Privacy policy regarding rental management

1. Controller

Premico Management Oy or its principal (the lessor of the rented apartment)
c/o Premico Management
Aleksanterinkatu 11, 00100 Helsinki
(herein ”we”, ”us”, ”our” or ”Premico”)

2. Contact person

Premico Management Oy / Data protection matters
Aleksanterinkatu 11, 00100 Helsinki

3. About this privacy policy

We provide our clients with rental management services for renting apartments. Such services include tasks related to setting up and managing tenancy. In this privacy policy we tell how personal data of tenants is usually processed in context of rental management services provided by Premico. More detailed information on processing of personal data by each lessor can also be obtained from the lessor in question.

4. What are the grounds for processing and what purposes do we process personal data for?

The purpose of processing personal data in Premico’s operations is providing rental services, fulfilling contractual obligations as well as managing, administrating and developing tenancy and client communications and measuring customer satisfaction and the quality of customer service. The personal data is processed also in order for us to provide residents with the digital services produced through the KomuHomes application they have subscribed to at any given time. As regards the lessor, processing of personal data is based on the contractual obligations related to the rental contract, the legitimate interest of the lessor or a third party, obligations based on law or consent given by the data subject.

5. What data do we process?

We may process the following personal data in context of rental management services:

  • Basic data: name, personal ID, birth date (if no Finnish personal ID), client number; information on rent, its payment, receivables and collection of receivables.
  • Contact information: address, ZIP code, post office, phone number, email;
  • Detailed information: if more detailed identification of the data subject is necessary for the rights and obligations of the data subject or the data controller, e.g. language and gender;
  • When leasing a company apartment, basic information on the company and its contact persons: business ID, contact person, phone number of the contact person, email of the contact person, signatory/representative, billing address, ZIP code, post office, country;
  • Other data given by the data subject in the application based on consent: pets (amount and species), the amount and birth dates of children, reason of moving, smoking (yes or no), job information of all applicants (employer, profession & role, details of employment relationship – permanent or part-time, beginning of the employment relationship, gross income per month) or information on studies (learning institution; degree programme; beginning of studies; estimated date of graduation, gross income per month) or information on retirement (pension per month); reference (name, phone number; email); consent regarding the check of credit report;
  • If the applied apartment is ARA apartment: phone number at work; marital status, personal IDs of possible other applicants, information on pregnancy (if pregnant), information on possible homelessness, obligation to move, information on moving to the district for work-related reasons (employer, beginning of employment, address of the workplace, ZIP code, post office), information on possible other property left in another district (whether the property/apartment is on sale or has been sold), information on moving for another reason, living-related information (the amount of tenants, area of the apartment m2, type of building, type of apartment, condition of the apartment, control ratio), residential costs (rent, maintenance or consumption charge, heating costs, water costs), year of moving in, other information affecting the need for apartment (current gross income per month, capital income per year, other income per year, total income per year), property, fair value of property, study loan, mortgage, other loans), subsistence of spouse (current gross income per month, capital income per year, other income per year, total income per year), other applicants (current gross income per month, capital income per year, other income per year, total income per year), information on possible property (type, name of proprietor, name of real estate / company, address and municipality, date of acquisition, size of real estate, size of the apartment, use of the apartment, sales tax of real estate or apartment), description of other wealth (shares in publicly listed companies, other assets), appendices of the application (salary certificates of persons moving into the apartment, tax certificates of over 18-year-old persons moving into the apartment; certificate regarding the amount of pension, certificate of pregnancy, study certificate of over 18-year-old persons moving into the apartment, description of the fair value of assets, certificate from creditor regarding loans, information on immigrant’s right to reside in the country, residence permit, passport copy, certificate of unemployment daily allowance.

The personal data is necessary for the provision of services and requirement for contractual and/or customer relationship.

6. Where do we collect the data from?

As a rule, we collect personal data directly or indirectly from the data subjects themselves.

In addition, personal data can be collected and updated in accordance with the applicable law for the purposes described in this privacy policy, using publicly available sources, authorities (such as KELA and the Population Register Centre), or other third parties (such as Suomen Asiakastieto Oy) through services that leverage the generally available sources of third parties we use. Such data collection may relate to checking credit information, identifying data subjects, identifying politically exposed persons, as well as fulfilling obligations related to the prevention of money laundering and terrorist financing laws. The collection and updating of data will be performed manually or by automatic means.

7. Where do we disclose and transfer personal data and do we transfer data outside of the EU or EEA?

We may disclose or transfer personal data collected on our website or in our services to Premico Group Oy, the affiliates and associated companies belonging from time to time to the same group of companies with Premico Group Oy or consultants or other contractors of the above-mentioned companies where the disclosure is required by contractual obligations or the above-described purposes of processing. For example, we may transfer personal data to service providers to handle assignments related to the collection of receivables.

We use subcontractors to process personal data. For example, we have outsourced our IT management to a third-party service provider, and personal data is stored in the servers managed and secured by such service provider.

We do not disclose personal data of tenants to other third parties unless the applicable law or services provided by or to the affiliates and associated companies belonging from time to time to the same group of companies with Premico Group Oy for the purposes described herein.

Personal data may be transferred outside of the EU and EEA if it is necessary for the purposes or technical implementation of the processing of personal data. Transfers of personal data will be subject data processing agreements in accordance with the applicable law such as EU’s General Data Protection Regulation. Transfers of personal data outside of the EU and EEA require compliance with the applicable data protection law and appropriate safeguards such as standard contractual clauses based on the European Commission’s applicable decision.

8. How do we protect the data and how long do we store the data?

Systems used for processing of personal data can be used by only such employees of Premico who have the right to process such data for their work-related obligations. Each user has their own user ID and password for the systems. Data will be collected in databases which are protected by firewalls, passwords and other technical measures. Databases and their backups are located in locked facilities. Data can be accessed by only certain pre-approved persons.

We store personal data during the tenancy and from the end of tenancy as long as is necessary for the applicable purpose of processing or set out in law or by ARA.

We assess the necessity of storing personal data on a regular basis considering the applicable law. In addition, we take reasonable measures to ensure that no incompatible, obsolete or incorrect personal data is stored considering the purposes of processing. We correct or erase such data without delay.

9. What rights do you have as a data subject?

As a data subject you have the right to

  • know whether we process data concerning you and, if so, access it and information on the processing of personal data as required by law;
  • require us to correct any inaccurate or incorrect data concerning you and to have incomplete personal data completed;
  • obtain the erasure of personal data concerning you in accordance with law (for example, when data is no longer needed and there is no lawful ground to store such data);
  • withdraw or amend the consent you have possibly given for the processing of personal data;
  • request restriction of processing of your personal data in accordance with law and, for example, when you wait for a response to your request regarding correction of your data;
  • object profiling targeted at you and, in accordance with law, other processing of personal data where processing is based on the controller’s legitimate interest;
  • have your data transmitted to another system in situations regulated by the applicable law.

A data subject may also file a complaint with the competent supervisory authority if the data controller has not complied with the data protection legislation applicable to its operations. In Finland, compliance with data protection legislation is supervised by the Data Protection Ombudsman. If you want to file a complaint with the Data Protection Ombudsman regarding processing of personal data in Premico’s operations you can contact the Data Protection Ombudsman’s office as instructed in

10. Contact information

Contacts and requests related to processing of personal data in Premico’s operations or this privacy policy shall be sent to Premico’s data protection officer described in Section 2.

11. Changes to the privacy policy

If we make changes to this privacy policy we will describe and date such changes below in this policy. If the changes are significant, we may also inform about them in other ways such as via email or by publishing the change on our website. We recommend that you visit our website regularly and pay attention to possible changes in the policy.


8.12.2020: Address of Premico was updated.

2.3.2023: The privacy policy has been updated to improve readability. Contact information of the data protection officer has been added.

16.05.2023; Added purpose for data processing: measuring customer satisfaction and ensuring the quality of customer service.

14.12.2023; Added as the basis for data processing the possibility to provide residents with the digital services produced through the KomuHomes application they have subscribed to at any given time.

27.12.2023; Added examples to section 6.

12.6.2024: Added basic information about the data subject to section 5, added an example to section 7 and removed mention of debt collection.