Privacy Statement

This Privacy Policy describes how Accomfy Oy processes customer personal data. Privacy is important to us, and we are committed to protecting our customers' privacy by complying with applicable laws, such as the EU General Data Protection Regulation (GDPR).

  1. Data Controller

Accomfy Oy

Business ID 3468943-2

c/o Kontrollipiste Oy, Maria Jotunin tie 11, 00400 Helsinki, Finland

customer.service@accomfy.com

  1. Contact Information for Privacy Matters

Accomfy Oy / Privacy Matters

Business ID 3468943-2

c/o Kontrollipiste Oy, Maria Jotunin tie 11, 00400 Helsinki, Finland

customer.service@accomfy.com

  1. Name and Content of the Register

Accomfy’s Customer Register

  1. Legal Basis for Data Processing

Where the customer register contains personal data, processing is conducted in accordance with data protection laws and other applicable regulations, directives, and guidelines related to personal data. Personal data refers to information that can be linked to a specific individual. This privacy policy provides details on the collection, processing, and disclosure of personal data, as well as the rights of the customer as the data subject.

The purpose of collecting personal data is to facilitate contractual, customer, or other similar relationships. The purpose of the customer register is to manage the controller’s contractual or customer relationship with the customer (e.g., tenant, landlord, or property owner). The controller may also collect data to determine potential customer interests, establish future customer relationships, offer services, or for marketing purposes.

We process personal data (such as contact information and identifiers like date of birth or personal identification number) for preparing and fulfilling customer contracts, including invoicing. We may also process credit rating information with consent to ensure smooth invoicing.

As part of providing services, we process personal data based on our legitimate interest to maintain customer relationships and provide customer service, as well as to investigate misuse or faults (e.g., log data, access logs for code locks, communications).

Data in the customer register may be used for the following primary purposes:

– managing and developing the customer relationship

– producing, providing, improving, and securing services

– billing, collection, and verification of customer transactions

– targeted advertising

– analyzing and statistical reporting on services

– customer communication, marketing, and advertising

– protecting and securing the rights and/or property of the controller and others related to the services

– fulfilling the legal obligations of the controller

– other similar uses.

Where processing is based on a legitimate interest, the controller has assessed that it does not conflict with the basic rights or freedoms of the customer.

  1. Data Processed
  • Basic customer information and contact details, such as full name, address, email address, phone number, language
  • Identification number and, where applicable, business ID, for reliable identification, billing, and credit checks
  • Credit information and financial details of tenants for assessing rental payment capability
  • Billing and collection details
  • Information related to customer relationships, such as services provided and service dates
  • Receipts, invoices, and other payment information
  • Interests and other information provided by the customer
  • Other service-related transaction data
  • Complaints and handling information

Our website uses cookies to collect information on website usage. More information can be found in our cookie policy.

  1. Sources of Information

Personal data is primarily collected directly from the customer during contacts or while using the services. Personal data may also be collected and updated from public records or credit agencies.

  1. Data Retention

Personal data is retained for as long as necessary to fulfill the purpose of processing, for legal requirements, or until we receive a deletion request. Retention duration depends on contractual obligations, statutory requirements (e.g., accommodation and accounting laws), withdrawal of consent, and the necessity of data for providing or securing services. Data may be retained beyond these limits in exceptional cases, such as by legal or regulatory requirements or due to a legal claim. After that, data is either deleted or anonymized so that no individual can be identified.

Data collected via cookies is retained as described in the cookie consent mechanism and cookie policy.

  1. Disclosure of Data

The controller may disclose personal data to the extent permitted or required by law and to fulfill agreements (e.g., tenancy agreement) or as required by a relevant connection. For example, data may be shared with property management or maintenance companies for resident registration or repairs. The controller may also disclose personal data if involved in legal proceedings. Landlords or their representatives may share tenant information with credit contacts and/or guarantors included in the rental agreement.

Certain service providers and partners used in marketing and service development may use personal data for their own purposes. For example, third-party links, plugins, and applications may appear on our website. We also use subcontractors and external service providers (e.g., for property cleaning, maintenance, customer service) with access only to the extent required to deliver agreed-upon services.

If we sell or otherwise restructure our business, customer personal data may be disclosed to buyers and their advisors. We may also share data with selected partners to collect receivables or defend legal claims.

Data is generally not transferred outside the European Union or European Economic Area. However, data may be transferred outside the EU/EEA if the data is transferred to a country deemed by the European Commission to have an adequate level of protection, or if contractual arrangements guarantee an adequate level of protection. Temporary transfer outside the EU may also occur when using cloud services, such as OneDrive, iCloud, Google Drive, or Dropbox.

  1. Data Protection Principles

The register is protected technically and organizationally. We use security measures according to Article 32 of the GDPR, such as pseudonymization and encryption, to ensure data is processed securely. Persons processing personal data are bound by confidentiality. We follow industry best practices and standards to ensure data security.

  1. Rights

Customers have the right to:

  • Receive information on data processing
  • Access data
  • Request data correction
  • Request data deletion ("right to be forgotten")
  • Restrict data processing
  • Object to data processing
  • Withdraw consent
  • Report concerns to the data protection authority at www.tietosuoja.fi www.tietosuoja.fi

These rights are exercised within the limits allowed and required by data protection and other regulations. To exercise rights, please contact the address provided in section 2. Please verify your identity to ensure that data is disclosed only to the data subject.

  1. Changes

We continuously develop our services and practices, and may update this Privacy Policy. Changes may also be based on legislative or regulatory guidance. We recommend reviewing the content of this Privacy Policy regularly.

This Privacy Policy was last updated on 8 November 2024.