Home > Contact Details > Privacy policy

Privacy policy

 

Privacy policy for stakeholders of Hiedanrannan Kehitys Oy

This privacy policy explains how and on which grounds Hiedanrannan Kehitys Oy processes the personal data of its stakeholders. Our stakeholders include, among others, the businesses and organisations operating in the Hiedanranta area, developers participating in the Hiedanranta plot assignment competition, event organisers, service providers, as well as our other partners.

1. Data controller

Hiedanrannan Kehitys Oy
Tehdaskartanonkatu 36
33400 TAMPERE
Business ID: 3002666-6
www.hiedanranta.fi
In matters related to data protection, please contact us via email at tietosuoja@hiedanranta.fi.

2. What are the purposes for which we process your personal data?

We process personal data of Hiedanrannan Kehitys Oy’s stakeholders and their representatives for the following purposes related to the relationship between Hiedanrannan Kehitys Oy and the stakeholder, or to other aspects of Hiedanrannan Kehitys Oy’s operations:

  • Implementing, maintaining, managing and developing partnerships and stakeholder relations;
  • Communication and provision of information to the stakeholders and persons affiliated with them;
  • Organising and implementing the Hiedanranta plot assignment competition;
  •  Managing contractual relationships and executing the related tasks, duties and rights of Hiedanrannan Kehitys Oy;
  • Organising events;
  • Marketing, including direct marketing.

3. What is the basis for lawful processing of personal data?

The basis for the processing of personal data is the execution of a contract between Hiedanrannan Kehitys Oy and the data subject or the implementation of measures preceding such an execution, as well as a legitimate interest of Hiedanrannan Kehitys Oy.

A legitimate interest is based on cooperation between Hiedanrannan Kehitys Oy and a data subject, on developing or terminating such cooperation, on analysing and developing the operations of Hiedanrannan Kehitys Oy, and on communicating with operators, developers and event organisers in the Hiedanranta area, as well as with other stakeholders and partners. When processing personal data on the basis of a legitimate interest, we weigh the benefits and potential harms of the processing to the data subjects and have determined that the rights and interests of the data subjects do not supersede our legitimate interest to process the personal data. You have the right to object to the processing of personal data that is based on a legitimate interest.

As regards direct marketing, the processing of personal data may also be based on a consent which you have provided. You always have the right to retract your consent to direct marketing after providing it.

If the processing of personal data is based on the execution of a contract or measures preceding a contract, the disclosure of personal data is a prerequisite for entering into the contractual relationship.

4. Which data do we process?

The type of data that we collect and process depends on the intended use of the data in any specific situation. For the purposes described above, we process the following data:

  • Your first and last name, as well as contact information (email address and telephone number);
  • The name, business ID and contact information of your organisation;
  • Your position in the organisation;
  • Your personal identity code;
  • Information concerning the contract between Hiedanrannan Kehitys Oy and the stakeholder, as well as information and materials provided during the preparation and negotiations related to the contract;
  • Information that you have provided in connection with registering for events (incl. possible allergies);
  • Payment and invoicing information.

Profiling and automated decision-making
We do not use personal data for profiling or automated decision-making.

5. How do we collect personal data?

We collect your personal data directly from yourself.

6. Who processes your information?

For the processing of personal data, Hiedanrannan Kehitys Oy uses reliable personal data processors and subcontractors. Our subcontractors have signed contracts with us concerning the processing of personal data.
Certain ICT service providers that serve as personal data processors participate in the handling of your personal data, as they implement various technical systems and services in accordance with their contracts and the data protection clauses thereof. If you wish to receive more information on these ICT service providers, please contact us via email at tietosuoja@hiedanranta.fi. In addition, personal data may be disclosed to the authorities within the limits permitted by legislation.

7. Transfer of data outside the EU or EEA

As a rule, we process your personal data within the European Union (EU) and the European Economic Area (EEA), but the data may also be exceptionally transferred outside the EU/EEA – for example, to ICT service providers operating in the United States that serve as data processors. In such cases, we execute the data transfers in accordance with the stipulations of data protection legislation by applying, for instance, an equivalence decision or standard contractual clauses approved by the European Commission, implementing the appropriate safety measures.

8. How long will we store your personal data?

We process your personal data only for as long as is necessary with respect to the original or compatible purposes for which the personal data has been collected, unless we are legally obligated to store the personal data for longer. The personal data storage time depends on the nature of the data and the purpose of the processing. When a piece of personal data is no longer needed, we remove the data from our filing system within a reasonable time.
We store personal data in accordance with the following principles:

  •  We store personal data related to a stakeholder relationship or partnership for as long as the relationship in question is valid.
  • After a stakeholder relationship or partnership is terminated, we will continue to store the data for another two years, unless there is an exception that necessitates a longer storage for the purposes of, for instance, legal action.
  • Personal data included in accounting records are stored for the period required by accounting legislation, which is to say for the ongoing financial year and either ten or six years from the end of the financial year, depending on the type of document in question.
  • For the purposes of marketing and communications, we store necessary personal data, the processing of which is based on a legitimate interest of Hiedanrannan Kehitys Oy or on your express consent, for as long as their processing is necessary for the purposes for which the personal data were collected, unless you have retracted your consent to receive or have refused to receive electronic direct marketing.
    We assess the necessity of storing personal data regularly in accordance with our internal procedures. In addition, we take all and any reasonable measures to ensure the immediate removal or correction of personal data that are imprecise, incorrect or outdated in terms of the purposes of the processing.

9. How are personal data protected?

We use technical and organisational protection measures to ensure the data security of the personal data that we collect and process. Access to the databases and systems and the right to use the data file are limited solely to those employees of Hiedanrannan Kehitys Oy, or of personal data processors acting on behalf of Hiedanrannan Kehitys Oy, who have the right to process the data included in the data file in their professional capacity.

A database that contains personal data is located on a server housed in a locked space which can only be accessed by specifically appointed individuals who are authorised to access the space in order to perform their duties. The server is secured with an appropriate firewall and technological protection. The measures we take are designed to maintain an appropriate level of security in order to ensure the confidentiality, integrity, usability and resilience of the data.

Paper copies and other personal data that are kept in a physical file are stored in a locked space with limited access. Physically stored data are always destroyed appropriately as confidential waste.

10. Rights of the data subject

Depending on the situation, you may have the following rights defined in the EU General Data Protection Regulation:

  • The right to receive confirmation on whether your personal data are being processed. If personal data are being processed, you have the right to check which data concerning yourself we are processing. You also have the right to receive a copy of the personal data being processed.
  • The right to have imprecise and incorrect personal data about yourself corrected.
  • In certain cases, you have the right to object to the processing of personal data that is based on a legitimate interest of Hiedanrannan Kehitys Oy. You also have the right to object to the use of your personal data for profiling and the purposes of direct marketing.
  • When personal data are processed based on your consent, you have the right to retract the consent you have provided.
  • The right to request the removal of your personal data in situations defined in the EU General Data Protection Regulation. This applies, for example, if you retract your consent to have your personal data processed and there is no other lawful basis for the processing of the data, or if you object to the processing of your personal data and there are no acceptable grounds for the continued processing of the data.
  • The right to request a restriction on the processing of your personal data in situations defined in the EU General Data Protection Regulation. This applies, for example, while you are waiting for our response to your request to have your personal data corrected or removed.
  • The right to receive the personal data that you have provided to us in a structured, generally used and machine-readable format, and the right to transfer these data to another data controller, if the data processing is based on a consent or contract and if the data are located in an electronic system.
  • The right to lodge a complaint with a supervisory authority (Office of the Data Protection Ombudsman), if you suspect that your data are being processed in violation of data protection regulations.

If you wish to receive further information on the processing of your personal data or your opportunities to influence the processing, please contact us via email at tietosuoja@hiedanranta.fi.

Privacy policy for Hiedanrannan Kehitys Oy’s camera surveillance and physical access control

This privacy policy explains how and on which grounds Hiedanrannan Kehitys Oy processes your personal data in connection with camera surveillance and physical access control.

1. Data controller

Hiedanrannan Kehitys Oy
Tehdaskartanonkatu 36
33400 TAMPERE
Business ID: 3002666-6
www.hiedanranta.fi

In matters related to data protection, please contact us via email at tietosuoja@hiedanranta.fi.

2. What are the purposes for which we process your personal data?

The properties and facilities managed by Hiedanrannan Kehitys Oy have a recording camera surveillance and physical access control system. We process personal data collected through camera surveillance and access control for the purposes of ensuring the safety of the facilities and investigating possible problem situations, such as suspected or verified criminal activity, damages or misuse.

In addition, Hiedanrannan Kehitys Oy uses the Hiedanranta 360° live camera (so-called “Raksakamera”, or “construction site camera”) installed at the top of the old Hiedanranta factory chimney, with the purpose of documenting the construction and development of the Hiedanranta area. You can watch the camera’s livestream online (https://skyviewlive.roundshot.com/hiedanranta/#/), and images recorded by the camera will be used at a later date in Hiedanranta’s marketing. As a rule, images recorded with the Hiedanranta 360° camera are not used for the surveillance of Hiedanrannan Kehitys Oy’s properties or facilities. The camera has been installed high up on the chimney of the old Hiedanranta factory, and individuals travelling in the area should not be directly recognizable from the images.

3. What is the basis for lawful processing of personal data?

The basis for the processing of personal data for the purposes of camera surveillance and physical access control is a legitimate interest of Hiedanrannan Kehitys Oy to do so.

The legitimate interest is based specifically on ensuring the safety and legal protection of the properties and facilities of Hiedanrannan Kehitys Oy, as well as of customers and other individuals visiting the properties and facilities.

As regards the purposes related to the Hiedanranta 360° live camera, the legality of the processing is also based on a legitimate interest of Hiedanrannan Kehitys Oy, specifically to implement marketing for and to promote the development and awareness of the area.
When processing personal data on the basis of a legitimate interest, we weigh the benefits and potential harms of the processing to the data subjects and have determined that the rights and interests of the data subjects do not supersede our legitimate interest to process the personal data. You have the right to object to the processing of personal data that is based on a legitimate interest.

4. Which data do we process?

For the purposes of camera surveillance and physical access control, we process the following data:

  • Camera surveillance video recordings, including place, time and date stamps.
  • Data collected by means of electronic keys, including information on electronic key handovers and returns, as well as passage data from the doors of the properties and facilities (key ID data, date and time).

For purposes related to the Hiedanranta 360° live camera, we process images recorded by the camera.

5. Profiling and automated decision-making

We do not use personal data for profiling or automated decision-making.

6. How do we collect personal data?

Personal data are collected by video recording individuals who travel within the area covered by camera surveillance. We inform people of the camera surveillance in the area by means of signs attached to the walls of the buildings.

In access control, we collect data collected by electronic keys on the use of the keys.

The Hiedanranta 360° live camera records still images of the area covered by the camera. We inform people of the recording of images by means of signs installed in the area.

7. Who processes your information?

For the purposes of implementing camera surveillance, Hiedanrannan Kehitys Oy uses reliable personal data processors and subcontractors. Our subcontractors have signed contracts with us concerning the processing of personal data. The subcontractors may use the personal data solely for the purposes of producing the service that we have contracted them to provide.

Certain ICT service providers that serve as personal data processors participate in the handling of your personal data, as they implement various technical systems and services in accordance with their contracts and the data protection clauses thereof. If you wish to receive more information on these ICT service providers, please contact us via email at tietosuoja@hiedanranta.fi.

In addition, personal data may be disclosed to the authorities within the limits permitted by legislation.

8. Transfer of data outside the EU or EEA

Personal data are not transferred outside the EU or EEA.

9. How long will we store your personal data?

We process your personal data only for as long as is necessary with respect to the original or compatible purposes for which the personal data has been collected, unless we are legally obligated to store the personal data for longer. The personal data storage time depends on the nature of the data and the purpose of the processing. When a piece of personal data is no longer needed, we remove the data from our filing system within a reasonable time.

We store personal data in accordance with the following principles:

  • A video image of a data subject will be deleted from the system no later than 14 days from the recording;
  • The iLOQ S10 locks used in access control store event log data containing the latest 500 door-opening events. Furthermore, the event log data are deleted from the server within no longer than12 months.
  • In addition, data may be stored for as long as it is necessary in exceptional circumstances for the purposes of investigating a matter concerning a data subject that is related to camera surveillance and access control or legal action.
  • Images recorded by the Hiedanranta 360° live camera will be stored for the duration of the area’s construction and the drawing up of marketing material.

We assess the necessity of storing personal data regularly in accordance with our internal procedures. In addition, we take all and any reasonable measures to ensure the immediate removal or correction of personal data that are imprecise, incorrect or outdated in terms of the purposes of the processing.

10. How are personal data protected?

We use technical and organisational protection measures to ensure the data security of the personal data that we collect and process. Access to the databases and systems and the right to use the data file are limited solely to those employees of Hiedanrannan Kehitys Oy, or of personal data processors acting on behalf of Hiedanrannan Kehitys Oy, who have the right to process the data in the data file in their professional capacity.

A database that contains personal data is located on a server housed in a locked space which can only be accessed by specifically appointed individuals who are authorised to access the space in order to perform their duties. The server is secured with an appropriate firewall and technological protection. The measures we use are designed to maintain an appropriate level of security in order to ensure the confidentiality, integrity, usability and resilience of the data.

Paper copies and other personal data that are kept in a physical file are stored in a locked space with limited access. Physically stored data are always destroyed appropriately as confidential waste.

11. Rights of the data subject

Depending on the situation, you may have the following rights defined in the EU General Data Protection Regulation:

  • The right to receive confirmation on whether your personal data are being processed. If personal data are being processed, you have the right to check which data concerning yourself we are processing. You also have the right to receive a copy of the personal data being processed.
  • The right to have imprecise and incorrect personal data about yourself corrected.
  • In certain cases, you have the right to object to the processing of personal data that is based on a legitimate interest of Hiedanrannan Kehitys Oy. You also have the right to object to the use of your personal data for profiling and the purposes of direct marketing.
  • When personal data are processed based on your consent, you have the right to retract the consent you have provided.
  • The right to request the removal of your personal data in situations defined in the EU General Data Protection Regulation. This applies, for example, if you retract your consent to have your personal data processed and there is no other lawful basis for the processing of the data, or if you object to the processing of your personal data and there are no acceptable grounds for the continued processing of the data.
  • The right to request a restriction on the processing of your personal data in situations defined in the EU General Data Protection Regulation. This applies, for example, while you are waiting for our response to your request to have your personal data corrected or removed.
  • The right to receive the personal data that you have provided to us in a structured, generally used and machine-readable format, and the right to transfer these data to another data controller, if the data processing is based on a consent or contract and if the data are located in an electronic system.
  • The right to lodge a complaint with a supervisory authority (Office of the Data Protection Ombudsman), if you suspect that your data are being processed in violation of data protection regulations.

If you wish to receive further information on the processing of your personal data or your opportunities to influence the processing, please contact us via email at tietosuoja@hiedanranta.fi.