Privacy statements

Privacy statements

Privacy statement of Colliers International Finland Group's customer, prospect, partner and marketing data file

17 May 2018
 
1. Controller
Colliers International Finland Group Oy (business ID 2396296-6)
Ratamestarinkatu 7 B
00520 Helsinki, Finland

2. Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Customer, prospect, partner and marketing data file

4. Purpose of and basis for processing personal data
The processing of personal data is based on the legitimate interest of Colliers International Finland Group Oy and companies in the same group (hereinafter referred to as CIF) (including direct marketing) and the statutory obligation to identify the customer.

The purpose of the processing of personal data is:
• Managing, maintaining, developing, analysing and keeping statistics on relationships with business customers and partners
• Customer communications
• Organising sales and marketing events
• Implementing opinion polls and marketing studies
• Direct marketing and targeting of online advertising
• Planning and developing business and services
• Identifying customer’s users and access management

5. Data content of data file and groups of data subjects
The data file contains the following personal data about the decision-makers and contact persons of customer or partner companies and organisations (including newsletter subscribers, those who have submitted a request for a quote, those who have submitted a contact request, event participants):
• Name
• Contact details: postal address, email address, telephone number
• Company or organisation and position
• Where appropriate, identification data (passport or driving licence no. in agreements, customer identification)
• Direct marketing authorisations and prohibitions
• Electronic service usernames and passwords
• Any other information necessary for the purposes of the data file
• Dietary information (events)
• Customer history (e.g. participation information in events)
• Customer/user and customer experience survey response data
• Call recordings
• Any other information necessary for the purposes of the data file.

The data file contains the following data about the decision-makers and contact persons of potential customer companies and organisations:
• Name, title, company, postal address, email address, telephone number
• Information on the role and status of the data subject in business or public duties
• Direct marketing authorisations and prohibitions

6. Data sources
The data stored in the data file are regularly collected from the data subject via phone, in meetings or in other similar ways. The data file is aggregated upon conclusion of the customer or cooperation agreement with CIF and during the contractual relationship from the data provided by the customer and otherwise obtained during the relationship. Personal data may also be collected and updated from public and private registers.

7. Disclosures and transfers of data and data transfer outside the EU or the EEA
In principle, personal data will not be transferred outside the EU or the EEA.
CIF uses services from external service providers such as for maintaining newsletter address list, customer and partner data, and in the processing of data of event participants. In accordance with the data protection agreement, each service provider processes personal data only to the extent necessary to provide the service.

Companies in the CIF Group process personal data from the data file of their respective customers, partners and prospects.

8. Protection principles and storage periods of data file
The data are stored in CIF’s information systems, which use both technical and programmatic means to ensure data security and to monitor data use. Access to data in the data file is limited to designated persons to the extent required by their duties. CIF ensures the realisation of data protection through data processing contracts with its subcontractors that process personal data. All persons using data in the data file are bound by an obligation of secrecy.

Personal data are stored for as long as is necessary for the purposes of the data. In principle, customer data are stored for two years after the end of the customer and/or contractual relationship or the last interaction (request for quote, order or meeting) (except where legislation requires a longer period of data retention).

Personal data collected on decision-makers and contact persons of potential customer companies and organisations are permanently stored within the limits of the law. CIF assesses the need for data storage on a regular basis, in addition to which CIF provides for reasonable measures to ensure that incompatible, outdated or incorrect personal data in relation to the purpose of processing are not stored on data subjects in the data file.

9. Data subject’s rights and requests
Right of access and right to rectification.
The data subject or the user have the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
Other rights
The data subject has the right to object to the controller processing data concerning him/her for purposes of direct advertising and market and opinion surveys.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

Privacy statement of Colliers International Finland Group’s human resources

16 May 2018

1. Controller
Colliers International Finland Group Oy (business ID 2396296-6)
Ratamestarinkatu 7 B
00520 Helsinki, Finland

2. Contact person and contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Colliers International Finland Group’s human resources data file

4. Purpose of and basis for processing personal data
The purpose of the processing of personal data is the management of administrative, employment and related employer’s obligations and other obligations such as salary payments of Colliers International Finland Group Oy and companies in the same group (hereinafter referred to as CIF), as well as the planning and development of the company's operations with regard to staff considerations.
The processing of personal data is based on a contract and the legitimate interest of CIF, such as a contract of employment between CIF and the data subject, or a training contract. In addition, the processing of personal data is based on the fulfilment of the statutory obligations of CIF (such as the Employment Contracts Act, the Occupational Health and Safety Act).

The personal data contained in the data file are used for the following purposes:

• Planning, managing, administering and monitoring staff salaries and employment, rewards, travel and expense invoice management
• Staff management, working time monitoring/scheduling, resourcing and measuring work
• Fulfilment of the statutory duties and obligations of the employer (taxation and prepayment, social security contributions, sickness benefits, social security benefits, attachment of wages, data submitted to occupational health and safety authorities and employment authorities)
• Organisation of occupational health care and management of occupational safety issues
• Work ability management and monitoring

5. Data content of data file and group of data subjects
The data file contains the following personal data that are necessary for the employee's employment or training relationship:
Person's basic data:
• First and last name
• Contact details (postal address, email address and telephone number)
• Identification data (such as date of birth, personal identity code, personal number)
• Other basic data (such as age and mother tongue)
• Name and contact details of next of kin

Data on human resources management and development:
• Information on target and development discussions and evaluations
• Monitoring information on work ability management relating to the early support model (incl. intervention and work ability memorandum, information on support, reimbursement and pension decisions)
• Information on sick leave and medical certificates as well as other types of absence • Information about membership of a trade union for data subjects whose trade union fees are payable in connection with salary payments
• Information on work task and organisation
• Professional title, work and training history, language skills, special qualifications
• Employment relationship information, as amended
• Information on salary, rewards, employee benefits and credit cards issued, as well as salary transaction details
• Opinions relating to pre-employment and other health checks
• Information on a person's work equipment and devices
• Tax and bank account information
• Working hour monitoring information
• Information relating to working hour and annual leave accounts, pension information
• Information on job satisfaction surveys
• Information about the person's familiarisation
• Information related to occupational accidents
• Information on verbal and written warnings, as well as employment termination information
• Any other data supplied by the data subject

Data related to the execution of work tasks:
• Information related to resourcing and job measurement
• CVs and/or other information relating to work experience and qualifications drawn up for customers

6. Regular sources of data
The source of data stored in the data file is, as a rule, the employee or job applicant him/herself. Other data sources are used within the limits provided by law.

7. Regular disclosures of data
Personal data are regularly disclosed to the following parties:
• Tax administration (data required by the tax administration)
• Trade unions (membership fee settlement)
• Pension insurance companies and institutions (collected pension contributions and data relating to the person's employment relationship)
• Other insurance companies (data on insurance and annual declarations)
• Kela, the Social Insurance Institution of Finland (necessary data relating to absence)
• Occupational health care (data required by statutory occupational health care)
• Enforcement authorities (enforcement settlements)
• Other authorities (for example, data related to wage subsidies)
• Necessary data disclosed to telecom companies and other partners based on a contractual relationship concerning a service
• Customer companies and organisations (in connection with partnership agreements, for certain tasks, data on CVs, work experience, qualifications and suitability, etc.)

CIF uses external service providers for human resource and payroll administration. Service providers process personal data only to the extent necessary to provide the service in connection with a situation such as system maintenance and error rectification.

The employer will disclose information on sick leave to the occupational health service provider for the monitoring and early support of sickness absence.
Companies in the CIF Group process the personal data from the data file of their respective employees and trainees.

8. Transfer of data outside the EU or the EEA
In principle, personal data will not be transferred outside the EU or the EEA.
Companies within the Colliers International Group globally have access to the work email addresses and calendar entries of CIF personnel via the email system. In such cases, personal data are transferred outside the EEA. CIF is responsible for providing the appropriate level of data protection even in such transfers.

9. Protection principles of data file and storage periods of data
Manual materials are stored in locked storage areas. Electronic data are stored in information systems, which use both technical and programmatic means to ensure data security and to monitor the use of data. Access to the data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.

Personal data are stored for as long as is necessary for the purposes of processing the data, taking into account the retention periods provided by legislation, such as the Employment Contracts Act, the Accounting Act and the Act on Prepayment of Tax. CIF has drawn up a separate document on data retention periods.

10. Rights of the data subject
Right of access and right to rectification.
The data subject has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data. The employee will have the opportunity to check and edit his/her data in a limited way through the HR system. Otherwise, requests for verification and rectification must be submitted in person or in writing to the contact person provided in section 2.
Other rights

In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.

Privacy statement of Colliers International Finland Group's information systems user management and log data file

17 May 2018

1. Controller
Colliers International Finland Group Oy (business ID 2396296-6)
Ratamestarinkatu 7 B
00520 Helsinki, Finland

2. Contact person for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Information systems user management and log data file
 
4. Purpose of and basis for processing personal data
The purpose of the processing of personal data is the management of user names and access rights and the user control of the systems and services of Colliers International Finland Group Oy and companies in the same group (hereinafter referred to as CIF), as well as the protection of personal data from unauthorised access, accidental or unlawful data destruction, alteration, disclosure, transfer or any other unlawful processing. Information and communication systems store operational data that are used to control the use of information systems and to investigate and resolve malfunctions or errors in the operation of information and communication systems. In addition, the purpose of processing is to control the use of information systems that contain personal data and other confidential information. The processing of data is based on the legitimate interest of CIF to provide for the control of the use of data in order to ensure good data processing practices.

5. Data content of data file and group of data subjects
Controlling the processing of personal data by means of log data requires the personalisation and identification of users. The data file contains data about authorised users, their identifiers and their access rights. To this end, an access rights system is maintained. Log data store the user's login and communication contact information, including user ID, time and data related to using the service or system.
The user management and log data file entries record data about people with an employment or training relationship, an assignment/service provider relationship or a valid customer relationship with CIF.
The personal data processed to manage access rights include:
• Person's name
• Date of birth
• Personal identity code
• Start and end date of employment
• Job title
• Cost centre
• Office
• User ID

Access rights data are managed for the group's and its subsidiaries' own systems in use, as well as for the service portals utilised in service production.

6. Regular sources of data
Data sources for user management include data obtained from the user and data transferred from CIF's HR system; data are also accumulated from the systems as log data.

7. Data transfer outside the EU or the EEA and regular disclosures of data
Personal data are not regularly disclosed and are not transferred outside the EU or the EEA.
Companies in the CIF Group process personal data from the data file of their respective operations. Log data may also be disclosed to the authority in connection with the detection and disclosure of a serious breach of data security.

8. Protection principles and storage periods of data file
The data are stored in CIF’s information systems, which use both technical and programmatic means to ensure data security and to monitor data use. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.

Access rights data are stored for six months from the end of the employment or assignment relationship.
Log data are stored per system. In the case of a CIF system, log data are stored for up to two years after the data have been generated. For systems in which CIF personnel or an authorised person based on an assignment relationship act as a service user, the maintenance of the log database, data retention and the deletion of log data are the responsibility of the (system) service provider.

9. Rights of the data subject
Right of access and right to rectification.
The data subject or the user have the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data. Such requests must be submitted in writing to the contact person provided in section 2.

Other rights

In accordance with the General Data Protection Regulation (from 25 May 2018), the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.

Privacy statement of Colliers International Finland Group’s recruitment data file

17 May 2018

1. Controller
Colliers International Finland Group Oy (business ID 2396296-6) Ratamestarinkatu 7B 00520 Helsinki, Finland

2. Contact person for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Colliers International Finland Group’s recruitment data file

4. Purpose of and basis for processing personal data
The purpose of the processing of personal data is the recruitment of personnel for Colliers International Finland Group Oy and companies in the same group (hereinafter referred to as CIF). The processing of data is based on an agreement or a legitimate interest of CIF, such as the applicant's application and recruitment process and, in the case of personal and aptitude tests, the applicant's consent.

5. Personal data storage periods
Personal data concerning data subjects are kept in the data file for twelve (12) months from the filing of an application, unless the data subject wishes to extend the application period.

6. Data content of data file
The data file contains the following personal data on the applicant, necessary for the recruitment process and the work task:
• Name, contact details (telephone number, email address, postal address)
• Information related to the job application and CV, such as work experience, education, skills, positions of trust
• Interview and test information
• Any other data supplied by the applicant

7. Regular sources of data
The primary data source for the data stored in the data file is the job applicant him/herself. In addition, the data comprise the data stored in the recruitment process. Other data sources are used within the limits provided by law.

8. Data disclosures and data transfer outside the EU or the EEA
Personal data are not regularly disclosed and are not transferred outside the EU or the EEA.
In implementing the recruitment service, CIF uses an external service provider (LAURA Rekrytointi Oy), which processes the personal data of job applicants only to the extent necessary to carry out system maintenance and error rectification. In addition, CIF uses external service providers in the implementation of personal and aptitude assessments and the recruitment process. In such cases, the service provider processes personal data only to the extent necessary to provide the service. Companies in the CIF Group process the personal data of applicants for the needs of the respective organisation.

9. Protection principles of data file
Manual materials are stored in locked storage areas. Electronic data are stored in information systems, which use both technical and programmatic means to ensure data security and to monitor the use of data. Access to the data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.
10. Rights of the data subject
Right of access and right to rectification.
The data subject has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data. The employee will have the opportunity to check and edit his/her data in a limited way through the HR system. Otherwise, requests for verification and rectification must be submitted in person or in writing to the contact person provided in section 2.
Other rights
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.

Colliers International Finland Oy: privacy statement for security services

12 March 2018

1. Controller
Colliers International Finland Oy (business ID 0420052-8)
Ratamestarinkatu 7 B
00520 Helsinki, Finland

2. Contact person and contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Personal data file for data processed by a security firm

4. Purpose of and basis for processing personal data
Personal data are processed on the basis of law (the Act on Private Security Services Chapter 2, Section 8), for certain security firm duties for which an incident report must be provided. The data file contains the personal data of security guards employed by the company in connection with incident reports they have provided, both in written and electronic format. In addition, the data file may contain data on persons that have been subject to measures by the security guards.

5. Data content of data file and groups of data subjects
The preparation of incident reports and, if necessary, obtaining information from an authority or the claimant, requires identification of the author of the incident report. The incident report contains data of the security guard who provided the report, as well as other employees of Colliers International Finland Oy who were present in the situation, such as the name of security guard and/or employee, contact details, personal identity code, as well as observations and measures taken relating to the incident. The incident report may also indicate the personal data of other persons subject to measures relating to the incident, such as first name, last name, address, personal identity code, as well as the observations and measures taken relating to the incident.

6. Regular sources of data
The data stored in the data file are provided by the security guards who draw up the incident report.

7. Data transfer outside the EU or the EEA and regular disclosures of data
Personal data will not be transferred outside the EU or the EEA.
The client of a security assignment and the supervisory authority have the right to receive a copy of the incident report recorded in the system. If the security guard releases the apprehended person, the incident report must be promptly submitted to the police department of the location at which the incident occurred.

8. Protection principles and storage periods of data file
The data are stored in Colliers International Finland’s information systems, which use both technical and programmatic means to ensure data security and to monitor the use of data. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using the data in the data file are bound by an obligation of secrecy.

Colliers International Finland Ltd must by law retain incident reports for a period of two years after the end of the calendar year of the compilation date, after which incident reports that contain personal data will be destroyed promptly and within one month at the latest.

9. Rights of the data subject
Right of access and right to rectification.
The data subject or the user have the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data. Such requests must be submitted in writing to the contact person provided in section 2.
Other rights
In accordance with the General Data Protection Regulation (from 25 May 2018), the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.

Privacy statement of Colliers International Finland Group’s visitor data file

12 April 2018

1. Controller
Colliers International Finland Group Oy (business ID 2396296-6)
Ratamestarinkatu 7 B
00520 Helsinki, Finland
 
2. Contact person for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Colliers International Finland Group’s visitor data file

4. Purpose of and basis for processing personal data
The processing of personal data is based on the legitimate interest of Colliers International Finland Group Oy and companies in the same group (hereinafter referred to as CIF). The purpose of the visitor data file is to maintain order and safety in premises and parking spaces and to restrict access.

5. Data content of data file and group of data subjects
The data contained in the data file comprise the basic data of parking spaces, access card/key users and visitors.

The data contained in the data file comprise the following:
 a) Name of parking space user
 b) Address of parking space user
 c) Telephone number of parking space user
 d) Personal identity code of parking space user
 e) Email address of parking space user
 f) Bank account number of parking space user
 g) Name of access card/key borrower
 h) Address of access card/key borrower
 i) Telephone number of access card/key borrower
 j) Title/job description of access card/key borrower
 k) Company represented by access card/key borrower
 l) Access card/key issue date
 m) Access card/key return date
 n) Name of visitor
 o) Company represented by visitor
 p) Visitor’s arrival and departure time
 q) Visitor’s host
 r) Visitor’s vehicle registration number

6. Regular sources of data
The data are obtained from the data subject.

7. Data transfer outside the EU or the EEA and data disclosures
Personal data are not regularly disclosed and are not transferred outside the EU or the EEA. However, data may be disclosed to the authorities for the purpose of investigating offences.
Companies in the CIF Group process the personal data from the data file of their respective visitors and service users.

8. Protection principles and storage periods of data file
The data are stored in CIF’s Visitor programme as well as in separate documents. The Visitor programme uses both technical and programmatic means to ensure data security and to monitor the use of data, and the physical documents are locked in archive rooms. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.

CIF stores the data until the visitor card, access identifier/key has been returned, or when the parking space is being used by the data subject and any related fees have been paid or other disputes resolved.

9. Rights of the data subject
Right of access and right to rectification.
The data subject has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data. Such requests must be submitted in writing to the contact person provided in section 2.
Other rights
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.

Privacy statement of Colliers International Finland Group’s rental applicant data file

 
3 May 2018
 
1. Controller
Colliers International Finland Group Oy (business ID 2396296-6)
Ratamestarinkatu 7 B
00520 Helsinki, Finland

2. Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Rental applicant data file

4. Purpose of and basis for processing personal data
Colliers International Finland Group Oy and companies in the same group (hereinafter referred to as CIF) collect and store personal data of rental applicants to conduct a rented housing search and a residential rights litigation process.

The processing of data is based on the legitimate interest of CIF to enable it to provide a rental search service to clients and rental applicants.

5. Data content of data file and group of data subjects
The data file contains data about the rental applicant and any other persons who will reside with the applicant. The data file contains the following personal data:
On the rental applicant and, by choice, on the co-applicant
• Basic data: first and last name, nationality, domicile
• Identification data: personal identity code
• Contact details: email, telephone number, postal address and preferred contact method
• Employment data
• Pregnancy certificate and estimated date of birth
• Information relating to the application: o Type of application (new application/change of housing)
o Type of housing sought and other information (e.g. municipality, district, type of house, need for housing)
o Information on current housing
o Reason for applying for housing
o Any other necessary information provided by the applicant him/herself
• Information relating to arava (state-subsidised)/interest-subsidised applicationso Information on income and assets

6. Data sources
The data in the data file are obtained from the data subject.

7. Data transfer outside the EU or the EEA and data disclosures and transfers
CIF will disclose the personal data of the rental applicant to the landlord when the rental agreement has been concluded.

CIF uses an external service provider, Talokeskus, for the collection and management of personal data, in which case the service provider will process the data only to the extent necessary for the service’s system maintenance and error rectification.
Companies in the CIF Group (Colliers International Finland Oy, Colliers Isännöinti Oy, Realprojekti Oy) process personal data from the data file of their respective rental properties.
Personal data will not be transferred outside the EU or the EEA.

8. Protection principles and storage periods of data file
The data are stored in CIF’s information systems, which use both technical and programmatic means to ensure data security and to monitor data use. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy. CIF ensures the realisation of data protection through data processing contracts with its subcontractors that process personal data.

The rental application is valid for three months after filing. CIF will retain rental application data in accordance with legislation; for example, the Brokerage Act provides that a rental application be retained for five years from the end of the assignment. In addition, CIF complies with the rules and guidelines for retention periods relating to arava (state-subsidised) and interest-subsidised housing.

9. Data subject’s rights and requests
Right of access and right to rectification.
The data subject or the user have the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
Other rights
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

Privacy statement of Colliers International Finland Oy’s brokerage service data file

4 May 2018

1. Controller
Colliers International Finland Oy (business ID 0420052-8)
Ratamestarinkatu 7 B
00520 Helsinki, Finland

2. Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Tel. +358 20 130 2545

3. Name of data file
Colliers International Finland Oy’s brokerage service data file

4. Purpose of and basis for processing personal data
The purpose of the data file is to ensure operations in accordance with the Authorised Real Estate Agency licence.

The processing of personal data in the data file is based on the Brokerage Act and the Authorised Real Estate Agency licence for brokerage services.

5. Data content of data file and group of data subjects
The data contained in the data file comprise the data required to carry out a brokerage service assignment. The groups of data subjects are:
• The client, i.e. the commissioner, or their representative and/or contact person
• The responsible persons of the assignment recipient, i.e. the service provider
• Representatives of the contracting party
• The responsible persons of the contracting party, where different from the above-mentioned representatives

The data contained in the data file comprise the data required to carry out a brokerage service assignment.
a) Name of customer
b) Address of customer
c) Assignment number
d) Content of assignment
e) Date of receipt and period of validity of assignment
f) Date of contract
g) Names of contracting parties
h) Object of contract
i) Sales price or amount of rent
j) Commission

6. Data sources
The data are obtained from the data subject in the context of the assignment (client data) and, when the contract is concluded, from the contracting parties (contractual data).

7. Data transfer outside the EU or the EEA and data disclosures and transfers
Personal data will not be transferred outside the EU or the EEA. Personal data will be disclosed to an authority at their request, such as the Regional State Administrative Agency, for the verification of compliance with legislation and the licences of brokerage agency operations.

8. Protection principles and storage periods of data file
The data are stored in customer-specific assignment journals of Colliers International Finland Oy. Both technical and programmatic means are used in the storage of assignment journals to ensure data security and to monitor the use of data. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.
Colliers International Finland Oy will retain the data for five years after assignment expiry in accordance with the Brokerage Act. In addition, Colliers International Finland Oy will comply with the rules and guidelines for retention periods relating to arava (state-subsidised) and interest-subsidised housing.

9. Data subject’s rights and requests
Right of access and right to rectification.
The data subject has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
Other rights
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subjects must be submitted in writing to the contact person provided in section 2.