Privacy Policy concerning resident data of real estate management

1. Controller

Principal of Premico Management Oy
c/o Premico Management Oy, Aleksanterinkatu 11, 00100 Helsinki
(herein ”we”, ”us”, ”our” or ”Premico”)

2. Contact person

Premico Management Oy / Data protection matters
Aleksanterinkatu 11, 00100 Helsinki

3. About this privacy policy

Premico provides real estate management services to housing companies. As a rule, the housing company is regarded as data controller when personal data of its residents is processed. The company providing real estate management services is usually regarded as the data processor. In this privacy policy we explain how personal data is normally processed in context of real estate management services provided by Premico. More detailed information on the processing of personal data by a housing company can be obtained from the respective housing company.

4. What are the grounds for processing and what purposes do we process personal data for?

We process personal data of residents to the extent it is necessary to provide the real estate management services. For example, such personal data may be processed for communicating with residents, customer service, parking management, managing services ordered by the housing company and measuring customer satisfaction and the quality of customer service. These services may include, for example, camera surveillance, in connection with which personal data may be collected in order to safeguard the residents and property of the housing company and to investigate crimes, misconduct, accidents and accidents.

The personal data is processed also in order for us to provide residents with the digital services produced through the KomuHomes application they have subscribed to at any given time, such as the door-opening service and booking sauna turns.

In this context the grounds for processing of personal data include fulfilling contractual or legal obligations and legitimate interest of the housing company or a third party. Legitimate interests may include, for example, developing services and ensuring the safety of the housing company’s residents and property. In certain cases, processing of personal data may also be based on the consent of the data subject.

5. What data do we process?

Usually, we process the following personal data of residents to provide real estate management services:

  • First and last name of the resident of an apartment;
  • Data regarding the apartment;
  • Phone number;
  • Personal ID if necessary;
  • Date of moving in and out;
  • vehicle registration number.

In connection with camera surveillance, data (image, sound and time of recording) may be collected on persons moving in the area of housing companies.

6. Where do we collect the data from?

As a rule, personal data is collected from the residents themselves when moving into an apartment. This can be done e.g. by phone, mail or email. In addition, personal data may be collected when logging in and using the website of the housing company.

In addition, personal data can be collected and updated for the purposes described in this privacy policy based on data obtained from public sources, public officials or other third parties in accordance with the applicable law. Such updates will be performed manually or by automatic means.

Data processed in connection with camera surveillance is collected at locations where camera surveillance is in use at any given time. Camera surveillance is indicated by signs.

7. Where do we disclose and transfer personal data and do we transfer data outside of the EU or EEA?

Personal data can be disclosed to representatives of the housing company for the purpose of their tasks and service providers possibly used by the housing company such as maintenance company, security companies, parking service provider or lock service company. Further, data can be disclosed to residents, shareholders and public officials in accordance with law. We use subcontractors to process personal data. For example, we have outsourced our IT management to a third-party service provider, and personal data is stored in the servers managed and secured by such service provider.

Recordings collected through camera surveillance may be disclosed in order to investigate crimes, misconduct, accidents and accidents in accordance with the legislation in force at any given time and in accordance with the requirements of any competent authorities.

Premico may also disclose the above-described personal data to the affiliates and associated companies belonging from time to time to Premico Group as well as consultants and other contracting parties of such group companies where the disclosure is required by contractual obligations or other grounds for processing the personal data. In addition, personal data may be disclosed to public officials who have requested the information in accordance with law.

Personal data may be transferred outside of the EU and EEA if it is necessary for the purposes or technical implementation of the processing of personal data. Transfers of personal data to clients, suppliers and other third parties will be subject data processing agreements in accordance with the applicable law such as EU’s General Data Protection Regulation. Transfers of personal data outside of the EU and EEA require compliance with the applicable data protection law and appropriate safeguards such as standard contractual clauses based on the European Commission’s applicable decision. Premico does not disclose personal data to other than the above-described recipients unless otherwise required by mandatory legislation.

8. How do we protect the data and how long do we store the data?

We have implemented and maintain appropriate technical and organizational measures to protect the personal data against accidental or unauthorized access, disclosure, destruction, loss, damage, manipulation and against other unlawful processing. Our data protection practices include physical measures, access management (e.g. user IDs, firewall, digital encryption technologies), logs, anti-virus software, prevention of DoS attacks and other necessary data security measures.

Personal data is processed confidentially in Premico’s operations. Access to personal data is limited to persons who need to access the personal data to carry out their work obligations.

We store personal data in an identifiable form only as long as is necessary for the applicable purpose of processing. More detailed information on the retention periods of personal data of residents can be obtained from the applicable housing company. For example, the retention period of data collected through camera surveillance depends on the solution used at the site, however, so that recordings are stored for a maximum of one year, unless a possible legal claim or other investigation of criminal, misconduct, damage or accident situations requires a longer retention period.

9. What rights do you have as a data subject?

As a data subject you have the right to

  • know whether we process data concerning you and, if so, access it and information on the processing of personal data as required by law;
  • require us to correct any inaccurate or incorrect data concerning you and to have incomplete personal data completed;
  • obtain the erasure of personal data concerning you in accordance with the law (for example, when data is no longer needed and there is no lawful ground to store such data);
  • withdraw or amend the consent you have possibly given for the processing of personal data;
  • request restriction of processing of your personal data in accordance with law and, for example, when you wait for a response to your request regarding correction of your data;
  • object profiling targeted at you and, in accordance with law, other processing of personal data where processing is based on the controller’s legitimate interest;
  • have your data transmitted to another system in situations regulated by the applicable law.

A data subject may also file a complaint with the competent supervisory authority if the data controller has not complied with the data protection legislation applicable to its operations. In Finland, compliance with data protection legislation is supervised by the Data Protection Ombudsman. If you want to file a complaint with the Data Protection Ombudsman regarding processing of personal data in Premico’s or another party’s operations you can contact the Data Protection Ombudsman’s office as instructed in

10. Contact information

Contacts and requests related to processing of personal data in Premico’s operations or this privacy policy shall be sent to Premico’s data protection officer described in Section 2.

11. Changes to the privacy policy

If we make changes to this privacy policy we will describe and date such changes below in this policy. If the changes are significant, we may also inform about them in other ways such as via email or by publishing the change on our website. We recommend that you visit our website regularly and pay attention to possible changes in the policy.


8.12.2020: Address of Premico Management Oy was updated.

2.3.2023; Data controller was clarified as the principal of Premico Management Oy. The privacy policy has been updated to improve readability. Contact information of the data protection officer has been added.

16.05.2023; Added purpose for data processing: measuring customer satisfaction and ensuring the quality of customer service.

14.12.2023; Added as the basis for data processing the possibility to provide residents with the digital services produced through the KomuHomes application they have subscribed to at any given time, such as the door-opening service and booking sauna turns.

30.3.2024: Added parking management as the basis for data processing and ‘parking service provider’ as a new service provider in section 7.

12.6.2024: Added description of personal data collected through camera surveillance.