1 Data controller
Below specified local operating company in respective jurisdiction on its own behalf and on behalf of local real estate companies belonging to the same group which act as joint controllers as applicable:
Finland: Technopolis Oy (business ID 2992763-5)
Sweden - Göteborg: Technopolis Gårda AB (business ID 556970-1138)
Sweden - Kista, Stockholm: Technopolis Kista AB (business ID 559306-2572)
Norway: Technopolis Holding AS (business ID 912 237 885)
Lithuania: Technopolis Lietuva UAB (business ID 302756782)
Estonia: Technopolis Ülemiste AS (business ID 11978111)
Hereinafter “we”, “us” or “our” shall refer to the data controller(s). “You” or “your” shall refer to the data subject.
2 Contact details
Privacy Coordinator of Technopolis Group, email: firstname.lastname@example.org, tel: +358 46 712 0000 (customer service), address: Energiakuja 3, FI-00180 Helsinki.
3 Name of register
Property access control register.
4 Legal basis and purpose of processing your personal data
We process your personal data based on our (respective local operating and real estate companies) and our tenants’ legitimate interest. We process your personal data because you have been granted access to our real estate property following your employment or business relationship with us or our tenant, supplier or cooperation partner.
Your personal data may be used for the purposes of:
- protecting our real estate property and possessions as well as our tenants’ and cooperation partners’ premises and possessions;
- preventing vandalism or any other crimes or acts or omissions that might jeopardize our real estate property, any possessions located on the property or security of the property (including premises leased by our tenants);
- investigating acts or omission that have caused or might cause damage to us, the property, our tenant or customer or their representative(s) or possessions; and
- providing evidence and other assistance in investigating and handling any of the matters as described in items (1)-(3) above.
A further purpose of maintaining access control and processing your personal data within the access control is to ensure your safety as well as safety of other persons on the property and the safety of surrounding areas of the property.
The above forms the legitimate contractual and economic interests for us to process your personal data, and it is necessary in order to grant you an access to our real estate property or the premises leased by our tenants.
5 Types of your personal data we collect
We process your following personal data:
- First name, last name, phone number, email address, company/employer name;
- Identification details of your personal access card or tag or Mobile ID or similar, passcode, and access privileges;
- Access events that the access control system uses based on the use of your access card, i.e. approved and rejected passage events (stamp details) with access reader location, dates and times (access control log).
6 Regular sources of your personal data
Your personal data is collected regularly from you and your employer following the request to grant you an access to the property. The access control system generates the access control log based on where you show the access card or tag to the reader. The register does not contain external regular sources of information.
7 Regular disclosure and transfer of your personal data, and transfer outside the EU or EEA
We do not regularly disclose your personal data to other third parties than our subcontractors. We are responsible for the activities of our subcontractors as for our own activities. We will ensure that the subcontractors are committed to protecting your personal data in the manner stated in this policy.
However, your access log data concerning the doors of the leased premises possessed by our tenant may be transferred to that tenant at its request. We specifically point out that we and a tenant both act as independent (data) controllers with regard to your access control log data of the doors of the leased premises so that the purpose of the processing of your personal data is different. For us the purpose is defined in this policy (mainly ensuring general safety of our property), and for our tenant the purpose is, subject to our tenant’s own privacy policies, mainly to ensure and audit the physical information security of its own business premises.
We may also disclose the access control data to the police or any other competent authority at its request. We may also share recorded footage between Technopolis Group companies, when it is necessary for the purposes of processing described in this policy.
We may disclose your access control data to our tenants also when this is necessary for identifying, investigating and verifying vandalism and other criminal acts that occur on the premises of the tenants or acts or omissions that have caused damage to the tenant, and for exercising the rights of the injured party.
Your personal data is not regularly processed outside the EU and the EEA. In case your personal data mentioned in this policy will be processed outside the EU and the EEA we will inform you specifically upon collection of your personal data as well as ensure that our subcontractor is covered by adequate data protection requirements (e.g EU Commission Model Clauses). Your personal data may also be disclosed and transferred to the subsidiaries and associated companies of Technopolis Group for their use, for the purposes specified in this policy.
8 Principles of protection of your personal data and data storage period
The only persons who have access rights to the data system where your personal data is processed are our employees (including companies belonging to the Technopolis Group) or our subcontractors and their employees who have the right and need to process your personal data for the purposes described in this policy. Your personal data is protected by such technical and organizational measures that ensure a sufficient and appropriate level of security.
Your personal data is stored for as long as it is necessary for fulfilling the purpose for which it is used. As a rule, your personal data is stored for six (6) months after its creation. The data may be retained after that period also, if this is necessary for completing an unfinished investigation, court proceedings or any other similar matter.
9 Your privacy rights
You have the right to inspect your personal data that is stored in the register, as well as to demand correction of any incorrect personal data and deletion of your personal data. Any such requests must be submitted by you in writing to Technopolis reception services or to email@example.com, and you must verify your identity.
In accordance with the General Data Protection Regulation (Regulation (EU) 2016/679), you have the right to object or request the restriction of processing your personal data at any time, and to file a complaint against the processing of your personal data to the relevant supervisory authority.
Updated 7 December 2022