top of page

PRIVACY POLICY

Privacy Policy

 

This is a combined privacy statement and information document in accordance with the Data Protection Act and the European Union’s General Data Protection Regulation (2016/679/EU).

 

CONTROLLER

 

Bo LKV Oy

 

NAME AND CONTENT OF THE REGISTER

 

Bo Group’s Customer Register (“Customer Register”)

 

Regional Offices:

• Bo LKV Helsinki: Neitsytpolku 12, 00140 Helsinki; Franzeninkatu 22, 00530 Helsinki; Tunturikatu 18, 00100 Helsinki

• Bo LKV Espoo: Piispanpiha 1, 02200 Espoo

• Bo LKV Vantaa: Silkkitehtaantie 5, 01300 Vantaa

• Bo LKV Porvoo: Mannerheiminkatu 4, 01600 Porvoo

• Bo LKV Turku: Läntinen Rantakatu 53, 20100 Turku

• Bo LKV Tampere: Kelloportinkatu, 33100 Tampere

• Bo LKV Oulu: Kansankatu 53, 90100 Oulu

• Bo LKV Lahti: Rautatienkatu 20, 15110 Lahti

• Bo LKV Jyväskylä: Yliopistonkatu 32, 40100 Jyväskylä

 

Contact Information:

 

Saara Murtovaara

Chief Operating Officer

Bo LKV Oy

Phone: 040 764 4317

Website: https://bo.fi

LEGAL BASIS FOR PROCESSING PERSONAL DATA /
WHY DOES BO COLLECT YOUR DATA?

GENERAL INFORMATION ABOUT DATA PROCESSING

 

Insofar as the Customer Register contains personal data, its processing complies with the Data Protection Act and other applicable laws, regulations, decrees, and official guidelines concerning the processing of personal data. Personal data refers to information that can be linked to a specific individual. This document describes in detail the procedures for collecting, processing, and disclosing personal data, as well as the rights of the customer, i.e., the data subject.

 

Purpose of Collecting Personal Data

 

Contractual, Client, or Other Comparable Relationships

 

The purpose of the Customer Register is to manage:

• Contractual or client relationships with the principal (e.g., seller or landlord).

• Relationships related to the performance of assignments involving the principal’s counterpart (e.g., buyer or tenant).

• Contractual relationships concerning valuation assignments or other expert services.

• Relationships based on the customer’s consent for marketing purposes, including multichannel marketing communication through email, online platforms, telemarketing, or postal services.

 

The data controller may also collect information from individuals present at property viewings to prevent, monitor, and investigate crimes or misconduct, as well as to determine potential customers’ interests or to establish future client relationships, offer services, and conduct marketing.

 

In this document, individuals mentioned in section a) are referred to as Customers.

 

Legislation Concerning Real Estate Agencies

 

The Act on Real Estate Agencies and Rental Agencies (1075/2000) and the Act on Real Estate and Rental Mediation (1074/2000), along with the handling of related assignments, require the storage, use, and retention of information specified under the section “Content of the Customer Register.”

 

The agency is required to maintain an assignment diary, where personal data, property details, event information, and related documents are recorded for each assignment (“Assignment Diary”).

 

Statutory Monitoring of Money Laundering

 

According to Chapter 3, Section 3 of the Anti-Money Laundering and Counter-Terrorist Financing Act (444/2017, hereinafter “Anti-Money Laundering Act”), customer identification data and other personal data required by law are stored, retained, and may be used for the prevention, detection, and investigation of money laundering and terrorist financing, as well as for investigating crimes related to such offences.

 

Personal data collected solely for the purposes of preventing and detecting money laundering and terrorist financing shall not be used for purposes incompatible with these objectives.

 

Consent-Based Data Storage

 

If the right to collect data exceeds the legal or situational requirements stated above, or if no such legal basis exists, the Customer’s explicit consent will be requested for the storage, processing, and retention of personal data.

 

Assignment-related data is also used for contractual relationships involving valuation and other expert services, and is stored similarly to the Assignment Diary.

 

In addition to the legal or situational basis for data collection, the Customer’s consent may be requested for the analysis of provided information and customer behaviour for marketing purposes (such as direct marketing via email or other similar online, postal, or telemarketing channels).

 

Consequences of Not Providing Data

 

If the data controller does not obtain the information mentioned in sections a), b), and c), a client relationship cannot be initiated or continued, nor can other agreements or legal transactions be undertaken with the Customer.

 

If sufficient identifying information cannot be obtained during a property viewing, participation in the viewing may not be possible.

 

Purpose of Data Use

 

Data within the Customer Register may be used for the following purposes:

• Managing and developing client relationships.

• Providing, developing, enhancing, and securing services.

• Billing, collection, and verification of client transactions.

• Targeted advertising.

• Analysis and statistical processing of services.

• Customer communication, marketing, and advertising.

• Customising marketing and advertising content (e.g., direct marketing via email) based on information provided by the Customer and their behaviour.

• Protecting and safeguarding the rights and/or property of the data controller and other parties involved in assignments.

• Fulfilling statutory obligations of the data controller.

• Other similar purposes.

CONTENT OF THE CUSTOMER REGISTER /
WHAT DATA DOES BO COLLECT?

Bo processes data within the Assignment Diary, Anti-Money Laundering Act monitoring registers, and Customer Contact Information Listings.

 

Assignment Diary and Its Attachments

 

The Assignment Diary and its attachments process or may process data belonging to the following categories:

1. Basic Customer Information:

• Full name, address, language preference.

• Personal identification number and possibly business ID for reliable identification when acting on behalf of oneself or a company.

2. Billing and Collection Information:

• Details related to invoicing and debt collection.

3. Customer and Contract Information:

• Services offered to the Customer, dates of use, purchase offers, acceptance of offers, rental or sales agreement dates, property details, agency fees, service provider details, and other relevant information.

4. Permissions and Restrictions:

• Direct marketing consents and prohibitions.

5. Interests and Other Information Provided by the Customer:

• Customer-provided interests or preferences.

6. Service-Related Event Information:

• Records of interactions and services provided.

7. Complaints and Their Processing Information:

• Details of complaints made by the Customer and their handling.

8. Tenant’s Credit Information and Other Financial Data:

• Information necessary for assessing the tenant’s financial capacity to pay rent.

 

Anti-Money Laundering Act Monitoring Registers

 

Data processed under the Anti-Money Laundering Act may include:

1. Personal Information:

• Name, date of birth, personal identification number.

2. Representative Information:

• Name, date of birth, personal identification number of the representative.

3. Legal Entity Information:

• Full name, registration number, registration date, and registration authority of the legal entity.

• Names, dates of birth, and nationalities of members of the board or equivalent decision-making body.

• The legal entity’s line of business.

4. Beneficial Owner Information:

• Name, date of birth, and personal identification number.

5. Identification Documents:

• Name of the document used for identity verification, document number or other identifying information, issuer, or a copy of the document.

• If the Customer is identified remotely, information about the method or sources used for verification.

6. Customer Activity Information:

• Details about the Customer’s activities, nature and scope of business operations, financial status, justification for using a particular service, information about the origin of funds, and other necessary information required by the Anti-Money Laundering Act, Section 4, Subsection 1.

7. Verification of Funds:

• Information related to verifying the origin of funds as required by the Anti-Money Laundering Act, Section 4, Subsection 3.

• Necessary information for fulfilling enhanced due diligence requirements related to politically exposed persons (PEPs) as required by Section 13.

8. Non-Finnish Customers Without a Finnish Personal Identification Number:

• Information about the Customer’s nationality and travel document details.

 

Customer Contact Information Listings

 

Data processed or potentially processed within the Customer Contact Information Listings includes:

1. Name and Address:

• Basic contact details for communication purposes.

2. Purpose of Contact:

• Reason for the Customer’s interaction with Bo LKV.

3. Contact Details and Follow-Up Actions:

• Information about when and how the Customer was contacted and any subsequent actions taken.

DATA RETENTION PERIOD

Data recorded in the Assignment Diary is retained for ten (10) years from the termination of the assignment.

​

 

Data collected under the Anti-Money Laundering Act (444/2017) is retained for five (5) years, unless continued retention is necessary for:

• Criminal investigations

• Pending legal proceedings

• Protection of the rights of the data controller or its employees

 

The necessity for continued retention is assessed at least every three (3) years following the previous review of retention necessity. (Anti-Money Laundering and Counter-Terrorist Financing Act, Section 4).

 

 

Other personal data is deleted once there is no longer a need to retain it. If the collection and retention of personal data were based solely on the Customer’s consent, the data will be deleted upon the Customer’s request.

REGULAR DATA SOURCES /
WHERE DOES BO COLLECT DATA FROM?

Bo LKV Oy collects personal data from various sources to fulfil its contractual, legal, and service-related obligations. The primary sources include:

 

Data Collected Directly from the Customer

Information provided by the Customer during assignment agreements, purchase or rental offers, and other assignment-related transactions.

Fulfilling due diligence obligations and preparing documents.

Using the services of the data controller, such as during property viewings or site presentations.

Contact forms on Bo LKV Oy’s website.

Customer satisfaction surveys and competitions.

 

External Data Sources

Data may be collected or updated from property management companies (Isännöitsijätoimistot), the Finnish Population Information System, other official registers (e.g., Land Register and Mortgage Register), and credit information registers.

 

Consent-Based Data Collection

Data collected with the Customer’s consent is obtained either directly from the Customer or from registers or sources maintained by authorities or third parties, with the Customer’s explicit consent.

DATA DISCLOSURE /
WHERE CAN BO SHARE YOUR DATA?

Bo LKV Oy may disclose personal data as permitted or required by applicable legislation, to fulfil contractual obligations, or when a legitimate connection exists.

 

Disclosure to Authorities and Contractual Partners

Personal data may be disclosed to various authorities and contractual partners in connection with fulfilling assignments, ensuring compliance, or resolving legal disputes. This may include:

• Regional State Administrative Agencies and other authorities.

• Banks involved in real estate transactions.

• Property management companies (isännöitsijä) and the National Land Survey of Finland (Maanmittauslaitos) during various stages of assignments.

• Legal advisors in case of disputes.

 

Data Transfers Outside the EU or EEA

Data is not regularly transferred outside the European Union (EU) or the European Economic Area (EEA). However, data may be transferred or disclosed outside the EU or EEA in accordance with applicable law, if:

• The data is transferred to a country where the European Commission has determined that the level of data protection is adequate, or

• Adequate protection of personal data is ensured through contractual arrangements.

 

Temporary transfers outside the EU or EEA may also occur when using various cloud services, such as OneDrive, iCloud, or Dropbox.

 

Disclosure to Industry Associations

Sales price and other transaction-related information may be disclosed to the Central Federation of Finnish Real Estate Agencies (KVKL). This information is stored in the KVKL Price Monitoring Service (HSP) to the extent required by the service. Data from the HSP may also be disclosed to its clients. The privacy policy for this service can be accessed at:

http://www.hintaseurantapalvelu.fi/tietosuoja.

 

Outsourcing and Subcontractors

In connection with outsourcing IT management, personal data may be processed by Bo LKV Oy’s subcontractors. However, processing is only carried out on behalf of Bo LKV Oy. Such subcontractors may include:

• Real estate system providers, marketing system providers, and property sales portals.

• Customer satisfaction survey companies.

 

Bo LKV Oy’s subcontractors include:

• Almamedia (Real Estate System KIVI).

• Procountor (Financial Management System), part of Finago.

• Privacy Policy: https://finago.com/fi/tietosuojaseloste/

• Almamedia’s Privacy Policy: https://www.almamedia.fi/tietosuoja

• Oikotie Real Estate Portal’s Privacy Policy: https://asunnot.oikotie.fi/rekisteriseloste

• Customer Satisfaction Survey Company’s Privacy Policy: https://www.surveypal.com/fi/rekisteriseloste

PRINCIPLES OF REGISTER PROTECTION /
HOW DOES BO PROTECT YOUR PERSONAL DATA?

Access to the Customer Register requires a user account granted by the system administrator (main user). The main user determines the level of access granted to other users. Only employees of Bo LKV Oy and subcontractors who need access to the data for work-related tasks have access to the information. Data is collected in service databases that are protected by firewalls, passwords, and other technical means. The databases are located in locked and monitored facilities, and only certain predetermined individuals have access to the information. Customer data is stored electronically. If personal data containing personal identification numbers is transferred by Bo LKV Oy, for example, via email, it is done securely.

 

Insofar as personal data is processed by a subcontractor on behalf of the data controller, the agreements between the data controller and the subcontractor ensure that appropriate protective measures are in place and that the processing of personal data complies with the requirements of data protection legislation.

CUSTOMER RIGHTS /
HOW CAN YOU ENSURE THE LAWFULNESS OF PROCESSING?

9.1 Reviewing, Accessing, and Transferring Data

 

The Customer has the right to review what personal data concerning them has been stored in the Customer Register. The Customer must submit a request for review to the data controller in writing, either in a personally signed document or a similarly verified document, or by email.

 

Contrary to the above, the Customer does not have the right to review information obtained for the purpose of fulfilling the notification or due diligence obligations under the Anti-Money Laundering Act (Section 4:3). However, upon the Customer’s request, the Data Protection Ombudsman may inspect the lawfulness of the processing of such data.

 

The data controller will provide the requested information to the Customer within 30 days of receiving the request.

 

The Customer has the right to have their own personal data, provided by them, transferred to a third party in a structured, commonly used, and machine-readable format. However, the data controller will continue to store the transferred data in accordance with this privacy policy.

 

9.2 Correction of Incorrect Data

 

The Customer has the right to rectify personal data concerning them stored in the register if the data is incorrect.

 

9.3 Objecting to or Restricting Data Processing and Deleting Data

 

The Customer has the right to object to the processing of their personal data for purposes such as direct marketing, remote sales, other direct advertising, market and opinion research, and the development of the data controller’s business.

 

The Customer also has the right to restrict the processing of their data and to request the deletion of personal data stored for the aforementioned purposes, even if there is otherwise a valid basis for processing.

 

9.4 Withdrawal of Consent

 

If the data stored in the register is based on the Customer’s consent, this consent can be withdrawn at any time by notifying the data controller’s representative mentioned in this privacy policy. Upon request, all data that does not need to be retained, or cannot be retained, under the law or other grounds mentioned in this privacy policy, will be deleted.

 

9.5 Procedure for Exercising Rights

 

Requests for review, correction, or any other requests can be made by contacting the data controller’s customer service using the contact details provided in this privacy policy.

 

9.6 Disputes

 

The Customer has the right to submit the matter to the Data Protection Ombudsman if the data controller does not comply with the Customer’s request for correction or other rights.

PROFILING AND AUTOMATED DECISION-MAKING

The data controller does not conduct profiling or use automated decision-making based on personal data concerning the Customer.

bottom of page