of alert emails and the Metsätilat newsletter is processed for the purpose of sending them the newsletters and emails to which they have subscribed.
Customer register data may therefore be used for the following main purposes:
- Managing and developing customer relationships;
- service production, offering, development, improvement and protection;
- invoicing, collection and verification of customer transactions;
- targeting of advertising;
- analyses and statistics related to services;
- customer communication, marketing and advertising;
- protecting and safeguarding the rights and/or property of the controller and other
- individuals and parties related to the services;
- meeting the controller’s statutory obligations.
Therefore, the processing of personal data may be based on consent given by the data subject regarding one or more special purposes of the processing of personal data, the fulfilment of an agreement, our legitimate interest, legislation or regulations issued by authorities.
Personal data may also be used for direct marketing and market analyses. Personal data is used for direct marketing and market analyses only if you give your explicit consent for this purpose.
5. Data to be stored in the register
The following data types may be registered and processed in connection with the register:
- First and last name;
- contact details (postal addresses, phone numbers, email addresses);
- personal identity code;
- nationality;
- language;
- when representing a corporation, data concerning the data subject’s employer and title or their duties in the corporation;
- information related to the assignment given by the data subject to an estate agent and information related to carrying out the assignment, such as the date of receiving the assignment and validity period;
- assignment content and terms and conditions;
- information concerning the object in question;
- information related to carrying out the assignment;
- information on the transaction related to the assignment, such as the names of the contracting parties, the object of the agreement, transaction price, commission and other agreement terms and conditions;
- information concerning the client funds of the estate agent;
- other data related to customer relationships;
- complaints, feedback and other communication related to customer relationships;
- marketing measures related to data subjects, the information provided in connection with such measures and the data subject’s permission, other consent or prohibition related to marketing measures;
- consent and prohibitions related to direct marketing;
- change information related to the information referred to above and
- IP addresses (of website users).
6. Categories of personal data
The general categories of personal data are the customers giving assignments (including sellers and buyers), buyers and other customers. In the operations of the estate agents belonging to the Metsätilat.fi estate agent chain, no special categories of personal data are processed, which means the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
7. Disclosure and transfer of data
As a rule, data is not disclosed for marketing purposes outside the Metsätilat network.
Selected data may be disclosed for the purpose of targeted marketing campaigns of a third party that are ordered by the controller. The ownership of data is not transferred from the controller to a third party and third parties have no right to use the data for purposes outside the scope of the assignment.
We have verified that all our service providers comply with data protection legislation.
- Motley Agency Oy (website);
- Trustmary (customer experiences)
- HotJar (user surveys)
- Google Analytics (analytics)
- Cookiebot by Usercentrics (cookie management)
- SendGrid (email communication)
- Leadoo (chat)
- Microsoft (information services)
We disclose the personal data collected by us to parties who are related to the transaction process. Personal data may also be disclosed to the banks of the transaction parties, for example, in the deed of sale. In property transactions, personal data is disclosed to the notary when the deal is concluded. Personal data is also disclosed to the bidding customer in the document for registering title to property, which includes the personal data of the property owners.
We do not disclose the personal data, identifiers or other identification data of personal or corporate customers to any private individuals or legal persons other than those referred to in the previous paragraph. We disclose personal or corporate data to authorities only if ordered to do so by a court or if legislation otherwise so requires or if an authority has initiated a preliminary or equivalent investigation concerning a person or legal person or if an authority dealing with the matter orders that personal or corporate data must be disclosed.
Identification data and other personal data may be used for the prevention, exposure and investigation of money laundering and terrorist financing and for submitting for investigation money laundering and terrorist financing and the crime through which the assets or criminal benefit related to money laundering or terrorist financing was obtained.
8. Transferring personal data outside the EU
When possible, we have selected secure server centres located in Europe for the storage of your data.
Some of the service providers referred to above may take backups of data outside the EU/EEA in the USA. Backups of data are made in order to ensure that your data is safe even if the primary servers malfunction.
9. Duration of the processing of personal data
As a rule, personal data is processed for as long as the agreement or consent for which we need the data is valid.
Any data submitted using the free-form message forms available on this website is erased six (6) months from their submission. We erase any unnecessary personal data from our customer and marketing registers every six (6) months.
The personal data of subscribers of alert emails and the Metsätilat newsletter is retained until further notice and until they unsubscribe from the email list.
The data of bidders and the parties to property transactions are retained for five (5) years from the end of the bidding period or the date of concluding the transaction so that any questions related to the bidding and agreement process can be answered and any unclear issues may be resolved even after the process has ended. After this, personal data is erased from the customer register.
10. Your rights
You have the following rights, which you can exercise by submitting a request to the address harri.huupponen@metsatilat.fi
10.1 Right to access
You have the right to access the personal data we store concerning you. If you notice any inaccurate data or deficiencies in data, you can request that we correct or supplement the data so that it is accurate.
As a rule, requests are implemented free of charge. If your requests are manifestly unfounded or unreasonable, for example, in case of repeated requests, we may charge a reasonable fee, while taking into account the administrative costs incurred as a result of providing the data.
You have no right to access special data obtained in order to fulfil the reporting and investigation duties referred to in the act on preventing money laundering.
As a security measure, we usually provide data subjects with the data registered concerning them only in our office, where we identify the data subject. When necessary, we may provide data subjects with their personal data included in the register otherwise in writing. In this case, the prerequisite is a written request signed by the data subject and addressed to the person responsible for the customer registers at the address referred to above.
10.2 Right to object
Under certain conditions, you have the right to object to the processing of personal data.
If the processing of personal data is based on the carrying out of our legitimate interest or a legitimate interest of a third party, the performance of a task carried out in the public interest or the exercise of official authority vested in the controller, you have the right to object to the processing of personal data concerning you on grounds relating to your particular situation. If you exercise your right to object, personal data may no longer be processed unless we are able to demonstrate compelling legitimate grounds for the processing or if processing is necessary for the establishment, exercise or defence of legal claims.
In addition, you have the right to object at any time to the processing of your personal data for purposes related to direct marketing, including any profiling related to direct marketing. If you object to the processing of personal data for direct marketing purposes, data may no longer be processed for the purpose of direct marketing. We never sell or otherwise disclose your personal data to other parties in order for such parties to target direct marketing at you. We purchase online advertising, for example, from Facebook and Google. However, these companies never obtain your personal data and such advertising is not direct marketing, but it is based on cookies. Please see the section on cookies.
10.3 Right to rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you.
10.4 Right to erasure
You have the right to obtain from us the erasure of personal data concerning you without undue delay if the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed, or if you withdraw your consent on which the processing is based and there is no other legal ground for the processing, or you object to the processing and there are no legitimate grounds for the processing, or you object to the processing for purposes related to direct marketing, or the personal data has been unlawfully processed, or the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
If you disagree with our decision, you have the right to lodge a complaint with the data protection authority (instructions for lodging a complaints).
If you disagree with our decision, you have the right to lodge a complaint with the Data Protection Ombudsman (instructions for lodging a complaint). You also have the right to obtain from us restriction of the processing of the disputed data until the matter is resolved.
10.5 Right to restriction of processing
You have the right to obtain from us restriction of active processing of personal data if you contest the accuracy of the personal data, in which case processing must be restricted for a period enabling us to verify the accuracy of the personal data, or if the processing is unlawful and you request the restriction of the use of the data instead of its erasure, or if we no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims, or if you have objected to the processing of personal data and the verification whether our legitimate grounds override those of the data subject is pending.
We still have the right to retain personal data, but no right to otherwise process the data without your consent. We may also process the data for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will notify you before the restriction of processing is lifted.
10.6 Right to data portability
You have the right to transmit your personal data from our register of personal data to another system specified by you. A prerequisite for exercising this right is that the transfer is technically feasible and can be implemented in a reasonable manner and that our rights that are based on an agreement do not prevent the transfer.
10.7 Right to withdraw consent
Under certain conditions, you have the right to withdraw at any time your consent for the registering and processing of personal data. If we process your personal data based on your consent, and the processing of personal data in accordance with your consent is not required for the fulfilment of an assignment or other work to be delivered to you, and the personal data is not required to be retained pursuant to legislation or regulations issued by authorities, we erase the personal data registered on the basis of your consent at your request.
10.8 Right to lodge a complaints
You have the right to lodge a complaint with the data protection authority if you feel that we violate the data protection legislation in force at the given time when we process your personal data (instructions for lodging complaints).
11. Principles for register protection
The safe processing of your personal data is important to us. We use the following safeguards to ensure your data is safe:
- A user ID and password must be entered in order to access the system. The system is also protected with firewalls and other technical means;
- The register data stored in the system can only be accessed and used by specific pre-appointed employees of the controller;
- the use of the register is protected with user-specific IDs, passwords and access rights;
- the register is located on a computer that is in a data centre on a server the unauthorised use of which is prevented;
- the register data is located in locked and guarded premises.
Backups are taken of the register on a regular basis.
12. Cookies
This page uses cookies, which can be accepted or blocked by using the Cookiebot function. The website sends to the browser a cookie – a small text file that is saved on the computer’s hard disk. Both temporary session cookies and persistent cookies are used. Session cookies expire when you close your Internet browser, whereas persistent cookies are saved on your computer’s hard disk. Cookies allow us to identify your browser and use the information we obtain, for example, for counting the number of browsers visiting our website and for analysing the use of our website, such as for statistics monitoring. They also provide us with the possibility to review and monitor the interests of our users, which helps us develop our website. All gathered information is anonymous, and no online activities can be linked to any individuals on the basis of it. Most Internet browsers accept cookies automatically, but you can modify your browser settings and disable cookies at any time. You can avoid cookies by modifying your browser settings and by prohibiting their use.
Advertising cookies help us select advertisements that are the most appropriate and interesting to you. They also prevent the same advertisements from being displayed. Some third-party suppliers may also use cookies or pixel tags (1-pixel image file), to ensure that you are shown interesting advertisements when you visit various websites. The data collected with cookies and pixel tags does not provide us or third parties with any personal data, such as your name or contact details. Advertisers that act as third parties may also use technology that measures the effectiveness of advertisements. For this purpose, they may use tags (GIF files of one pixel) that are placed on our website in order to collect anonymous data. When advertisers obtain anonymous data on user visits on this website and other sites, they can design advertisements for products and services that might be of interest to the users.
Further information on the targeting of advertising is available on the Your Online Choices website.
13. User tracking
We use Leadoo’s user tracking to monitor how our users navigate our website and we combine this data with the user data that is gathered, for example, through chat interaction. Leadoo uses etag tracking, which differs from cookie-based tracking and combines information from multiple user sessions. Check the privacy policy of Leadoo Marketing Technologies Oy to learn in more detail what the system tracks. In terms of GDPR, we act as the controller, while Leadoo is the data processor. If you do not want to be tracked, you can empty your browser’s cache. More information on Leadoo’s activities is available on the website of Leadoo Marketing Technologies Oy.