Privacy statement of Colliers Finland Group’s information systems user management and log data file

Privacy statement of Colliers Finland Group’s information systems user management and log data file

10 May 2021

1. Controller

Colliers Finland Group Oy
Business ID 2396296-6
Ratamestarinkatu 7 B
00520 Helsinki

2. Contact details for data file issues

Hille Amnell
hille.amnell@colliers.com
Puh. +358 44 723 8719

3. Name of data file

Information systems user management and log data file

4. Purpose of and basis for processing personal data

The purpose of the processing of personal data is the management of user names and access rights and the user control of the systems and services of Colliers Finland Group Oy and companies in the same group (hereinafter referred to as Colliers), as well as the protection of personal data from unauthorised access, accidental or unlawful data destruction, alteration, disclosure, transfer or any other unlawful processing.

Information and communication systems store operational data that is used to control the use of information systems and to investigate and resolve malfunctions or errors in the operation of information and communication systems. In addition, the purpose of processing is to control the use of information systems that contain personal data and other confidential information. The processing of data is based on the legitimate interest of Colliers to provide for the control of the use of data in order to ensure good data processing practices.

5. Data content of data file and groups of data subjects

Controlling the processing of personal data by means of log data requires the personalisation and identification of users. The data file contains data about authorised users, their identifiers and their access rights. To this end, an access rights system is maintained. Log data store the user’s login and communication contact information, including user ID, time and data related to using the service or system.
The user management and log data file entries record data about people with an employment or training relationship, an assignment/service provider relationship or a valid customer relationship with Colliers.
The personal data processed to manage access rights include:

• Name
• Date of birth
• Personal identity code
• Start and end date of employment
• Job title
• Cost centre
• Office
• User ID

Access rights data is managed for the Colliers’ own systems in use, as well as for the service portals utilised in service production

6. Data sources

Data sources for user management include data obtained from the user and data transferred from Colliers’ HR system; data is also accumulated from the systems as log data.

7. Disclosures and transfers of data and data transfer outside the EU or the EEA

Personal data is not regularly disclosed and is not transferred outside the EU or the EEA.
Colliers process personal data from the data file of its respective operations. Log data may also be disclosed to the authority in connection with the detection and disclosure of a serious breach of data security.

8. Protection principles and storage periods of data file

The data is stored in Colliers’ information systems, which use both technical and programmatic means to ensure data security and to monitor data use. Access to data in the data file is limited to designated persons to the extent required by their duties. All persons using data in the data file are bound by an obligation of secrecy.

Access rights data is stored for six months from the end of the employment or assignment relationship.

Log data is stored per system. In the case of a Colliers’ system, log data is stored for up to two years after the data has been generated. For systems in which Colliers personnel or an authorised person based on an assignment relationship act as a service user, the maintenance of the log database, data retention and the deletion of log data are the responsibility of the (system) service provider.

9. Data subject’s rights and requests

The data subject or the user has the right to check the data stored in the data file concerning him/herself and the right to request rectification and deletion of incorrect data.
The data subject has the right to object to the controller processing data concerning him/her for purposes of direct advertising and market and opinion surveys.
In accordance with the General Data Protection Regulation, the data subject has the right to object to or to request restriction of processing of his/her data and to lodge a complaint with the Data Protection Ombudsman about the processing of personal data.
Requests concerning the rights of the data subject must be submitted in writing to the contact person provided in section 2.