YIT Corporation (business ID 0112650-2) and other companies in YIT Group
Contact information of the head office:
P.O. Box 36, Panuntie 11
00621 Helsinki
Finland
Tel. +358 020 433 111
YIT Corporation is responsible for processing of personal data at group level for the purposes and on the legal basis defined in this policy, e.g. group level marketing and sales; sourcing, financial and other administration and business management; customer and supplier relationship management; and analysis and development of products, services, customer and supplier relationships and businesses.
Each company in YIT Group is responsible for processing of personal data for its own purposes on the legal basis defined in this policy, e.g. for the performance of a contract or the management of the customer or supplier relationship. For such purposes, it can process personal data which has been collected for the same purposes by other companies in the group.
You can always contact us by filing this form or by email to privacy@yit.fi.
You can also contact our local service points in each country of YIT´s operations:
GDPR contact person:
Victoria Berg, lawyer (int.)
ext-victoria.berg@yit.fi
Tel. +358 40 049 2494
Person in charge of the register matters:
Victoria Berg, lawyer (int.)
ext-victoria.berg@yit.fi
Tel. +358 40 049 2494
The legal basis for processing personal data are:
Personal data are processed for following purposes:
The Controller processes personal data of the contact persons of its prospective, current, and former business customers, suppliers and business partners. Following categories of personal data are processed for the purposes described above:
Only basic data and marketing data as defined above are processed for the purposes of direct marketing to the contact persons of prospective or former customers.
5 Regular Sources of Information
Personal data are collected directly from the data subject when the data subject is registering or using a web site or other service; sending request for contact or information or filling in a form; purchasing or ordering, contracting, participating events, otherwise interacting with the Controller personally, by phone or digitally. Personal data can also be collected and updated from the websites of the Companies, public and private company and business registers, public authorities, postal operators, public telephone directories, direct marketing and other data brokers, and other similar public and private registers.
Controller may disclose personal data to other companies, whose products or services the Controller markets and sells to the customers for example to landlords of business premises and providers of services related to the premises.
Data will not be disclosed to other external parties except when it is necessary to comply with the legal or contractual obligations of the Controller.
Controller may outsource ICT, marketing, communication and other functions to third party suppliers, vendors, or other sub-contractors. In such case the Controller may transfer personal data to these sub-contractors to the extent necessary for the provision of their services. These sub-contractors will process personal data on behalf of the Controller and must comply with the Controller´s instructions and this privacy policy. Controller will ensure through contractual measures that the personal data is processed in compliance with the legislation.
Personal data will not be regularly transferred outside the European Union or the European Economic Area. However, if any transfer outside the EU or EEA is necessary, the Controller will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual clauses approved by the European Commission.
Access to personal data will be permitted only to persons who need to process data as a part of their employment or other duties. Digital data is protected by firewalls, passwords and other technical means. All data is kept in locked premises secured with physical access control.
Personal data will be retained as long as it is necessary for the purposes. After the relationship between the Controller and the Company has ended or after the Controller gets informed that the data subject no longer is a contact person of the Company, the personal data will be deleted with following exceptions:
Data subjects have the right to know what kind of personal data has been collected and processed by the Controller. Upon the data subject´s request, we will rectify, remove or supplement any incorrect, unnecessary, incomplete or outdated personal data.
Data subjects are entitled to prohibit the use of the data for direct advertising, telemarketing and other forms of direct marketing, as well as to prohibit the use of the data for use in questionnaires and market research.
Data subjects may also withdraw consents they have given, object to or restrict processing of their data in cases defined by law, and the right to complain to the supervisory authority.
The requests can be submitted to contact persons defined in section 2 above. The Controller may need to ask additional information to confirm the identity of the data subject.