To smooth your journey through sato.fi we use cookies. By continuing to use this site you agree that cookies will be stored in your browser. You can delete the cookies any time through your browser settings. Read more about cookies and sato.fi information security here »

How does SATO take care of its customers' privacy online?

We take online privacy issues seriously at SATO. Below you can find a comprehensive report on privacy issues and the terms of use, as well as different data file descriptions.

If you need more information, email us at asiakaspalvelu@sato.fi. We are happy to help.

Privacy and terms of use

SATO Corporation in Finland and its subsidiaries in other countries (hereinafter SATO) makes the information on this website available to its customers on the terms recounted below in this document with the intention of providing its customers with better service and enabling easier access to information.

Content on the SATO website is provided to you ‘as is’. SATO is not liable for the content, correctness, accuracy or reliability of the website and SATO assumes no liability for any direct, indirect, incidental, special or consequential damage, any loss of profit or any business disruption caused by the service provided by it on the website or the suspension of such service or by any content on the website even if SATO had been informed of the possibility of such damage. SATO also does not assume liability for the delivery to the intended recipient of any message submitted via the website. SATO reserves the right without giving notice to modify the site at any time, to deny access to the site and to suspend the online services. SATO may modify these terms at any time by updating this notice.

Any and all content on this website, including but not limited to text, graphics, logos, icons, images and drawings as well as audio recordings and software are the sole property of SATO or its content provider or other subcontractor or supplier. The said materials are subject to protection under copyright legislation in Finland and elsewhere. The user has the right to make one copy of information on the website for personal, non-commercial and internal use on a single computer unless SATO has given express written consent for other copying or use. Press releases and other public documents may be used in public communications provided that the source is credited.

Some components in SATO’s online service require the user to enter personal data. Personal data is collected only with the voluntary consent of the users. The user data collected in services which require registration become a part of SATO's customer registers. The data held in these registers are used to maintain and manage the customer relationship, for customer marketing and direct marketing, and for customer surveys and market research surveys. SATO does not disclose data in its customer registers to third parties. However, SATO has the right to disclose data in its customer registers to parties under contractual relationship with SATO and to real estate agents with whom SATO homes are listed, as well as to disclose maintenance requests, orders for new keys and equivalent data to service providers under contractual relationship with SATO, such as contractors and property maintenance companies. SATO may record telephone calls made to its customer service numbers. SATO may use external data sources to update and supplement customer data. For further information, please see the SATO group’s data file description.

The building and apartment layouts published on SATO’s website are indicative only and are not drawn to scale. SATO reserves the right to modify any information and home prices published on its website.

The user is responsible for keeping any personal user ID confidential and for any use of the website with the personal user ID. The user is liable to SATO and directly liable to all other parties for possible abuses and acts contrary to law or contract.

The SATO website may contain links to websites maintained by third parties (e.g. building-specific portals, map service). The companies in the SATO group are not liable for the content of such sites or for the registration of personal data collected on such sites being in compliance with law.

SATO does not guarantee that its website is free of viruses or other harmful or destructive software or components.

This website may use cookies from time to time.

Cookies are used to collect data on e.g. the page from which you originated, the pages on our site which your viewed and the time of viewing, the browser used, your display resolution and your operating system, and the IP address of your computer, i.e. the address from which the data you submit originates and where the data is received.

Cookies allow SATO Corporation and its partners to monitor website usage and to analyse and improve the services. Additionally, SATO Corporation's partners may use cookies which collect data on the user's visits to this site and other sites in order to target advertisements. Data collected with cookies are used to generate targeted advertising based on the visitor's interests. Users are not identified when advertising is targeted using cookies and the data are not linked to any personal data which may be obtained from the user in other contexts.

Users may prevent the use of cookies by adjusting their browser settings to block cookies. The user accepts that blocking cookies may affect the functionality of certain services.

Please note that all materials and data disclosed, sent or submitted by you to or on the website, including but not limited to suggestions, ideas and other notices, are non-confidential, irrevocable, royalty-free, fully sub-licensable and non-proprietary, and that no right of ownership in such materials or data exists. SATO has not obligations pertaining to such communication. By sending or submitting data or materials you give SATO unlimited and irrevocable licence to use, publish, copy, present, implement, modify, forward, distribute, integrate and/or otherwise use the communication as well as any data, visual material, sound, text or other element included the communication in all kinds of materials and information for both commercial and non-commercial purposes. You also accept that SATO has full right to use for any purpose the ideas, concepts, knowhow or technology disclosed by you.

Contact point as required under section 21 of the Act on provision of information society services:
SATO Corporation / Marketing and Communications
PO Box 401
FI-00601 Helsinki
p. +358 201 34 4000
viestinta@sato.fi

Data protection: Processing of customer data in the Finnish operations of SATO
1. File controller

SATO Corporation (on its own behalf and on behalf of companies in the SATO group, hereinafter SATO)
Panuntie 4, PO Box 401
FI-00601 Helsinki, Finland
phone +358 20 334 443

Contact person:
Compliance Officer Riitta Salo
Panuntie 4, PO Box 401, FI-00601 Helsinki, Finland
tietosuoja@sato.fi

Updated 14th April 2020

2. Names of data files

• customer relationship management
• marketing and communication
• camera surveillance
• photo archive

3. Purpose and legal basis of processing of personal data

SATO divides personal data into information relating to the establishment and management of customer relationships and tenancies, information relating to the sales of homes and commercial premises (customer relationship management), information relating to marketing and communications as well as camera surveillance. SATO has also a photo archive that includes photographs of various sessions and events.

Agreements can only be concluded with customers who provide us with the required personal data.

All personal data are kept confidential.

Customer relationship management
The purpose of the processing of personal data is to establish, manage and develop a customer relationship, such as renting and sales of homes, parking spaces and commercial premises, the provision of housing advice, resident participation and the management and development of related business and housing supply and attending to the rights and obligations of the landlord or home seller.

The processing of personal data related to the establishment and management of customer and tenancy relationships, customer panels, housing counseling, communication to residents, residential democracy, housing sales, housing investment and often also marketing is based on a valid or earlier contractual relationship.

The legitimate interest is related to SATO's business interests, such as quality control of services, development of services and housing supply and customer satisfaction measurement and direct marketing. The legitimate interest is also associated with risk mapping and management, the protection of SATO's rights and assets, the implementation of physical and data security and the transfer of data between SATO Group companies. Based on the legitimate interest of SATO and the Customer to prevent or detect abuse, we may save a copy of the identification document of the Customer, his / her agent or his / her assistant to the Customer's information to ensure the reliable identification of that person. SATO may, on the basis of a legitimate interest, transfer personal data between SATO Group companies.

We may record the imposition of international sanctions and the prohibition on doing business based on SATO's legitimate interest or a statutory obligation.

In managing the rent receivable and accounts payable ledgers, we required the customer’s personal data for the invoicing and collection of rents, usage charges and other invoices and purchase price instalments and in the related services based on a valid or earlier contractual relationship.

We also process personal data in the context of the maintenance of rented homes, commercial premises and properties, in responding to defect reports, in the management of lease agreements and in the context of warranty inspections of homes sold. Your personal data are required in defect report, repair, inspection and change situations related to apartments as well as in the management of lease agreements and in service provision based on a contractual relationship.

If you are a SATO resident, your personal data may be used in the list of names at the entrance to your building, on door nameplates, on the sauna and laundry room turn lists and for equivalent purposes. Personal data may also appear in apartment-specific energy and water consumption monitoring and in other measurements relating to building systems. We may take photos in your home for renting it in the future and monitoring the condition and maintenance of the apartment, but we do not photograph people in your home without your consent.

In addition, we have a service channel OmaSATO (at oma.sato.fi). OmaSATO channel is intended as a residential service channel, where we offer the opportunity to view and modify your personal data (limited). The channel also serves as a communication instrument and as a supply channel for housing related services.

The information provided by you in the context of applying for a rental home or rented commercial premises or making an expression of interest in a home for sale (=reserving the chance to buy without making a deposit) is equated with information relating to contractual relationships.

SATO's Internet services include a real-time chat service.
SATO's call centre service may include the possibility to use an interpreter service.

Marketing and communication
SATO markets rental and owner-occupied apartments and housing-related services to its tenants on the basis of a valid or earlier contractual relationship and with those who consider renting or purchasing the dwelling, based on the consent or legitimate interest of SATO. SATO may, on the basis of a legitimate interest, transfer personal data between SATO Group companies.

Housing-related services may include, for example, Find a home search engine, a residential panel, parking and travel, furnishing, broadband, wellness and home entertainment services, electricity and home insurance, cleaning and garment maintenance, and grocery shopping. The service provider may be SATO or another company. SATO also sends to its customers newsletters, event invitations and similar newsletters, which include, among others, information on current issues related to your home and living.

The SATO Pulse residents panel is a survey channel which besides marketing also serves the needs of development. The data in the data file are used for customer surveys and opinion polls, the results of which are used in support of SATO’s business. We use the information we receive from you to find out what kind of things you value in your living.

In marketing apartments and managing customer relationships, we need the customer's personal data in managing the service and maintaining basic information.

The processing of data relating to our marketing may take place in accordance with our existing or previous contractual relationship, based on a legitimate interest in SATO's business or on the customer's existing consent.

SATO can market its services, for example, on its website and otherwise in public at any time.

Direct marketing (such as a letter or a call) may be based on our contractual relationship or SATO's legitimate interest, but you have the right to oppose direct marketing at any time, so SATO will no longer target you direct marketing. You can, for example, make a statement of opposition to the e-mail at tietosuoja@sato.fi.

For electronic direct marketing (such as e-mail or SMS), we need your prior consent to use the electronic message channel. You can give or cancel your consent for example by emailing it to tietosuoja@sato.fi.

The data of customers given consent to marketing can be used to develop marketing communications and thereby better and personalized and more targeted communication. For this purpose, the e-mail address may be associated with the information obtained through cookies.

When SATO informs its customer for example about future repairs or a water outage, it is not marketing, but managing a customer relationship, and does not require the customer's consent but is based on a contractual relationship. Such communication may take place by post, telephone, SMS or e-mail.

Visitors
Personal data may be collected from persons visiting SATO's offices on the basis of SATO's legitimate interest.

Camera surveillance
In order to safeguard security and legal protection, the property owner may collect camera surveillance data in SATO’s premises and properties and on their yards, such as in the vicinity of entrances, at refuse collection points and in parking garages. The data are used to investigate criminal offences and incidents of damage, and when necessary to security control. Visible signs to indicate camera surveillance are placed in the premises and areas where cameras are located. Camera surveillance is based on the legitimate interest of the property owner and the customer. SATO Oyj acts as a controller for properties owned by companies belonging to the SATO Group. In addition, alarm and security systems may be used at SATO's premises.

Photo archive
Photographs can be taken at sessions and events organized by SATO. Photographs can be used in SATO's publications, but they do not include the names of the customers. Photos represent a group of people where nobody is emphasized. Only with your consent we can publish a photo that expressly shows you. The use of a photo archive is based on SATO's legitimate interest as a trader.

Automatisation
We may classify registered customers automatically on the basis of certain pre-determined criteria in order to improve the efficiency of leasing, to target marketing and communication as well as to interpret the results of surveys and polls. The classification is never based on the use of specific personal data. This is how we develop renting, housing supply and services more efficiently. We can use automated processes in decision-making related to the choice of tenant housing. The applicant for a rental apartment always has the right to demand that his / her application be handled by a natural person.

Cookies
SATO uses cookies to the extent required by the Internet service. Cookies can be used to collect online statistics on online behavior from all users in connection with the use of SATO's Internet services in anonymous form. SATO does not collect personal data using cookies, unless otherwise stated in this privacy statement. Cookies are stored in the user's browser memory to enable user-specific actions, such as logging in or giving consent. In connection with the use of the Oma.sato.fi portal, the id address is stored in the cookie of the logged-in user in a pseudonymous form to identify the right of use. The cookies are mainly long-term and can remain on the user's machine for one month to four years, unless the user deletes the cookies from their computers. SATO use a third party (such as the Face-book, Twitter, Instagram, Linkedin, Google, Hotjar, Giosg, Youtube, Adform) services, for example. monitoring the quality of internet service and targeting advertising. These service providers store their own cookies in the memory of the user's browser. Third parties do not collect the user's personal data, but use the Close enough principle to provide the service. For more information on third-party cookie functionality, visit each operator’s website, for example
www.google.com/policies/privacy/partners/
https://fi-fi.facebook.com/policies/cookies/

Strong electronic identification
If you have access to your own personal data in SATO's data systems (OmaSATO) on the basis of strong identification, the identification data will be collected in the data of the company providing the identification service. SATO collects personal data in connection with the use of the system and for the management of its use in accordance with data protection norms. In this way, we safeguard the legitimate interests of both you and SATO in the event of any problems. We can record communications via OmaSATO on the basis of a contractual relationship. SATO Oyj acts as the controller of the personal data it collects.

When using strong electronic identification services and when making electronic signatures, you must provide the identity service provider the personal information it needs and act according to the instructions provided by the service provider. The service provider acts as a controller for the personal information you provide to it.

Archive
SATO has an electronic and a paper archive in which documents are stored to the extent required by contractual relations and legislation. At the end of the retention period, old documents may be retained in the archive for historical and archival purposes on the basis of SATO's legitimate interest.

4. File data content

Customer relationship management
The following data may be recorded in the customer relationship management and sales systems about applicants for rental homes, lessees, co-lessees, co-payers, other persons to reside in the apartment and persons expressing interest in and purchasing homes as well as commercial premises and parking space lessees:

Person’s name, date of birth, personal identity code, address, previous address, phone number, email address, IP address, communication language, material language, identity document or details of residence permit, guardianship details if applicable, gender, occupation, employment status, employment duration and type, household form, credit and payment history data, housing allowance data if applicable, data concerning current home, marital status, data on non-disclosures of data ordered by the authorities, housing application and lease agreement data, deed of sale data, data on payment of rent, other tenancy-related charges or purchase price, security deposit data, segmentation data, other contact details if any, other data supplied by the customer, and participation in activity organised by SATO as well as information about your possible consents and withdrawals, as well as information about your registered requests and any limitation or objection to the processing of your data. We can also record observations related to your skills in neighborly and in home care, as well as remarks concerning customer leaving prediction.

Key and access data may be recorded and processed in respect of homes and commercial premises equipped with an electronic locking system. In addition, we may record data required under the Act on the Contractor's Obligations and Liability when Work is Contracted Out and the Act on the Prevention of Money Laundering and Terrorist Financing and international sanctions.

Also, if necessary, a copy of the identification document of the customer's assistant or agent can be taken and stored in the customer information system in connection with the customer's data.

Communication between customers and SATO employees may be recorded. We may also record data entered by SATO employees regarding service measures.

Data on invoicing, payment and collection events are recorded in the accounts payable and receivable systems.

We may record the names and dates of birth, and in respect of persons 16 or older, also the personal identity codes of any other persons to reside in the apartment. Such persons include all those who move into the apartment, the residents of apartments rented for employee accommodation, and persons subletting in part or in full.

Special and sensitive personal data
We can save a personal identification code of our leasing contractor or other contractor or other person in need of leasing on the basis of the Privacy Act (1050/2018).

Special or High-risk data under the EU Data Protection Regulation include ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union, genetic or biometric data, health information, sexual behavior and orientation, and criminal convictions and offenses information.

We strive to avoid high-risk data recording and processing, but if you have self-reported such information, for example, for tenant selection, or we get information from an authority, we can store and process such information in accordance with enhanced confidentiality. We may also get special personal information unintentionally in connection with camera surveillance. Special personal information is not used for customer profiling.

Information about the high-risk data and the customer's financial position and life situation (sensitive information) is dealt with enhanced confidentiality.
Data on international sanctions and business prohibitions can be recorded to secure SATO's legitimate interest or on the basis of a statutory obligation.

Marketing and communication
Before any application or expression of interest is submitted, we may for marketing purposes collect the customer’s name, address, occupation, communications language, income data, life situation data, phone number, email address, IP address (network adapter address), social security number, age, marital status, data about interests and possibly also other contact details, and participation in activity organised by SATO. We can also record opinions and comments expressed by people in the SATO Pulse residents panel and conversations saved in the chat service.

We also provide customer benefits that are provided to you by a non-SATO company. If you use customer benefits, you give your data to the company. We can only give your data to a company that provides customer benefits if you explicitly consent to it.

Data systems
To manage the use of data systems (such as OmaSATO), we may collect from the customer an IP address, access rights to the information systems and their restrictions, the name and e-mail address of the licensee, usernames and passwords, and other identifying information such as pin codes in pseudonymous form.

Camera surveillance
Camera surveillance data contains data on the persons present in the area covered by the surveillance cameras, at SATO's premises and real estate as well as in their courtyard, such as in the vicinity of the entrances, waste disposal points and garages. In addition to video footage, the data file also includes the date and time of the images recorded. Our camera surveillance does not record audio. The data file is made up of the transmitted digital recordings made when the cameras placed by SATO at necessary locations are in operation.

Photo archive
Photographs of the audience may be taken at public events, however, the names of the persons present in the photographs shall not be recorded with the photograph unless otherwise agreed with the person concerned. Such photographs can be published in releases and newsletters. For marketing purposes, no person-specific photos are used without the explicit consent of the people therein.

5. Regular sources of data

Our regular sources of data are the data provided in the context of applications to rent a home, parking spaces or commercial premises, the conclusion of lease agreements, the expression of interest in buying a home, the signing of a deed of sale, during the tenancy and for marketing purposes from the customer.

We collect data from you and your cohabitees/flatmates or business associates in the context of using sato.fi services, in communication and customer service situations and apartment visits. We also collect data from people who submit a rental application or express interest in a home for sale. Data may also be provided by a real estate or rental agent. We can record the information we receive from you via the OmaSATO channel and chat conversations. When you use our services, the use of their content will be saved.

We may also receive your personal data if a customer who leaves the apartment recommends you to SATO and you need a rental apartment.

A person visiting SATO's premises may be asked for his or her personal information.

When we are acquiring a rental home or an entire building of rental units, the seller provides us with data on the tenants and residents to be recorded in our own systems.

Data may also be collected e.g. when you take part in campaigns or events organised by us. Photos can be taken from the audience at events.

Data are updated on the basis of sources such as notifications and events during tenancy. With regard to notifications, the data source may also be a third party, in which case we strive duly to ascertain the correctness of the data. We can also obtain information on the basis of contacts related to appartment sales.

We may verify the correctness of personal data from the Population Data System in the context of applications to rent and expressions of interest in buying a home. We may also verify resident data on the apartments owned by us from the same source. Personal data may furthermore be collected and updated on the basis of information obtained from our partners as well as authorities and enterprises providing services relating to personal data.

Credit and payment history data as well as sanction compliance data may be collected and updated from sources including the data file of Suomen Asiakastieto Oy while housing allowance data may be obtained from Kela.

SATO may also review and update contact data, telephone numbers and other personal data from other reliable, paid or free sources of information provided by third parties.

For managing the use of data systems such as OmaSATO, SATO may collect necessary data from you and SATOs staff will create and maintain the IDs

Photographs are taken by SATO staff or a hired photographer.

The camera surveillance data file is made up of the transmitted digital recordings made when the cameras are in operation. Camera surveillance data are recorded automatically when someone enters the area under surveillance when the camera is in operation.

6. Data disclosures and data transfers

SATO does not publish the data collected by it and complies with the obligation of secrecy in respect of personal data unless otherwise required by legislation or the establishment, exercise or defence of legal claims or otherwise mentioned in this privacy policy.

SATO may disclose personal information to authorities that request it pursuant to law.

The data referred to in this data file description are not transferred outside the SATO group with the exception of contractual partners carrying out specific duties (e.g. customer relationship management or service provision and developing, letting, translator service, sales of homes or other premises, property management services, construction or repairs and their supervision, security control, customer data supplementation or collection in part, or information system and data security development, chat service). These partners are bound by a secrecy obligation and a data protection agreement. Data may also be transferred to parties which under legislation have the right to obtain the data. The data protection agreement provides for matters including the standard of information security and reporting of information security breaches between SATO and the contractual partner, in accordance with the EU General Data Protection Regulation.

The Housing Finance and Development Centre of Finland (ARA) in respect of ARA-subsidised rental homes and the City of Helsinki in respect of Hitas homes act as the supervisory authorities which have the right to obtain the data required for supervision. Data may also be disclosed to the City of Helsinki for the purpose of performing draws on the allocation of Hitas homes. KELA has the right to obtain data on persons to whom it pays benefits.

The photos of audience taken at SATO's events may be used as an illustration of SATO's publications within the limits permitted by law.

The data in the camera surveillance data files may be disclosed to the police, other competent authority, or, on the basis of a business license, to a security service provider for the purpose of investigating suspected offenses and abuses.
The data will not be disclosed for direct marketing or similar purposes.

When SATO disposes of a rental home or building of rental units, the valid data on its residents and tenants can be disclosed to the buyer of the home or building.

We also provide customer benefits that are provided to you by a non-SATO company. If you use customer benefits, you give your data to the company. We can only transfer your data to a company providing customer benefits if you expressly consent to it.

Personal data may only be transferred outside the European Union or the European Economic Area to the United States in accordance with EU data protection regulation and within the limits set by the EU Commission (US / Privacy Shield) concerning the adequacy of data protection in the destination country and in accordance the binding rules adopted by the data protection authorities.

7. Links to third-party websites on SATO’s websites

SATO’s websites – sato.fi and kotona.fi – may offer third-party links. By clicking on such a link, you may receive third-party customer benefits and services and take part in contests and draws arranged by them. Our partners who provide customer benefits may use cookies which collect data on your visits to sato.fi and other sites in order to target advertisements.

SATO shall not be held liable for any collection or processing of personal data thus carried out by third parties. In these situations, you yourself disclose your data directly to the third party, for example to receive services or customer benefits or to take part in a contest or draw.

SATO may provide your data to third parties providing customer benefits only with your express consent.

8. Period of storage of personal data

The stored data in the Find A Home search engine on SATO's website will be deleted from the register no later than three calendar years after you were last time active in the search engine on SATO's website or related services, provided that there is no other legal basis for keeping your data, such as application for a rental home or reservation act for the sale of owner-occupied dwellings.

Your consent to use the online direct marketing channel is valid until you withdraw your consent. After withdrawal of your consent, your data will not be used for online direct marketing.

You may also withdraw any other consent you have given to the processing of your data. If there are no other legitimate grounds for processing your data, your data will be deleted without undue delay. In all cases, the activity requiring your consent will cease immediately, even if your data cannot be deleted. In this case, the information about your consent and its revocation may be kept for a maximum of six years from the revocation of the consent.

If we have received your personal data from a customer leaving the apartment who has recommended you to SATO, your personal data may be retained for a maximum of one full calendar month, unless you yourself wish to continue the customer relationship with SATO.

Information about your consent and its withdrawal, as well as your contact information, will be retained for a maximum of six years after the withdrawal of the consent, provided that you have not submitted a rental application or reservation to SATO.

The data of those who have submitted a rental application or given to SATO an expression of interest to buy can be stored for a period of six years from the date of the most recent one of these unless the customer has concluded a lease agreement or purchased a home.

Payment defalts information will always be deleted at the latest six years after the lodging of the housing application. Payment default data can be deleted upon request three years after the submission of the application only in case of a customer who has applied for housing free of ARA restrictions.

Data relating to a lease agreement or home purchase may be stored for ten years from the expiration of the lease agreement, conclusion of the home purchase, and mutual completion of the obligations relating to the tenancy or home purchase. The same storage period applies to all persons who reside(d) in the home as well as recorded phone calls and other dialogue/communication with you. The data associated with participation in the resident panel will remain the same time as the lease agreement.

Photos can be stored for active use for up to 10 years after taking the photo and for archival and history purposes permanently.

Visitors' data will be retained for a maximum of one full calendar year.

Camera surveillance data are stored for the amount of time found necessary when they contain data based on the purpose and under investigation. Data under investigation are stored for the period of time needed for the establishment, exercise or defence of legal claims. When the need for storage of the data comes to an end, the data are removed within three years. Otherwise the data are regularly destroyed by being recorded over within no more than a year of initial recording.

Datasystem usage management data can be stored for maximum six calendar years from the removal of access rights.

Data collected by means of cookies are stored for a maximum of four years depending on the nature of the cookie.

Documents in the electronic and paper archives may be retained for active use for a maximum of 15 years after the expiry of the document and for archiving and historical purposes permanently.

9. Principles of data file protection

Only designated representatives of the personnel of SATO or a contractual partner selected by SATO who have a legitimate need to access the data for work have the right to access the systems containing personal data and to process the data held in the systems. There is a data protection agreement between SATO and the contract partner. The use of personal identifiers is required. The system is protected through technical and administrative means.

A. Manual data / storage location and protection: Data are stored in locked and supervised premises. Access is restricted to persons designated by the SATO.

B. Electronically stored material / Principles of right of access to data, access control and physical protection of hardware: Data are only accessible by persons designated by the SATO Group. The access rights to a data file are determined individually for each position. SATO’s internal processes are observed in the determination of access rights. The databases and data networks used to store data are protected by means of organisational and technological measures. The supervision and protection of data files complies with regulations applied within the EU.

10. Right of access to own personal data

You have the right to receive from the file controller, i.e. SATO, confirmation as to whether personal data concerning you is being processed.

You have the right to access your personal data. You may request the right of access from SATO in person or in writing. Written requests should be submitted to our customer services by email: asiakaspalvelu@sato.fi or by post to SATO Customer Services, PO Box 401, FI-00601 Helsinki, Finland. You can also check with your OmaSATO channel for information about yourself.

You can personally contact us in SATO's headquarters in Käpylä, Helsinki, or at the SATO service centers in Helsinki City, Tampere or Turku, the addresses of which you can find on SATO's website at https://www.sato.fi/en/contact-information.

We do not disclose photos, camera surveillance data, cookie information and system usage log data because these materials would contain the personal data of other people or disclosure would be unduly burdensome.

We comply with access requests without delay, but no later than one month after the request. In exceptional situations, the delivery time may not exceed three months.

The data will be supplied to you in single copy in person against verification of identity, or by other protected means using reliable identification. Requests submitted electronically will be complied with electronically when possible in terms of information security.

If the request for access is manifestly without foundation or unreasonable, and especially when the requests are made repeatedly or if more than one copy is requested, as controller we may charge for compliance with the request a reasonable fee, based on administrative costs, or refuse to comply with the request.

11. Rectification or removal of personal data and right of data subject to request restriction of processing

You may request the rectification of incorrect data. The decision on rectification is made by us. We may rectify incorrect data detected after receiving the correct data from you or another reliable source.

In so far as you are capable of taking personal action, for example on the OmaSATO channel you must, without undue delay after having been informed of or having personally detected an error, on your own initiative rectify, remove or supplement personal data contained in the data file that is inconsistent with the purpose of the data file, incorrect, unnecessary, incomplete or obsolete. You are responsible for keeping any personal user ID confidential and for any usage taking place with the personal user ID.

You have the right to have the personal data concerning you erased from the data file (‘right to be forgotten’) after the end of the storage period if your personal data are no longer needed for the purposes for which they were collected, you object to processing for which there are no legitimate grounds, consent is withdrawn in respect of processing based on consent, or the personal data have been unlawfully processed or SATO is obligated under law to erase the data. As file controller, SATO in compliance with legislation in force from time to time decides on the erasure of data without undue delay.

You have the right to ask SATO to restrict the processing of your personal data when
• a request concerning rectification or removal of your data is pending;
• the processing of the data is unlawful and you object to the erasure of your personal data, asking instead that the processing of the data be restricted;
• SATO no longer needs the said personal data for processing purposes but you need the data for the establishment, exercise or defence of a legal claim;
• you have objected to the processing of the personal data pending the verification whether the legitimate grounds of the controller override yours (the balancing test).

When processing is restricted on the aforementioned grounds, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

12. Right to object to processing on grounds relating to your particular situation

You have the right, on grounds relating to your particular situation, at any time to object to us processing your personal data pursuant to the legitimate interest of the file controller.

The objection specifying the grounds on which you object to the processing may be submitted to the contact person of the file controller in this data file description (page 1). SATO may refuse to comply with your objection on grounds laid down in legislation after completing the necessary balance test between your and SATO's legitimate interests.

13. Right to prohibit direct marketing

Where personal data are processed for direct marketing purposes, you may at any time object to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If you object to the processing of your personal data for direct marketing, the data may no longer be processed for that purpose.

14. Right to withdraw consent

You have the right to withdraw your consent to the processing of your personal data at any time to the extent that the processing is based on your consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You also have the right at any time to prohibit the use of electronic channels in direct marketing addressed to you.

15. Automated decision-making

In selecting residents for rental homes, we comply with the instructions of authorities and the statutory grounds for resident selection as well as by SATO defined methods to intensify selection of residents. The process may entail automated decision-making. You have the right to obtain human intervention on the part of SATO. You also have the right to express your point of view and contest the automated decision.

16. Right to data portability

You have the right to have the personal data concerning you, which you have provided to SATO and which are processed by us on the basis of your consent or a contractual relationship, transmitted in machine-readable format to another controller when this is technically feasible and data secure.

If the transfer is not technically feasible or data secure, you may yourself supply another controller with your personal data which you have received on the basis of the right of access.

17. Right to complain to a supervisory authority

You have the right to file a complaint with the competent supervisory authority in the EU Member State where you have a permanent place of residence or workplace or where the suspected breach of the Data Protection Regulation has occurred. The competent authority in Finland is the Data Protection Ombudsman (Ratapihantie 9, PO Box 800, 00521 Helsinki or email: tietosuoja@om.fi). For more information, visit the Privacy Policy page tietosuoja.fi.

18. Contacts

Is there still something you would like to know?

We will be happy to help you with any questions relating to the processing of personal data or the exercise of your rights. Please contact us in writing by either email or post. For contact details please see under section 1 ‘File controller’.

Printable document »

Data protection: Processing of the personal data of stakeholders in the Finnish operations of SATO
1. File controller

SATO Corporation (on its own behalf and on behalf of all companies in the SATO group, hereinafter SATO)
Panuntie 4, PO Box 401
FI-00601 Helsinki, Finland
phone +358 20 334 443

Contact person:
Compliance Officer Riitta Salo
Panuntie 4, PO Box 401, FI-00601 Helsinki, Finland
tietosuoja@sato.fi

File updated on 14th Apr 2020

2. Names of data files

• purchasing systems
• stakeholder data file
• the share and shareholder register as well as bondholder register
• job application data file
• photo archive
• camera surveillance
• information system usage management
• construction site data
A separate Privacy Statement has been prepared for SATO's Whistleblowing channel.

3. Purpose and legal basis of processing of personal data

SATO processes personal data on several different legal basis. The grounds for processing personal data are: compliance with SATO’s statutory requirements, drafting and fulfilment of agreements with data subjects or companies they represent, consents of persons, and legitimate interest of SATO.

The legitimate interest of SATO may have to do with the establishment, development, termination, archiving or other upkeep of a cooperation relationship created or to be created with the data subject; review and development of SATO’s business; risk assessment and management; marketing to SATO’s current, former and potential stakeholders, transfer personal data between SATO Group companies, influencing in society and recruitment. The legitimate interest of SATO may also have to do with physical or information security or the need of SATO to protect its rights and assets.

For purchasing activities, personal data are collected on a contractual basis and on the basis of SATO’s legitimate interest, and also on the basis of requirements under legislation (such as the Act on the Prevention of Money Laundering and Terrorist Financing 444/2017, and the Act on the Enforcement of Certain Obligations of Finland as a Member of the United Nations and of the European Union 659/1967) or based on the requirements of contractual obligations.

For material procurement purposes, personal data may be collected from the service contractor's maintenance and repair service personnel for the operation of the vendor's sales systems on a contractual basis or based on SATO's and the personnel legitimate interest. The vendor is the controller of his data system.

The data required by the legislation in force in each case and the Corporate Governance Code of the Securities Market Association is collected from the persons belonging to the company's management and their related parties. In addition, photographs of the members of the Board of Directors and information required for the payment of fees may be stored.

The necessary data will be collected on rental employees and other persons employed by SATO's contract partners working at SATO's premises on the basis of an agreement between SATO and the contractor.

Data for stakeholder cooperation and influencing in society are collected on the basis of valid consents and the legitimate interest of SATO.

Personal and employer data may be collected from persons visiting SATO's premises on the basis of SATO's legitimate interest.

A copy of his / her identification document may be kept from the person providing the interpretation service in order to safeguard the legitimate interests of SATO and the person in need of the interpretation service.

The share and shareholder register data and the bondholder register are maintained under the Company and Securities Markets Act.

Data on job applicants are collected for the purpose of carrying out the recruitment process and assessing suitability and as preparatory measures for the conclusion of an employment contract. The job application data collected for the recruitment of new employees are deemed contractually based data. Open job applications can be saved.

Direct marketing can be based on the legitimate interest of SATO, but you have the right at any time to deny that when SATO is no longer targeting you direct marketing. Electronic direct marketing is only possible if the person has given their prior consent.

Direct marketing to companies is allowed. For example, a marketing message to the address ostot@yritys.fi is allowed and the employee's work e-mail address taija.tyontekija@yritys.fi may be sent direct marketing without the person's prior consent, if the content of the marketing communication is related to the person’s job duties. Even in these situations, a person has the option to prohibit direct marketing directed at him.

Data concerning marketing consent givers can be used to develop marketing communications and thereby better and personalized and more targeted communication. For this purpose, the e-mail address may be associated with the information obtained through cookies.

In order to safeguard security and legal protection, camera surveillance data may be collected in SATO’s premises and properties and on their grounds on the basis of the legitimate interest of property owner, tenant or a third party. The data are used to investigate criminal offences and incidents of damage and real-time security control. Visible signs to indicate camera surveillance are placed in the premises and areas where cameras are located. SATO Oyj acts as the controller in case of all properties owned by companies belonging to the SATO Group. In addition, alarm and security systems may be used at SATO's premises.

Photographs can be taken at sessions and events organized by SATO. Photographs can be used in SATO's publications, but they do not include the names of the customers. Photos represent a group of people where nobody is emphasized. Only with consent of the person we can publish a photo that shows the person.

Data including user data, user names and passwords are collected in compliance with data protection norms for information systems usage management and to safeguard the legitimate interest of SATO and its employees as well as contractual partners and their employees.

Personal data on construction and repair sites can be collected on the basis of requirements under legislation (such as the Land Use and Building Act 132/1999, the Act on the Contractor’s Obligations and Liability when Work is Contracted Out 1233/2006, “Contractor’s Liability Act”, the Occupational Safety and Health Act 738/2002, and the Taxation Procedure Act 1558/1995), when legislation requires SATO to collect the data.

SATO has an electronic and a paper archive in which documents are stored to the extent required by contractual relations and legislation. At the end of the retention period, old documents may be retained in the archive for historical and archival purposes on the basis of SATO's legitimate interest.

No wholly automated decision-making takes place on the basis of personal data. When required by the Contractor’s Liability Act, other legislation or a legitimate interest relating to SATO’s business or risk management, persons may nonetheless be automatically classified on the basis of certain pre-determined criteria. Classification does not automatically result in legal or comparable impacts on the data subject, however.

Contractual or cooperation relationships can only arise on the condition that the partner or person provides the required personal data.

All personal data are kept confidential, unless otherwise required by law or otherwise stated in this Privacy Policy.

The tenants of SATO's head office (SATOtalo) act as a controller and SATO as personal data processor for the access control information of tenants’ employees.
When using strong electronic identification services and when making electronic signatures, you must provide the identity service provider the personal information it needs, such as your identity, and act according to the instructions provided by the service provider. The service provider acts as a controller for the personal information you provide to it.

SATO's Internet services include a real-time chat service.

SATO uses cookies to the extent required by the Internet service. Cookies can be used to collect online statistics on online behavior from all users in connection with the use of SATO's Internet services in anonymous form. SATO does not collect personal data using cookies, unless otherwise stated in this privacy statement. Cookies are stored in the user's browser memory to enable user-specific actions, such as logging in or giving consent. In connection with the use of the Oma.sato.fi portal, the id address is stored in the cookie of the logged-in user in a pseudonymous form to identify the right of use. The cookies are mainly long-term and can remain on the user's machine for one month to four years, unless the user deletes the cookies from their computers. SATO use a third party (such as the Face-book, Twitter, Instagram, Linkedin, Google, Hotjar, Giosg, Youtube, Adform) services, for example. monitoring the quality of internet service and targeting advertising. These service providers store their own cookies in the memory of the user's browser. Third parties do not collect the user's personal data, but use the Close enough principle to provide the service. For more information on third-party cookie functionality, visit each operator’s website, for example
www.google.com/policies/privacy/partners/
https://fi-fi.facebook.com/policies/cookies/

4. File data content

The purchasing system may contain data on the name and contact information of the partner company’s contact person, business ban, debt settlement, data required under the Contractor’s Liability Act, data on the subjects of international sanctions, and data required under the Act on the Prevention of Money Laundering and Terrorist Financing. For the purchase of goods, personal information of a contractor's staff can be collected, including name, personal identification number, contact information, mobile device information, and payment card information. Personnel identification data and other information required for work are collected from rental employees and employees of the contract partner working at SATO's premises.

Data collected for stakeholder cooperation are a person’s name, occupation, address, email address, employer and its contact information, position of person in organisation, and data relating to invitational events and mailings. The photos of the audience can be taken at the stakeholder events, but the names of the people in the photos will not be recorded in the photo unless otherwise agreed with the person concerned. For marketing purposes, photographs of individuals are not used without the consent of the people present.

The data concerning the corporate management required by legislation and the Securities Market Association's Corporate Governance Code (https://cgfinland.fi/en/corporate-governance-code/) as well as photographs on the members of the Board of Directors and the data necessary for the payment of fees are stored. The members of the corporate management are the members of SATO Oyj's Board of Directors and the President and CEO, as well as the members of the SATO Group's Management Team.

Personal and employer information can be collected from people visiting SATO's premises.

A copy of his / her identification document from the person providing the interpretation service may be stored in connection with the information of the person in need of interpretation assistance.

The information required by law is stored as share and shareholder register data and bond holder register data, which are e.g. the name, address, sector, nationality, language, nominee register data, type of book-entry and the number and percentage of shares and bonds held.

Job application data may contain data on the applicant’s name and contact details (address, phone number and email address), language skills, qualifications and studies, other education, work experience, special skills, ICT skills, references, salary request and other data reported by the job applicant and relevant to the job applied for, availability of applicant to join SATO, form and hours of employment applied for, applicant’s interests and place of employment, as well as a photo, CV or free-format application. The applicant’s suitability assessment, sanction compliance data, credit data and business prohibition data if any may additionally be verified and recorded in the context of job application processing, as well as other information mentioned in the law on protection of privacy in working life, if the conditions of the law are met. The data of open job applications can be stored.

We obtain information about rental employees or persons employed by SATO's contract partners working at SATO's premises from the person himself or from his or her employer.

Camera surveillance data contains data on the persons present in the area covered by the surveillance cameras on SATO’s premises and properties and on their grounds. In addition to video footage, the data file also includes the date and time of the images recorded. No audio recording is made. The data file is made up of the transmitted digital recordings made when the cameras placed by SATO at necessary locations are in operation. Visible signs to indicate camera surveillance are placed in the premises and areas where cameras are located. SATO's premises may also have a security and alarm system.

Photo Archive. Photographs of the public may be taken at events organized by SATO, provided that the names of the persons appearing in the photographs are not recorded in connection with the photograph, unless otherwise agreed with the person concerned. Such photographs may be published in bulletins and newsletters. No personally identifiable photographs shall be used for marketing purposes without the express consent of the persons appearing in them.

Documents containing personal information may appear in the electronic and paper archives.

Data collected for information system usage management are: IP addresses, information system access rights and any restrictions therein, the access right holder’s name and email address, user IDs and passwords, other identifiers such as PIN codes, and the data recorded in the context of information system usage in a pseudonymous form.

The list of parties working at own or shared construction and repair sites kept pursuant to the Contractor’s Liability Act, the Occupational Safety and Health Act and the Taxation Procedure Act may contain:

The name of the site; the name of the principal contractor; the names of the subcontractors, the name of the client/developer, supervisor, site manager, occupational safety and health coordinator, party undertaking the construction project, contact persons, employees and independent parties performing work: the first and last name and business ID/personal identity code (or equivalent foreign identifier), facial image, nature of employment, home state, address, phone number, email address, date of birth, tax number, A1 or E101 certificate or other basis for foreign employee’s right to work, employer and employer’s it’s business ID, with regard to posted workers the name and Finnish contact details of the representative, the worker’s acknowledgement of job orientation provided, start and end dates of work at the site, and the hours and days worked and the date of returning an expired access pass as well as any business prohibitions imposed on persons belonging to company management.

Special or sensitive personal data (high-risk data) will not be stored except inadvertently in the context of camera surveillance, the recruitment process or as expressly required by law. We strive to avoid storing high-risk data. Information about a person’s ethnic origin, political opinions, religious or philosophical beliefs, genetic or biometric data, or sexual behavior is not recorded. We may record the imposition of international sanctions, subscriber liability information and a business ban to protect SATO's legitimate interest or as a result of a statutory obligation.

5. Regular sources of data

Purchasing and construction site systems data are collected from the service providers, the principal contractors, the employers and co-workers of persons, and persons themselves, from public data sources and from paid or free data services.

Data for the stakeholder data file are collected from public data sources, the employers and co-workers of persons, and persons themselves and from paid or free data services.

The personal data of the company's management is collected primarily from the person himself. In addition, the necessary information can be obtained from the person's family member, SATO's shareholder register, the bondholder register and the Tax Administration, as well as from other sources of information that are necessary at any given time.

Job application data are obtained from applicants and, with their consent, also the references put forward by the applicant and possibly from public data sources and from paid or free data services.

At the SATO premises, the visiting person provides his / her own information upon arrival.

Interpreters provide their own identification data.

The share and shareholder as well as bondholder register data are collected from the shareholders, bondholders or their custody banks.

The camera surveillance data file is made up of the transmitted digital recordings made when the cameras placed by SATO at necessary locations are in operation. Camera surveillance data are recorded automatically when someone enters the area under surveillance by a camera in operation.

Photographs are taken by SATO staff or a hired photographer.

The data collected for information system usage management are obtained from the persons themselves, employers, supervisors, system administrators and SATO’s IT personnel.

Credit and payment history data, data required under the Contractor’s Liability Act, data collected for the prevention of money laundering and terrorist financing and sanction monitoring data may be collected and updated from sources including the data files of Suomen Asiakastieto Oy. SATO may update contact information, phone numbers and other personal data also from other reliable data sources provided by third parties for free or against a charge.

6. Data disclosures and data transfers

The file controller does not publish the data collected by it and complies with the obligation of secrecy in respect of personal data unless otherwise required by legislation or the establishment, exercise or defence of legal claims or otherwise mentioned in these records.

The share and shareholder registers as well as bond holder register data are public.

Personal data may be disclosed to authorities when they request it based on law.
Information and photographs of SATO's board and corporate management members may be published on SATO's website, in annual reports, in contact information systems or in other necessary contexts when required by SATO's interest, legislation or the Finnish Securities Market Association's Corporate Governance Code.
The photos of audience taken at SATO's events may be used as an illustration of SATO's publications within the limits permitted by law.

The data referred to in this data file description are not transferred outside the SATO group with the exception of partners, subject to a secrecy obligation and under a data protection agreement, carrying out specific tasks on behalf of the SATO group such as managing a construction or repair project, purchases of goods, maintaining the share and shareholders register as well as bondholder register, chat or interpretation services, recruitment process or security monitoring in part or information system or data security system development and maintenance, and by parties which by law are entitled to obtain the data. The data protection agreement provides for matters including the standard of information security and reporting of information security breaches between SATO and the contractual partner, in accordance with the EU General Data Protection Regulation.

The data in the camera surveillance data file are only disclosed when a request for specific data in the file is made in writing by the police or another competent authority for a purpose specifically provided in law.

In order to maintain information systems, data may be transferred to the United States, outside the European Union or the European Economic Area only in accordance with and within EU data protection law on the basis of an EU Commission decision on the adequacy of data protection in the country of destination (US / Privacy Shield) and binding rules of the group of companies accepted dy data protection authorities. More broadly, personal data is disclosed only by Euroclear Finland Oy, which maintains SATO Corporation's share and shareholder register and bondholder register. Euroclear transfers data outside the EU / EEA area using standard contractual clauses approved by the EU Commission. More information can be found at: https://www.euroclear.com/finland/en/who-we-are/gdpr.html

7. Period of storage of personal data

Other statutory data are stored for a period of six years from the end of the year in which the data were registered or, in the event of multiple registrations, in which the data were most recently registered.
Data collected on a contractual basis may be stored for a period of ten years from the end of the contractual relationship and the fulfilment of the obligations arising from it.

Stakeholder data file data are stored for as long as the relevant person holds the position due to which the data on that person were recorded unless the person has given consent for the continued processing of the data. Data removal takes place once we learn that a person no longer qualifies for the stakeholder data file, however at least every calendar year.

The data concerning Corporate Management will be stored for at least ten years from the year of publication. Information covered by accounting legislation is retained for six calendar years as part of the accounting records. Reporting data is retained for six years from the reporting year.

Photos can be stored for active use for up to 10 years after taking the photo and for archival and history purposes permanently.

Visitors' data will be retained for a maximum of one whole calendar year.
The identifier data of the interpreter is stored as part of the customer's data and the retention period is determined by the retention period of the customer's personal data.

The share and shareholder register data as well as the bondholder register data are stored at the Central Securities Depository by the law, but at least 10 years after the end of the ownership.

Job application data and open job application data are stored for a maximum of one year from the end of the application period or the receipt of an open application, unless the application results in employment
Camera surveillance data are stored for the amount of time found necessary when they contain data based on the purpose and under investigation. Data under investigation are stored for the period of time needed for the establishment, exercise or defence of legal claims. When the need for storage of the data comes to an end, the data are removed within three years. Otherwise the data are regularly destroyed by being recorded over within no more than a year of initial recording.

Documents in the electronic and paper archives may be kept for active use for a maximum of 15 years from the expiry of the document and for archival and historical purposes permanently.

Information system usage management data are stored for six calendar years from the removal of access rights.

The data collected pursuant to the Land use and Building Act, the Contractor’s Liability Act, the Occupational Safety and Health Act and the Taxation Procedure Act are stored for a period of six years from the end of the year in which the site or work ended or was completed or other period required by law.

Data collected by means of cookies are stored for a maximum of four years depending on the nature of the cookie.

Data recorded on the basis of consent are removed from the data file after withdrawal of consent. If, in addition to consent, there is no other legal basis for processing the data, the data shall be deleted without undue delay. In all cases, the activity requiring consent shall cease immediately, even if the data cannot be deleted. In this case, the information about your consent and its revocation can be kept for as long as other information about you can be kept.

8. Principles of data file protection

Only designated representatives of the personnel of SATO or a contractor selected by SATO who have a legitimate need to access the data for work have the right to access the systems containing personal data and to process the data held in the systems. There is a data protection agreement between SATO and the contract partner. The use of personal identifiers is required. The system is protected through technical and administrative means.

A. Manual data / storage location and protection: Data are stored in locked and supervised premises. Only persons appointed by the SATO Group have access to the information.

B. Electronically recorded data / principles of file access and access control and physical protection of hardware: Data are only accessible by persons designated by the SATO Group. The access rights to data files are determined individually for each position. SATO’s internal processes are observed in the determination of access rights. The databases and data networks used to store data are protected by means of organisational and technological measures. The supervision and protection of data files complies with regulations applied within the EU.

9. Right of access to own personal data

Persons have right to receive from the file controller confirmation as to whether personal data concerning them is being processed.

Persons have the right to access their own personal data. The right of access may only be refused pursuant to legislation. The request for right of access may be made to the controller in writing. Please submit any written requests for right to access to the data protection contact person at SATO Corporation at the address PO Box 401, FI-00601 Helsinki, Finland or by email to tietosuoja@sato.fi.

Photos, camera surveillance data, cookie information and system usage log data cannot be disclosed because these materials would contain the personal data of other people or the compilation of the materials would be unduly burdensome.

The right of access is provided without delay and no later than within one months of the submission of the request. In exceptional situations, the delivery time may not exceed three months.

The data will be supplied to the person concerned in single copy in person against verification of identity, or by other protected means using reliable identification. Requests submitted electronically will be complied with electronically when possible in terms of information security.

If the request for access is manifestly without foundation or unreasonable, and especially when the requests are made repeatedly or if more than one copy is requested, the controller may charge for compliance with the request a reasonable fee, based on administrative costs, or refuse to comply with the request.

The holder of a share or bond may check the details of his or her holdings using the Euroclear CSD Customer Interface.

10. Rectification or removal of personal data and right to request restriction of processing

Persons may request the rectification of erroneous data, in which case the decision regarding data rectification is made by the controller. The controller may rectify incorrect data detected after receiving the correct data from the person concerned or another reliable source.

Insofar as the person is capable of taking personal action, they must, without undue delay after having been informed of or having personally detected an error, on their own initiative rectify, erase or supplement personal data contained in the data file that is contrary to the purpose of the file, incorrect, unnecessary, incomplete or obsolete. Persons are responsible for keeping any personal user ID and password confidential and for any usage taking place with the personal user ID.

Persons have the right to have the personal data concerning them erased from the data file (‘right to be forgotten’) after the end of the storage period if their personal data are no longer needed for the purposes for which they were collected, the person objects to processing for which there are no legitimate grounds, consent is withdrawn in respect of processing based on consent, or the personal data have been unlawfully processed or the controller is obligated under law to erase the data or the period of storage has expired. The controller will decide, in compliance with legislation in force from time to time, on the erasure of data without undue delay.

Persons also have the right to ask the controller to restrict the processing of their personal data when
• a request for rectification or removal of their personal data is pending with the controller;
• the processing is unlawful but the person does not wish the data to be erased but instead asks that the processing of the data be restricted;
• the controller no longer needs the said personal data for processing purposes but the data subject needs the data for the establishment, exercise or defence of a legal claim;
• the person has objected to the processing of the personal data pending the verification whether the legitimate grounds of the controller override those of the person (the balance test).

When processing is restricted on the aforementioned grounds, such personal data may, with the exception of storage, only be processed with the person’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.

11. Right to object to processing on grounds relating to particular situation

Persons have the right, on grounds relating to their particular situation, at any time to object to the controller processing their personal data pursuant to the controller’s legitimate interest.

The objection specifying the grounds on which the person objects to the processing may be submitted to the contact person of the file controller in this data file description. The controller may refuse to implement a request concerning an objection on grounds laid down in legislation after completing the necessary balance test between your and SATO's legitimate interests.

12. Right to prohibit direct marketing

Where personal data are processed for direct marketing purposes, persons may at any time object to the processing of their personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. If a person objects to the processing of his or her personal data for direct marketing, the data may no longer be processed for that purpose.

13. Right to withdraw consent

Persons has the right to withdraw their consent to the processing of their personal data at any time, insofar as processing of personal data is based on his / her own consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal. A person also has the right at any time to prohibit the use of electronic channels in direct marketing targeted to her or him.

14. Right to data portability

Persons have the right to have their personal data, which they have provided to the controller and which are processed by the controller on the basis of consent or contractual relationship, transmitted in machine-readable format to another controller when this is technically feasible and secure.

If the transfer is not technically feasible or secure, persons may supply another controller with their personal data which they have received on the basis of the right of access.

15. Right to complain to a supervisory authority

Persons have the right to file a complaint with the competent supervisory authority in the EU Member State where he or she has a permanent place of residence or workplace or where the alleged breach of the Data Protection Regulation has occurred. The competent authority in Finland is the Data Protection Ombudsman (Ratapihantie 9, PO Box 800, 00521 Helsinki or email: tietosuoja@om.fi). For more information, please visit the Data Protection Ombudsman page tietosuoja.fi.

16. Contacts

In all matters relating to the processing of personal data and in situations involving the exercise of your rights, you may contact the controller in writing, either by e-mail or by post, to the controller's contact person.

For contact details please look under section 1 ‘File controller’.

Printable document »(//assets.ctfassets.net/z7ety0aygnfq/2NRCOMCCRZSLMhYX2H4J2q/c10f38f72a8eb759d732a4cb204cd4e0/Tietosuojaseloste_sidosryhmt_14_04_2020_ENG.pdf)__

Data protection: Whistleblowing channel

SATO Corporation / Personal data file / Whistleblowing channel

Updated on 14th April 2020

1. File controller

SATO Corporation, Panuntie 4, PO Box 401, 00601 Helsinki, phone +358 20 334 443
Contact person Compliance Officer Riitta Salo, email tietosuoja@sato.fi

2. Purpose of processing of personal data

Personal data may only be processed for the purpose of fulfilment of SATO Corporation’s legal and ethical obligations and for the appropriate case management process of reports received. The processing of personal data is partly based on the obligations under the securities market legislation and partly on the legitimate interest of SATO Corporation in investigating any misconduct or other reported activity. The processors of personal data are persons (whistleblowing team) appointed by SATO Corporation. Third parties and service providers may be used for personal data processing tasks.

3. Data file contents and regular sources of information

The data file contains information provided by persons belonging to SATO's stakeholder groups that may include data on a person reported upon, such as name and office, as well as reported incidents, information and further measures relating to case management, as well as data on the completion of the case management process. The whistleblower’s personal data may be registered if the person does not wish to submit an anonymous report. The data is erased from the data file once no longer necessary for the management of the case. Reports based on the Securities Markets Act are stored for five years and other reports are erased within the calendar year following the reporting year.

4. Regular disclosures of data and transfer of data to destinations outside the EU or the European Economic Area

Data is only disclosed to the SATO whistleblowing team as well as to Finnish authorities where so required by law. Data is not transferred or disclosed to destinations outside the EU or the European Economic Area.

5. Principles of data file protection

Access to the system and processing of data contained in the system is only allowed to designated representatives of SATO personnel or members of the Board of Directors of SATO Corporation (whistleblowing team) who require access to the data for work purposes. The use of personal identifiers is required. The system is protected through technical and administrative means. The SATO whistleblowing team works confidentially.

6. The data subject’s rights

Automated decisions
Personal data is not used for automated decision-making having legal or corresponding consequences to the data subject.

The data subject’s right to object to the processing of personal data
The data subject has, relating to their personal special circumstances, the right to object to profiling and other processing measures aimed at the data subject targeted by the controller on the personal data of the data subject in so far as the ground for data processing is the controller’s legitimate interest.

The data subject may issue their request concerning an objection in accordance with section 7 of this data file description. The data subject must in conjunction with the request specify the special circumstance on the basis of which they object to processing. The controller may refuse to implement a request concerning an objection on grounds laid down in legislation.

The data subject’s right of access to data
The data subject has the right of access to the data on them in the personal data file. Requests for access must be made in accordance with the instructions provided in this data file description. The right of access may be denied on grounds laid down in legislation. As a general rule the right of access may be exercised free of charge.

The data subject’s right to request the rectification, erasure or restriction of processing of data
In so far as the data subject is capable of taking personal action, they must, without undue delay after having been informed of or having personally detected an error, on their own initiative to rectify, erase or supplement personal data contained in the data file and erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing.

In so far as the data subject is not capable of rectifying the data by themselves, a request for rectification may be made in accordance with section 7 of this data file description.

The data subject also has the right to request that the controller restrict the processing of the data subject’s personal data in situations including where the data subject is awaiting the controller’s reply concerning their request relating to the rectification or erasure of their personal data.

The data subject’s right to complain to a supervisory authority
The data subject has the right to complain to a competent supervisory authority if the controller has not complied with applicable data protection regulations in its activities.

7. Contacts

The data subject should contact the controller in writing by email or post using a message addressed to the contact person in all matters relating to personal data processing and situations relating to the exercise of the data subject's rights.

Contacting the controller can also be done using the whistleblowing channel.

For contact details please see under section 1 ‘File controller‘.

Printable document »

Residents´ panel (SATO Pulssi) rules
SATO PULSSI RESIDENTS’ PANEL RULES
  1. GENERAL
    SATO Pulssi residents’ panel refers to a research community which is open to all habitual
    SATO residents over 18 years of age, who regularly use mobile devices and interested in
    influencing the development of their home building and its environment. By joining the
    SATO Pulssi residents’ panel you confirm that you meet these requirements for joining and
    accept and will adhere to these rules as a member of the residents’ panel.

  2. RESEARCH INVITATIONS
    All invitations are not necessarily sent to all members of the residents’ panel – rather, invitations
    are sent to an applicable target group for each research when necessary. The target
    group of each research is sent an invitation and entry link to the research either via text
    message or e-mail.

  3. CONFIDENTIALITY OF RESEARCH
    All research is confidential and no respondent’s name or contact details are directly linked
    to answers given by him or her. Responses are not examined individually. Responding is
    thereby confidential and anonymous per se. If these principles are diverged from in any way,
    the member of SATO Pulssi residents’ panel will be asked for a permission to do so. The
    confidentiality of research is also applicable to the respondent: Unless otherwise noted, the
    residents’ panel member is obliged to keep all matters and materials presented in a research
    survey fully confidential, and members are not allowed to copy, share, present, publish, send
    or transmit any such materials to a third party without SATO’s written consent.

  4. RESPONDING TO RESEARCH
    Responding to research is always voluntary, and participation or membership do not require
    anything in return from the respondent. Members of the residents’ panel are personally
    responsible for the charges of their internet connection as well as for any other device or
    programme charges unless otherwise agreed. Rewarding for responding is covered in article
    5 of these rules.
    Research is done for research purposes. Responding to research needs to be truthful, based
    on the respondent’s personal experiences and perceptions. A member of SATO Pulssi residents’
    panel is responsible having the right to cede the information and other possible materials,
    such as pictures, given to SATO Pulssi residents’ panel. SATO has the right to publish
    residents’ panel’s material anonymously in marketing and communications purposes.

  5. REWARDING
    Participating in the research is voluntary and out of the volition for participating and influencing
    matters concerning one’s own living surroundings though one’s own opinions. All
    respondents of SATO Pulssi residents’ panel polls are entered in a lottery of 3 Present card
    gift cards worth 20 euros each. Gift cards are rewarded for more in-depth research and service
    development co-operations according to each project, which is agreed on separately before
    each project begins. Each member can earn a maximum of €100 worth of rewards per
    year due to taxation regulations. Residents’ panel’s member is obliged to inform SATO in
    case her total yearly reward accrual surpasses the limit for reasons not related to the SATO
    residents’ panel. Once the maximum reward accrual is reached rewards are not granted.
    The lottery is carried out after the poll has closed. The answering time to polls may vary.
    Polls are closed once enough residents have taken part.

  6. PERSONAL INFORMATION
    Register summary and information (Personal Data Act 523/99 10 § and 24 §) about the
    register owner, the representative of the register owner, collected personal information and
    the purpose of their processing is available in the description of data security.

  7. IMMATERIAL RIGHTS
    All rights and ownership (including copyright and other immaterial rights) to the materials
    concerning the residents’ panel or otherwise related to the materials published in
    the researches (including logos, trademarks, texts, photos and graphics) belong to SATO.
    No ownership or immaterial rights are transmitted to residents’ panel’s members, but the
    members have a limited right to use the materials received through the residents’ panel only
    to participate in research organised by SATO and/or its partners. A user who violates these
    immaterial rights or uses materials for other than aforementioned purposes is responsible for
    any harm caused to SATO or its partners.
    All rights and ownership (including immaterial rights and non-limited rights to change and
    hand over the immaterial rights further) to all comments, suggestions, ideas (including product,
    service and marketing ideas) and to other materials transmitted through the residents’
    panel or through other methods to SATO is transferred to SATO without remuneration
    and SATO is free to use them in ways seen best fit such as publishing, developing etc.
    Member commits to withhold from transmitting material that is offensive, illegal, threatening,
    insulting, degrading, discriminatory, obscene, pornographic or blasphemous, that
    breaks confidentiality or privacy or that can be considered such or that may be criminal or
    illegal or encourage into such acts or material that contains spam or advertising content.
    Member is responsible for all the material she transmits and has full responsibility of all
    such material, including its legality and origin.

  8. LIMITATIONS OF LIABILITY
    All information and content given to SATO residents’ panel are given to research purposes
    as they are. Participating in research is voluntary and gratuitous. SATO and its partners
    do not guarantee or take responsibility for the content of the information or their possible
    errors and/or deficiencies.

  9. RESIGNATION
    It is possible to resign from SATO residents’ panel at any time by sending an e-mail to tutkimus@kopla.fi
    and informing about one’s willingness to resign. Resigning does not require
    any explanation. A resigned member’s personal information is deleted from the panel’s
    active register. A member of SATO residents’ panel who has not participated in research in
    the past 12 months can also be deleted from the panel’s register. Personal information of the
    member will be deleted in this occasion. A person moving away from SATO apartment will
    be automatically removed from the residents’ panel within 2 months from the move. SATO
    has the right to remove a member from the residents’ panel anytime.

  10. CHANGES
    The register owner reserves all rights to changes in and/or terminating these rules, residents’
    panel and its research, and rewards and rewarding system. Members of the residents’
    panel are informed about any changes via e-mail and SATO website.

For more information on customer data processing in SATO, please take a look at the Data file description above on this same page.

SATO's Disclosure policy
Disclosure Policy objectives

Bonds issued by SATO Corporation are listed on NASDAQ Helsinki and the Irish Stock Exchange.

In its communications and disclosure of information, SATO complies with EU regulations, Finnish legislation, the Stock Exchange Rules of Nasdaq Helsinki Ltd and the Irish Stock Exchange as well as the guidelines of the European Securities and Markets Authority (ESMA) and the Financial Supervisory Authority (FIN-FSA) and other regulations applying to companies with publicly listed financial instruments.

The objective of this Disclosure Policy is to ensure that:

  • all parties will have simultaneous and equal access to information about events that are likely to have a considerable impact on the price of SATO’s financial instruments;

  • information concerning SATO is published without undue delay and in a consistent manner;

  • the information disclosed is correct and clear.

This Disclosure Policy has been adopted by SATO’s Board of Directors for application in the Group.

Roles and communications responsibilities

Stock exchange releases concerning financial statements and interim statements are accepted for publication by SATO’s Board of Directors, while other stock exchange and press releases are accepted for publication by the President and CEO. In the absence of the President and CEO, publication is authorised by the CFO.

All public announcements are coordinated, published and distributed by SATO's Communications Department.

The CFO is responsible for SATO’s relations with actors in the capital market. Investor and analyst meetings are attended by the President and CEO, CFO and/or Group Treasurer and, at the CFO’s request, also by other representatives of SATO. No previously undisclosed information with a material impact on the price of the company's publicly traded financial instruments is disclosed at such meetings.

SATO’s Director for Marketing and Communications is responsible for SATO’s media relations and public affairs as well as for preparation of information to be disclosed and for compliance with a coherent Disclosure Policy. The company’s Vice Presidents take part in the preparation of announcements relating to their respective business areas.

Statements on matters falling within the competence of the Board of Directors are given by the Chair of the Board of Directors. Statements concerning SATO’s operations and development are given by the President and CEO, CFO, Vice Presidents and the Director for Marketing and Communications. Other Directors and experts provide statements on matters falling within their respective areas of responsibility. Prior to the submission of any statements, the Communications Department must be notified of the contact request and requested to
provide consultation.

Company announcements published by SATO

Company announcements published by SATO are divided into two categories: stock exchange releases and press releases.

All announcements concerning SATO are disclosed simultaneously via the publication system of NASDAQ Helsinki Ltd to key media and the Irish Stock Exchange as well as on the SATO website at www.sato.fi. Information is published in Finnish and in English.

Stock exchange releases

SATO discloses all such events and information concerning the company, its business and strategy that are assessed by SATO as likely to have a considerable impact on the price of financial instruments issued by SATO. Documents disclosed by SATO through stock exchange releases include financial reports such as financial statements bulletins and interim reports. In addition, stock exchange releases are used to disclose other information required to be communicated through stock exchange releases even if such releases may not necessarily contain information affecting the price of a financial instrument.

Prior to the commencement of each financial year, a schedule is published by SATO to provide information including the publication dates for the financial statements bulletin and interim reports for the next financial year.

Stock exchange releases concerning information likely to have a considerable impact on the price of a financial instrument issued by SATO are published as soon as possible unless a decision is made to postpone the disclosure of the information under current applicable legislation or other regulations.

Press releases

Press releases aimed at general and specialist media are used to communicate about business-related events that do not meet the criteria set for stock exchange releases but that are anticipated to be of investor interest or have news value or otherwise be of general interest among the media.

These include news about investments and divestments, project launches and completions, cooperation agreements and smaller partnerships, new products or services that are ordinary considering the nature of the company’s business as well as appointments to posts within business units.

Quiet period

At SATO the quiet period begins 30 days before the date of publication of the financial statements of the interim
report. During the quiet period SATO will not meet representatives of the capital market or the media or comment on SATO’s financial performance, factors affecting it or future outlook.

Market rumours and leaks of information

SATO will not comment on market rumours. SATO may, however, correct such incorrect information that is likely to have a considerable impact on the price of a financial instrument issued by SATO.

Where inside information the disclosure of which has been postponed in compliance with relevant regulations has leaked to the public, a stock exchange release on the matter will be published as soon as possible.

Insider Guidelines, managers’ transactions and closed period

Insider Guidelines have been adopted by SATO’s Board of Directors for compliance in the company.

Members of the company’s Board of Directors and the President and CEO as well as persons closely associated with them must notify SATO and the Financial Supervisory Authority of their transactions relating to financial instruments issued by SATO. Such notifications are published as stock exchange releases.

Members of the SATO Board of Directors and the SATO President and CEO may not trade in SATO’s financial instruments within the period of 30 days prior to the publication of financial statement bulletins and interim reports or during the day of publication.

Crisis communications

SATO has a separate Crisis Communications Plan that is updated where necessary. In the event of a crisis, the
senior management of the company must be notified immediately. The Corporate Management Group appoints
the head communicator for the crisis situation specifically for each case. Until the above-mentioned appointment decision is made, the President and CEO and the Director for Marketing and Communications are responsible for communications. Taking the extent and nature of the crisis into consideration, the President and CEO will appoint a Crisis Management Team to attend to the situation and communications.

Printable document »

Arvonnan säännöt | #kotipositiivisuus Instagramissa

JÄRJESTÄJÄ

SATO Oyj, myöhemmin SATO
Käyntiosoite: Panuntie 4, 00610 Helsinki

OSALLISTUMISOIKEUS

Arvontaan voivat osallistua kaikki Suomessa pysyvästi asuvat, 18-vuotta täyttäneet henkilöt pois lukien arvonnan valmisteluun tai toteuttamiseen osallistuneiden yritysten työntekijät ja heidän perheenjäsenensä.

ARVONNAN AJANKOHTA

Osallistumisaika alkaa perjantaina 4.10.2020 arvontajulkaisujen yhteydessä ja päättyy sunnuntaina 25.10.2020.

OSALLISTUMINEN

Arvontaan osallistutaan jakamalla omasta kodista kuva Instagramissa käyttäen #kotipositiivisuus -aihetunnistetta ja merkitsemällä @SATOkoti. Yksi henkilö voi osallistua arvontaan yhdellä kuvalla. Arvontaan osallistumalla osallistuja luovuttaa SATOlle oikeuden käyttää osallistujan jakamaa kuvaa SATOn markkinoinnissa ja sosiaalisen median sisällöissä.

TIETOJEN KÄSITTELY

1.1 Kun osallistut arvontaan, käsittelemme osallistumisesi yhteydessä antamiasi henkilötietojasi arvonnan toteuttamiseksi.

1.2 Annettujen tietojen rekisterinpitäjä on SATO Oyj (Y-tunnus 0201470-5).  Tietojesi käsittelyä koskevissa asioissa voit olla yhteydessä asiakaspalvelu@sato.fi

1.3 Osallistumisesi perusteella välillemme syntyy merkityksellinen ja asianmukainen suhde, johon perustuen meillä on oikeutettu etu käsitellä tietojasi arvonnan tarkoituksiin arpoaksemme voittajan, ollaksemme voittajaan yhteydessä ja toimittaaksemme palkinnon voittajalle.

1.4 Me emme siirrä tietojasi EU:n ulkopuolelle, mutta on mahdollista, että Instagram siirtää tietojasi heidän kanssasi tekemän käyttäjäsopimuksen mukaisesti myös muualle.

1.5 Arvontaan antamasi tiedot säilyvät Instagramissa niin kauan kuin itse haluat niitä siellä säilyttää, mutta mikäli siirrämme tietojasi muualle, säilytämme niitä niin kauan kuin on arvonnan toteuttamiseksi tarpeen. Tämän jälkeen me emme säilytä tietojasi.

1.6 Sinulla on oikeus pyytää päästä itseäsi koskeviin henkilötietoihin sekä oikeus pyytää kyseisten tietojen oikaisemista tai poistamista taikka käsittelyn rajoittamista tai vastustaa käsittelyä. Jos epäilet käsittelyn lainmukaisuutta, voit tehdä asiasta valituksen tietosuojaviranomaiselle.

PALKINTO

Palkintoina arvotaan kolme kappaletta Freskan siivouslahjakortteja, arvoltaan 144 (sataneljäkymmentäneljä) euroa.

PALKINNON LUOVUTUS

Palkinto arvotaan tiistaina 27.10.2020. Arvonnan voittajiin ollaan yhteydessä henkilökohtaisesti Instagramin yksityisviestillä saman päivän aikana. Lisäksi voittajat ilmoitetaan SATOn Instagram-sivuilla. Voittajan tulee lähettää voimassa olevat yhteystietonsa 72 tunnin kuluessa yhteydenotosta SATOlle Instagramin yksityisviestillä. Palkinto on henkilökohtainen, eikä sitä voi luovuttaa eteenpäin toiselle henkilölle. Palkintoa ei voi palauttaa tai vaihtaa jälkikäteen. Mikäli voittaja ei voi itse vastaanottaa palkintoa, se luovutetaan seuraavalle arvonnalla.

JÄRJESTÄJÄN VASTUU

SATO vastaa mahdollisesta arpajaisverosta. Arvontaan osallistuva vapauttaa arvonnan järjestäjän sekä sen kumppanit vahingosta, joka aiheutuu tai väitetään aiheutuneen osallistumisesta arvontaan tai palkinnon vastaanottamisesta. Arvontaan osallistumisen esteenä olevat tietotekniset syyt ja ongelmat eivät ole SATOn vastuulla. SATO ei vastaa palkinnon vastaanottamisen esteistä tai sille koituneesta vahingosta.

OSALLISTUJAN VASTUU

Osallistujan vastuulla on toimittaa SATOlle oikeelliset yhteystiedot 72 tunnin kuluessa voittajan julkistamisesta. Arvonnan sääntöjen lisäksi osallistujat sitoutuvat noudattamaan SATOsta riippumattoman palvelun, Instagramin, käyttöehtoja. SATOlla on oikeus hylätä osallistuminen arvontaan, jos osallistuja ei noudata arvonnan sääntöjä tai häntä epäillään vilpistä.

Osallistuja vastaa siitä, että hänellä on kuvaan täydet oikeudet eli oikeudet kuvan käyttämiseen ja levittämiseen ja että kuvissa olevat tunnistettavat henkilöt ovat antaneet suostumuksensa kuvien julkaisemiseen.

VIRALLISET SÄÄNNÖT KOSKEVAT KAIKKIA OSALLISTUJIA

Osallistumalla tähän arvontaan osanottajat sitoutuvat noudattamaan arvonnan virallisia sääntöjä ja järjestäjän päätöksiä. Järjestäjä pidättää itsellään oikeuden sääntö- ja palkintomuutoksiin.Instagram ei sponsoroi, suosittele tai hallinnoi arvontaa millään tavalla eikä se liity mitenkään Instagramiin. Arvontaan osallistuva luovuttaa tietonsa ainoastaan SATOlle. Osallistuja sitoutuu vapauttamaan Instagramin kaikista arvontaa koskevista ja siihen liittyvistä vastuista ja vaatimuksista.

Code of conduct

Code of Conduct, together with SATO’s values and management culture, forms a framework for the company’s operating practice and emphasizes commitment to sustainable business.