YIT Corporation (business ID 0112650-2) and other companies in YIT Group
Contact information of the head office:
P.O. Box 36, Panuntie 11
00621 Helsinki
Finland
Tel. +358 020 433 111
YIT Corporation is responsible for processing of personal data at group level for the purposes and on the legal basis defined in this policy, e.g. group level marketing and sales; financial and other administration and business management; customer relationship management; and analysis and development of products, services, customer relationship and businesses.
Each company in YIT Group is responsible for processing of personal data for its own purposes on the legal basis defined in this policy, e.g. for the performance of a contract or the management of the customer relationship with the data subject. For such purposes, it can process personal data which has been collected for the same purposes by other companies in the group.
You can always contact us by filling this form or by email to privacy@yit.fi.
You can also contact our local service points in each country of YIT´s operations:
GDPR contact person:
Victoria Berg, lawyer (int.)
ext-victoria.berg@yit.fi
Tel. +358 40 049 2494
Person in charge of the register matters:
Johanna Lehto, Development Manager
P.O. Box 36, Panuntie 11
00621 Helsinki
Finland
Johanna.Lehto@yit.fi
Puh.+358 40 849 8386
The legal basis for processing personal data of consumer customers´ (i.e. data subjects) are:
Personal data are processed for following purposes:
The Controller processes personal data of its prospective, current, and former customers. Following categories of personal data are processed for the purposes described above:
National identity numbers are processed only for purposes permitted by law when it is important to identify the data subject for example in the sale or rental of apartments; granting of credit, or debt collection.
Only basic data and marketing data as defined above are processed for the purposes of direct marketing.
Personal data are collected directly from the data subject when the data subject is registering or using a service; sending request for contact or information or filling in a form; purchasing or ordering, contracting, participating events, otherwise interacting with the Controller personally, by phone or digitally. Personal data can also be collected and updated from census, vehicle and other public authorities, credit information registers, postal operators, public telephone directories, direct marketing and other data brokers, and other similar public and private registers.
Controller may disclose personal data to other companies, whose products or services the Controller markets and sells to the data subjects for example to landlords and providers of housing services.
Data will not be disclosed to other external parties except when it is necessary to comply with the legal or contractual obligations of the Controller.
Controller may outsource ICT, marketing, communication and other functions to third party suppliers, vendors, or other sub-contractors. In such case the Controller may transfer personal data to these sub-contractors to the extent necessary for the provision of their services. These sub-contractors will process personal data on behalf of the Controller and must comply with the Controller´s instructions and this privacy policy. Controller will ensure through contractual measures that the personal data is processed in compliance with the legislation.
Personal data will not be regularly transferred outside the European Union or the European Economic Area. However, if any transfer outside the EU or EEA is necessary, the Controller will ensure that the country to which the data is transferred is approved as having a sufficient level of privacy protection by the European Commission, or by using standard contractual clauses approved by the European Commission.
Access to personal data will be permitted only to persons who need to process data as a part of their employment or other duties. Digital data is protected by firewalls, passwords and other technical means. All data is kept in locked premises secured with physical access control.
After the customer relationship personal data will be retained until contractual as well as legal rights and obligations have been fulfilled and to the end of retention and liability periods based on for example Housing Transactions Act, Consumer Protection Act and Accounting Act.
After the customer relationship the Controller may keep anonymized data as well as the above described basic data (excluding national identity number) and marketing data of the data subject for direct marketing purposes.
Data subjects have the right to know what kind of personal data has been collected and processed by the Controller. Upon the data subject´s request, we will rectify, remove or supplement any incorrect, unnecessary, incomplete or outdated personal data.
Data subjects are entitled to prohibit the use of the data for direct advertising, telemarketing and other forms of direct marketing, as well as to prohibit the use of the data for use in questionnaires and market research.
Data subjects may also withdraw consents they have given, object to or restrict processing of their data in cases defined by law, and the right to complain to the supervisory authority.
The requests can be submitted to contact persons defined in section 2 above. The Controller may need to ask additional information to confirm the identity of the data subject.