Skip to main content Skip to footer

Privacy statements

Privacy statements


 

01 Privacy statement of Colliers Finland Group’s customer, prospect, partner and marketing data file
02 Privacy statement of Colliers Finland Group’s information systems user management and log data file
03 Privacy statement of Colliers Finland Group’s recruitment data file
04 Privacy statement of Colliers Finland Oy’s security services
05 Privacy statement of Colliers Finland Group’s visitor data file
06 Privacy statement of Colliers Finland Group’s rental applicant data file
07 Privacy statement of Colliers Finland Oy’s Brokerage Service Data File

 

01 Privacy statement of Colliers Finland Group’s customer, prospect, partner and marketing data file

17 September 2021

1 Controller
Colliers Finland Group Oy
Business ID 2396296-6
Ratamestarinkatu 7 B 
00520 Helsinki

2 Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Puh. +358 201 302 545

3 Name of data file
Customer, prospect, partner and marketing data file

4 Purpose of and basis for processing personal data
The processing of personal data is based on the legitimate interest of Colliers Finland Group Oy and companies in the same group (hereinafter referred to as Colliers) (including direct marketing) and the statutory obligation to identify the customer.
The purpose of the processing of personal data is:
• Managing, maintaining, developing, analysing and keeping statistics on relationships with business customers and partners
• Customer communications
• Organising sales and marketing events
• Implementing opinion polls and marketing studies
• Customer satisfaction surveys
• Direct marketing and targeting of online advertising
• Planning and developing business and services
• Identifying customer’s users and access management

5 Data content of data file and groups of data subjects
The data file contains the following personal data about the decision makers and contact persons of customer or partner companies and organisations (including newsletter subscribers, those who have submitted a request for a quote, those who have submitted a contact request, event participants):
• Name
• Contact details: postal address, email address, telephone number
• Company or organisation and position
• Where appropriate, identification data (personal identification number, passport or driving licence no. in agreements, customer identification)
• Direct marketing authorisations and prohibitions
• Electronic service usernames and passwords
• Any other information necessary for the purposes of the data file
• Dietary information (events)
• Customer history (e.g. participation information in events)
• Customer/user and customer experience survey response data
• Call recordings
• Any other information necessary for the purposes of the data file.

The data file contains the following data about the decision makers and contact persons of potential customer companies and organisations:
• Name, title, company, postal address, email address, telephone number
• Information on the role and status of the data subject in business or public duties
• Direct marketing authorisations and prohibitions

6 Data sources
The data stored in the data file is regularly collected from the data subject via phone, in meetings or in other similar ways. The data file is aggregated upon conclusion of the customer or cooperation agreement with Colliers and during the contractual relationship from the data provided by the customer and otherwise obtained during the relationship. Personal data may also be collected and updated from public and private registers.

7 Disclosures and transfers of data and data transfer outside the EU or the EEA 
As a general rule, personal data will not be transferred outside the EU or the EEA, except to a limited extent in the United Kingdom.
Colliers uses services from external service providers such as for maintaining newsletter address list, customer and partner data, and in the processing of data of event participants. In accordance with the data protection agreement, each service provider processes personal data only to the extent necessary to provide the service.

8 Protection principles and storage periods of data file
The data is stored in Colliers’ information systems, which use both technical and programmatic means to ensure data security and to monitor data use. Access to data in the data file is limited to designated persons to the extent required by their duties. Colliers ensures the realisation of data protection through data processing contracts with its subcontractors that process personal data. All persons using data in the data file are bound by an obligation of secrecy.
Personal data is stored for as long as is necessary for the purposes of the data. In principle, customer data is stored for two years after the end of the customer and/or contractual relationship or the last interaction (request for quote, order or meeting) (except where legislation requires a longer period of data retention).
Personal data collected on decision makers and contact persons of potential customer companies and organisations is permanently stored within the limits of the law. Colliers assesses the need for data storage on a regular basis, in addition to which Colliers provides for reasonable measures to ensure that incompatible, outdated or incorrect personal data in relation to the purpose of processing is not stored on data subjects in the data file.

9 Data subject’s rights and requests
The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
The data subject has the right to object to the controller processing data concerning him/her for purposes of direct advertising and market and opinion surveys.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

 

02 Privacy statement of Colliers Finland Group’s information systems user management and log data file

17 September 2021

1 Controller
Colliers Finland Group Oy
Business ID 2396296-6
Ratamestarinkatu 7 B 
00520 Helsinki

2 Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Puh. +358 201 302 545

3 Name of data file
Information systems user management and log data file

4 Purpose of and basis for processing personal data
The purpose of the processing of personal data is the management of user names and access rights and the user control of the systems and services of Colliers Finland Group Oy and companies in the same group (hereinafter referred to as Colliers), as well as the protection of personal data from unauthorised access, accidental or unlawful data destruction, alteration, disclosure, transfer or any other unlawful processing. 
Information and communication systems store operational data that is used to control the use of information systems and to investigate and resolve malfunctions or errors in the operation of information and communication systems. In addition, the purpose of processing is to control the use of information systems that contain personal data and other confidential information. The processing of data is based on the legitimate interest of Colliers to provide for the control of the use of data in order to ensure good data processing practices.

5 Data content of data file and groups of data subjects
Controlling the processing of personal data by means of log data requires the personalisation and identification of users. The data file contains data about authorised users, their identifiers and their access rights. To this end, an access rights system is maintained. Log data store the user's login and communication contact information, including user ID, time and data related to using the service or system.
The user management and log data file entries record data about people with an employment or training relationship, an assignment/service provider relationship or a valid customer relationship with Colliers.
The personal data processed to manage access rights include:
• Name
• Date of birth
• Personal identity code
• Start and end date of employment
• Job title
• Cost centre
• Office
• User ID
Access rights data is managed for the Colliers’ own systems in use, as well as for the service portals utilised in service production.

6 Data sources
Data sources for user management include data obtained from the user and data transferred from Colliers' HR system; data is also accumulated from the systems as log data.

7 Disclosures and transfers of data and data transfer outside the EU or the EEA 
As a general rule, personal data will not be transferred outside the EU or the EEA, except in the United Kingdom.
Colliers process personal data from the data file of its respective operations. Log data may also be disclosed to the authority in connection with the detection and disclosure of a serious breach of data security.

8 Protection principles and storage periods of data file
The data is stored in Colliers’ information systems, which use both technical and programmatic means to ensure data security and to monitor data use. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.
Access rights data is stored for six months from the end of the employment or assignment relationship.
Log data is stored per system. In the case of a Colliers’ system, log data is stored for up to two years after the data has been generated. For systems in which Colliers personnel or an authorised person based on an assignment relationship act as a service user, the maintenance of the log database, data retention and the deletion of log data are the responsibility of the (system) service provider.

9 Data subject’s rights and requests
The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

 

03 Privacy statement of Colliers Finland Group’s recruitment data file

17 September 2021

1 Controller
Colliers Finland Group Oy
Business ID 2396296-6
Ratamestarinkatu 7 B 
00520 Helsinki

2 Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Puh. +358 201 302 545

3 Name of data file
Recruitment data file

4 Purpose of and basis for processing personal data
The purpose of the processing of personal data is the recruitment of personnel for Colliers  Finland Group Oy and companies in the same group (hereinafter referred to as Colliers). The processing of data is based on an agreement or a legitimate interest of Colliers, such as the applicant's application and recruitment process and, in the case of personal and aptitude tests, the applicant's consent.

5 Personal data storage periods
Personal data concerning data subjects are kept in the data file for twelve (12) months from the filing of an application, unless the data subject wishes to extend the application period.

6 Data content of data file
The data file contains the following personal data on the applicant, necessary for the recruitment process and the work task:
• Name, contact details (telephone number, email address, postal address)
• Information related to the job application and CV, such as work experience, education, skills, positions of trust
• Interview and test information
• Any other data supplied by the applicant

7 Regular sources of data
The primary data source for the data stored in the data file is the job applicant him/herself. In addition, the data comprise the data stored in the recruitment process. Other data sources are used within the limits provided by law.

8 Disclosures and transfers of data and data transfer outside the EU or the EEA 
As a general rule, personal data will not be transferred outside the EU or the EEA, except in the United Kingdom.
In implementing the recruitment service, Colliers uses an external service provider (SmartRecruiters), which processes the personal data of job applicants only to the extent necessary to carry out system maintenance and error rectification. In addition, Colliers uses external service providers in the implementation of personal and aptitude assessments and the recruitment process. In such cases, the service provider processes personal data only to the extent necessary to provide the service.

9 Protection principles and storage periods of data file
Manual materials are stored in locked storage areas. Electronic data are stored in information systems, which use both technical and programmatic means to ensure data security and to monitor the use of data. Access to the data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.

10 Rights of the data subject
The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

 

04 Privacy statement of Colliers Finland Oy’s security services

17 September 2021

1 Controller
Colliers Finland Oy
Business ID 0420052-8
Ratamestarinkatu 7 B 
00520 Helsinki

2 Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Puh. +358 201 302 545

3 Name of data file
Register of personal data processed in the security services

4 Purpose of and basis for processing personal data
Personal data is processed on the basis of law (the Act on Private Security Services Chapter 2, Section 8), for certain security firm duties for which an incident report must be provided. The data file contains the personal data of security guards employed by the controller in connection with incident reports they have provided, both in written and electronic format. In addition, the data file may contain data on persons that have been subject to measures by the security guards.

5 Data content of data file and groups of data subjects
The preparation of incident reports and, if necessary, obtaining information from an authority or the claimant, requires identification of the author of the incident report. The incident report contains data of the security guard who provided the report, as well as other employees of Colliers Finland Oy who were present in the situation, such as the name of security guard and/or employee, contact details, personal identity code, as well as observations and measures taken relating to the incident. The incident report may also indicate the personal data of other persons subject to measures relating to the incident, such as first name, last name, address, personal identity code, as well as the observations and measures taken relating to the incident.

6 Regular sources of data
The data stored in the data file are provided by the security guards who draw up the incident report.

7 Disclosures and transfers of data and data transfer outside the EU or the EEA 
As a general rule, personal data will not be transferred outside the EU or the EEA.
The client of a security assignment and the supervisory authority have the right to receive a copy of the incident report recorded in the system. If the security guard releases the apprehended person, the incident report must be promptly submitted to the police department of the location at which the incident occurred.

8 Protection principles and storage periods of data file
The data are stored in the controller’s information systems, which use both technical and programmatic means to ensure data security and to monitor the use of data. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using the data in the data file are bound by an obligation of secrecy.
The controller must by law retain incident reports for a period of two years after the end of the calendar year of the compilation date, after which incident reports that contain personal data will be destroyed promptly and within one month at the latest.

9 Rights of the data subject
The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

 

05 Privacy statement of Colliers Finland Group’s visitor data file

17 September 2021

1 Controller
Colliers Finland Group Oy
Business ID 2396296-6
Ratamestarinkatu 7 B 
00520 Helsinki

2 Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Puh. +358 201 302 545

3 Name of data file
Visitor Data File

4 Purpose of and basis for processing personal data
The processing of personal data is based on the legitimate interest of Colliers Finland Group Oy and companies in the same group (hereinafter referred to as Colliers). The purpose of the visitor data file is to maintain order and safety in premises and parking spaces and to restrict access.

5 Data content of data file and groups of data subjects
The data contained in the data file comprise the basic data of parking spaces, access card/key users and visitors. 
The data contained in the data file comprise the following:
a) Name of parking space user
b) Address of parking space user
c) Telephone number of parking space user
d) Personal identity code of parking space user
e) Email address of parking space user
f) Bank account number of parking space user
g) Name of access card/key borrower
h) Address of access card/key borrower
i) Telephone number of access card/key borrower
j) Title/job description of access card/key borrower
k) Company represented by access card/key borrower
l) Access card/key issue date
m) Access card/key return date
n) Name of visitor
o) Company represented by visitor
p) Visitor’s arrival and departure time
q) Visitor’s host
r) Visitor’s vehicle registration number

6 Regular sources of data
The data is obtained from the data subject.

7 Data transfer outside the EU or the EEA and data disclosures
Personal data are not regularly disclosed and are not transferred outside the EU or the EEA. However, data may be disclosed to the authorities for the purpose of investigating offences.
Companies in the Colliers Group process the personal data from the data file of their respective visitors and service users.

8 Protection principles and storage periods of data file
The data are stored in Collier’s Visitor programme as well as in separate documents. The Visitor programme uses both technical and programmatic means to ensure data security and to monitor the use of data, and the physical documents are locked in archive rooms. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.
Colliers stores the data until the visitor card, access identifier/key has been returned, or when the parking space is being used by the data subject and any related fees have been paid or other disputes resolved.

9 Data subject’s rights and requests
The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

 

06 Privacy statement of Colliers Finland Group’s rental applicant data file

17 September 2021

1 Controller
Colliers Finland Group Oy
Business ID 2396296-6
Ratamestarinkatu 7 B 
00520 Helsinki

2 Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Puh. +358 201 302 545

3 Name of data file
Information systems user management and log data file

4 Purpose of and basis for processing personal data
Colliers Finland Group Oy and companies in the same group (hereinafter referred to as Colliers), collect and store personal data of rental applicants to conduct a rented housing search and a residential rights litigation process.
The processing of data is based on the legitimate interest of Colliers to enable it to provide a rental search service to clients and rental applicants.

5 Data content of data file and groups of data subjects
The data file contains data about the rental applicant and any other persons who will reside with the applicant. The data file contains the following personal data:
• Basic data: first and last name, nationality, domicile
• Identification data: personal identity code
• Contact details: email, telephone number, postal address and preferred contact method
• Employment data
• Pregnancy certificate and estimated date of birth
• Information relating to the application:
• Type of application (new application/change of housing)
• Type of housing sought and other information (e.g. municipality, district, type of house, need for housing)
• Information on current housing
• Reason for applying for housing
• Any other necessary information provided by the applicant him/herself
• Information relating to arava (state-subsidised)/interest-subsidised applications
• Information on income and assets production.

6 Data sources
The data in the data file is obtained from the data subject.

7 Disclosures and transfers of data and data transfer outside the EU or the EEA 
As a general rule, personal data will not be transferred outside the EU or the EEA, except to a limited extent in the United Kingdom.
Colliers will disclose the personal data of the rental applicant to the landlord when the rental agreement has been concluded.
Colliers uses an external service provider, Visma Tampuuri Oy, for the collection and management of personal data, in which case the service provider will process the data only to the extent necessary for the service’s system maintenance and error rectification.

8 Protection principles and storage periods of data file
The data is stored in Colliers’ information systems, which use both technical and programmatic means to ensure data security and to monitor data use. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy. Colliers ensures the realisation of data protection through data processing contracts with its subcontractors that process personal data.
The rental application is valid for three months after filing. Colliers will retain rental application data in accordance with legislation; for example, the Brokerage Act provides that a rental application be retained for five years from the end of the assignment. In addition, Colliers complies with the rules and guidelines for retention periods relating to arava (state-subsidised) and interest-subsidised housing.

9 Data subject’s rights and requests
The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.

 

07 Privacy statement of Colliers Finland Oy’s Brokerage Service Data File

17 September 2021

1 Controller
Colliers Finland Oy
Business ID 0420052-8
Ratamestarinkatu 7 B 
00520 Helsinki

2 Contact details for data file issues
Hille Amnell
hille.amnell@colliers.com
Puh. +358 201 302 545

3 Name of data file
Colliers Finland Oy’s brokerage service data file

4 Purpose of and basis for processing personal data
The purpose of the register is to ensure the operation in accordance with the laws concerning real estate brokerage.

5 Data content of data file and groups of data subjects
The data contained in the data file comprise the data required to carry out a brokerage service assignment. The groups of data subjects are:
• The client, i.e. the commissioner, or their representative and/or contact person
• The responsible persons of the assignment recipient, i.e. the service provider
• Representatives of the contracting party
• The responsible persons of the contracting party, where different from the above-mentioned representatives

The data contained in the data file comprise the data required to carry out a brokerage service assignment.
a) Name of customer
b) Address of customer
c) Assignment number
d) Content of assignment
e) Date of receipt and period of validity of assignment
f) Date of contract
g) Names of contracting parties
h) Object of contract
i) Sales price or amount of rent
j) Commission

6 Regular sources of data

The data are obtained from the data subject in the context of the assignment (client data) and, when the contract is concluded, from the contracting parties (contractual data).

7 Disclosures and transfers of data and data transfer outside the EU or the EEA 
Personal data will not be transferred outside the EU or the EEA. Personal data will be disclosed to an authority at their request, such as the Regional State Administrative Agency, for the verification of compliance with legislation and the licences of brokerage agency operations.

8 Protection principles and storage periods of data file
The data are stored in customer-specific assignment journals of Colliers Finland Oy. Both technical and programmatic means are used in the storage of assignment journals to ensure data security and to monitor the use of data. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.
Colliers Finland Oy will retain the data for five years after assignment expiry in accordance with the Brokerage Act. In addition, Colliers Finland Oy will comply with the rules and guidelines for retention periods relating to arava (state-subsidised) and interest-subsidised housing.

9 Rights of the data subject
The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.