Taitokaari Group – General Privacy Notice: Cooperation and Contractual Relationships
Privacy is important to Taitokaari Oy and the companies belonging to the Taitokaari Group. We aim to maintain the trust of our customers, partners, tenants, and employees by ensuring that personal data is appropriately protected and processed in accordance with the GDPR and other applicable data protection regulations.
This privacy notice applies to the Taitokaari Group generally, and in particular to all our cooperation and contractual partners. Separate, more targeted privacy notices are applied to the housing and real estate companies we manage, our construction and development projects, HR purposes, etc.
This notice is based on the General Data Protection Regulation (GDPR) and the Finnish Data Protection Act (1050/2018), as well as the regulations and decrees issued under them. It is updated from time to time.
Within the Taitokaari Group, our customers include home and property buyers, tenants, construction contractors, suppliers, subcontractors, tax and other service providers, and numerous other partners. Our partners also include various stakeholders and individuals with whom we operate on a contractual basis or otherwise in mutual understanding, such as investors of funds and joint ventures we manage or own, planning authorities, real estate agents, site supervisors, etc. As a representative of our partner, you provide the Taitokaari Group with personal data of employees or other involved persons; the privacy principles applied to such data are outlined below.
In this privacy notice, we describe in detail how we use personal data of our partners. For Taitokaari Group operations in Finland, the data controllers are Taitokaari Oy, Taitokaari Property Management Oy, Rakennuskaari Oy, and Bitonet Oy—meaning that the controller is either Taitokaari Oy and/or the specific Taitokaari Group company with which you are dealing.
We process personal data in the Taitokaari Group on several legal bases. References to “you” or the “data subject” mean the partner, potential partner, and their representatives, management, employees, or other relevant parties.
1. Personal Data We Collect
We collect personal data mainly directly from you, or from another representative of your organization, or when you use our services or enter into an agreement with us concerning property or share transactions, assignments, deliveries, rentals, (sub)contracting, investments, etc. We may request additional information to keep our data up to date or verify its accuracy.
We also collect information via our digital channels—feedback, requests, messages. Phone calls and chat conversations may be recorded for confirmation of assignments, documentation, quality control, and development. For safety reasons, we may use surveillance cameras.
Collected personal data includes:
- Identification data: Personal identity code and name; in employment contexts also next of kin details. We are obliged to collect and document identification data, for example by copying a passport, driving licence, or similar document.
- Contact details: Phone numbers and addresses (including postal address) and country of residence for foreign addresses.
- Financial information: Contract type, transaction data, payment and, if necessary, credit history.
- Data required by law (taxation, anti‑money‑laundering, etc.): Especially for employees and investors, and in connection with site presence logs and contractor responsibility reporting. This includes tax country, foreign tax registration number, and data required for customer due diligence and AML compliance.
- Other: Log data related to our information security systems, property management services, and electronic signing. (Video) recordings related to the properties we manage, to prevent vandalism and support police investigations.
- Personal data we may receive from third parties:
Publicly available information or data from external sources:
– registers maintained by authorities (tax administration, population information system, trade register, regional authorities, financial supervisory authorities, etc.)
– international sanction lists (EU, UN, etc.)
– credit information registers
– commercial data providers offering information on beneficial owners, politically exposed persons, etc.
– our partners - – other companies belonging to the Taitokaari Group
2. Use of Personal Data and Legal Bases
We process your personal data primarily for the following purposes:
– To fulfil legal obligations – Legal basis: applicable law (e.g., accounting, taxation, payroll, corporate law obligations)
– To comply with financial and regulatory obligations – Legal basis: regulation and supervisory requirements (e.g., reporting obligations to the Bank of Finland, Financial Supervisory Authority, investors, and other stakeholders)
– To fulfil contractual obligations and exercise contractual rights – Legal basis: contract (e.g., actions under rental, contracting, or purchase agreements; resident registers)
– Other uses: preparing offers, providing and purchasing services – Legal basis: legitimate interest or consent (e.g., performing rental or other agreements, preparing offers; AML/KYC checks; accounting‑related reporting obligations; payment services; securities and insurance activities; marketing and customer analysis based on legitimate interest; event invitations requiring consent)
3. Automated Decision-Making
If we use automated decision-making, we will provide additional information about the logic, significance, and consequences of such processing and request your consent where required.
4. Disclosure of Personal Data
To comply with payroll and other legal obligations, offer our services, and fulfil agreements, we may disclose personal data to third parties such as:
– tax and other authorities
– companies within the Taitokaari Group
– IT and other service providers
– payment service providers
– business partners
We always ensure that appropriate data protection obligations are followed before data is disclosed.
5. Protection of Personal Data
The Taitokaari Group uses various administrative and technical security procedures to protect personal data from loss, misuse, unauthorized disclosure, destruction, or alteration.
6. Your Privacy Rights
Under the law, data subjects have certain rights:
a) Right to request access to your personal data (with limitations based on law, privacy of others, and business confidentiality)
b) Right to request rectification of incorrect or incomplete data
c) Right to request deletion of data (except where retention is required by tax or other legislation)
d) Right to restrict processing to storage only (unless we have a legitimate interest to continue processing)
e) Right to object to processing for direct marketing or related profiling
f) Right to data portability (applicable to automatically processed data based on consent or contract)
Requests are assessed individually. A detailed and justified request should be sent by email to tietosuojavastaava@taitokaari.fi. The sender’s identity will be verified before processing. Requests are handled according to legal requirements, and responses are delivered personally when reasonably possible. A log of requests and actions taken is maintained in accordance with this notice.
7. Cookies
We collect, process, and analyze log data related to the use of Taitokaari Group websites. Traffic data includes information processed in communication networks for transmission, distribution, and availability of messages. Cookies and similar technologies are used to analyze traffic and improve customer experience, enabling secure communication, marketing, and service delivery. Individual identification data is not used in this context. Restricting cookies may significantly limit website functionality. More information is available on our website.
8. Retention of Personal Data
We retain personal data for as long as necessary for the purposes for which it was collected, or as long as required by law or regulations, including those required for contract performance. AML, counter-terrorist financing, accounting, tax, and other regulations define mandatory retention periods. – Accounting: 10 years
– Fund management: 7 years
– Recruitment and employment matters: 6 months to 2 years, unless otherwise agreed with the data subject.
– Recruitment and employment matters: 6 months to 2 years, unless otherwise agreed with the data subject.
