Privacy policy

Last updated February 13, 2025

This Privacy Notice explains how Joo Group processes the personal data of its customers and potential customers. We respect our customers' privacy, and we want you to feel confident that your personal data is processed in accordance with data protection laws and industry best practices both during and for the necessary period after the customer relationship with us.

Data Controller:

Joo Group Oy referred to as "Joo Kodit" or "Joo"

PL 196, 00101 Helsinki, Finland

Tel. +358 (0)20 766 1390

tietosuoja(at)joo-kodit.fi

1. What personal data does Joo process?

When submitting an application for our rental apartment, the applicant or their representative is asked to provide:

  • Name and personal identification number or business ID

  • Contact details: phone number, address, and email address

  • Number of people moving into the apartment

  • A free-form description of the circumstances affecting the applicant's financial situation

The credit history of potential applicants is checked from a credit register. A record of whether there are any payment default entries is stored as “yes” or “no” answer.

If the application leads to a tenancy agreement, also the following data is stored:

  • The lease agreement and any attachments

  • Names and dates of birth of all individuals moving into the apartment

  • If relevant, information regarding guardianship or other special circumstances

  • Preferred communication language

All customer communication, inquiries, and feedback from both applicants and tenants are recorded and stored for the time being. Additionally, any consents or objections to marketing, as well as related communications, are stored.

Data produced and stored during the tenancy include:

  • Payment transaction details

  • Key handover and return receipts, as well as electronic access control data:

    • Name, apartment number, key code and assigned access rights

    • Time and location of key usage as automatically recorded by the access control system

  • Move-in inspection form

  • Service requests submitted to Joo Kotimestari

  • Maintenance reports and service requests

  • Sauna and laundry room reservations

  • Any apartment-specific disturbance reports

Some of our properties are equipped with security cameras that record activity in monitored areas, including the time and location of each event. If a property has a camera surveillance, this will be clearly stated in both the monitored area and the lease agreement.

Additionally, some properties have temperature or humidity sensors or similar systems for monitoring building conditions. However, this data is not linked to individual tenants.

Joo may also collect and process data from potential customers, including those who engage with us through online services or marketing campaigns. This data includes:

  • Name and contact details (phone number, email, and postal address)

  • Information about your housing preferences and needs

2. What is the purpose and legal basis for processing?

The purpose of processing personal data is to acquire, manage, and maintain customer relationships related to rental housing and to provide services ordered by customers. Data processing is primarily based on pre-contractual measures related to the rental application process and, during the tenancy, on the performance of the lease agreement.

Processing of payment transactions and the creation of lease agreements in written form is also based on legal obligations applicable to Joo Kodit. After the tenancy ends, retaining personal data for a specified period is justified to protect the legitimate interests of both parties in potential disputes.

Additionally, data related to customer communications is used under legitimate interest for service quality control and development, and with customer consent for marketing and targeted communications.

The processing of data related to electronic locking systems, camera surveillance, and sensors installed by the property developer is based on our legitimate interest in ensuring safety and property protection.

3. Does Joo disclose or transfer the data?

Joo Kodit does not generally disclose personal data but does use external service providers to help deliver our services, and these partners may process necessary personal data on our behalf. Such partners include property manager, maintenance companies, key service and camera surveillance providers, a billing partner and suppliers of IT systems containing personal data.

All data processors are contractually required to comply with data protection regulations.

Personal data is primarily stored and processed within the EU/EEA. If for certain individual processing operation data shall be transferred outside this area, we ensure compliance with an explicit, prior written agreement and other necessary measures.

4. How long does Joo keep the personal data?

Joo Kodit retains personal data only as long as necessary for its intended purpose. Retention periods vary depending on the type of data and how it is used.

The personal data of those who have applied for rental apartment will be kept for the period required to process the application. If the application does not lead to a tenancy, the data will be deleted after a certain expiry date. The contact details of those who have given consent to marketing will be kept until further notice, i.e. until consent is withdrawn or the need to retain the data otherwise ceases.

The data of tenants and persons living with them will always be kept for at least the duration of the tenancy. After that, personal data will be kept for as long and to the extent necessary for the purposes of billing, debt collection and any legal action or protection against legal action. Retention is justified to protect the legitimate interests of both parties. However, all personal data relating to the customer relationship will be deleted at the latest within 7 years after the end of the customer relationship.

The electronic access control event logs store approximately 500 most recent door openings, which in practice means an average of 2-3 months of logs. Similar retention periods are defined locally for camera surveillance records, up to 3 months from the date of recording.

Data from a humidity sensor or other similar technical system are used and stored for the whole life cycle of the building but not linked to specific residents.

5. How is the data protected?

Access to personal data is only granted to employees of Joo or its partners who have a legitimate need to process such data for the performance of their duties. These employees are bound by confidentiality and data protection guidelines.

Information security is ensured with appropriate measures including encryption, technical restrictions, security software and firewalls. Access to systems requires passwords. The destruction of material containing personal data is done with secure processes.

6. What are my rights regarding my data?

Under data protection laws, individuals have rights which, in many situations, allow them to control their personal data. The extent of these rights is linked to the basis on which personal data are processed and varies slightly from one situation to another. Moreover, the exercise of these rights requires that the identity of the person making the request can be verified using reasonable means.

To exercise your rights, you can contact Joo by e-mail at tietosuoja(at)joogroup.fi. A response will be provided within one month of receiving the request.

Your rights under data protection legislation include:

  • Right to access and rectify data

You have the right to request a copy of your personal data stored by Joo Kodit. If your data is incorrect or incomplete, we must correct it without delay.

  • Right to erasure and “to be forgotten”

In certain cases, the data subject has the right to have the controller erase data concerning him or her. This right is also known as the right to be forgotten. You have the right to have your data erased if the processing was based on your consent and you would like to withdraw it, or if the data has been processed unlawfully, or if the data is no longer needed for the purposes for which it was collected.

This right does not apply if the processing is necessary for Joo Kodit to comply with a legal obligation, to fulfil a task carried out in the public interest, in the exercise of official authority, or for the establishment, exercise or defence of legal claims.

  • Right to restrict processing

You may request that we temporarily restrict the active processing of your data, for example, while awaiting a response to a rectification or erasure request.

  • Right to object to processing

You have the right to object to the processing of your personal data if the processing is based on a task carried out in the public interest, in the exercise of official authority or for legitimate interests, and you have a reason relating to a particular personal situation.

You also always have the right to object to the use of your data for direct marketing.

  • Right to data portability

If processing is based on consent or contract and is automated, you have the right to receive your data in a machine-readable format and transfer it to another organization.

  • Right to lodge a complaint

If you believe your personal data is processed unlawfully or that Joo Kodit is otherwise acting in breach of its data protection obligations, you can file a complaint with the data protection authority. In Finland, the competent authority is the Office of the Data Protection Ombudsman.