Privacy Policy


Kouvolan Asunnot Oy Business

ID: 0512766-8

Kauppamiehenkatu 4, 45100 Kouvola

Data Protection Officer

Jari Niemi

Phone: 020 615 8910

Email: jari.niemi(at)

Register Name

Customer Register

Purpose of the Register

The main purpose of the register is the management, maintenance, and development of customer relationships. The personal data in the register is used for customer service, receiving and processing orders, providing and implementing services to customers, communication towards customers, invoicing for services, collecting and recovering payments from customers, and related accounting, handling possible complaints, archiving orders, deliveries, and performances, as well as targeting advertising and/or direct marketing.

Basis for Maintaining the Register

The legal basis for maintaining the register and processing personal data is the legitimate interest based on customer relationships and the realization of the rights and obligations of the customer and the controller.

Data Contained in the Register

The register may contain, for example, the following information: name of the person, email address, mobile and/or other phone number, personal identification number, home address, details of the previous residence, information about housing needs, nationality, marital status, title or profession, employer, location municipality of the workplace, educational institution, income and wealth information, loans, purchase history, credit card information, contracts, invoices, deliveries, connection logs, recorded customer service calls. For non-private customers, the register contains the name of the organization, contact person’s name, title/profession/position, organization’s business ID or equivalent, and organization’s address details.

Sources of Information

The information is collected from the registered person during the establishment of the customer relationship and, in the case of organizational data, possibly from the Finnish Patent and Registration Office’s Business Information System. Personal data is also collected and updated from publicly available sources within the limits of applicable legislation, which are related to the implementation of the customer relationship between the controller and the registered person and which help the controller fulfill its obligations related to maintaining customer relationships.

Disclosure of Information

The controller does not disclose the personal data in the register to third parties, except when necessary for the fulfillment of the rights and obligations of the customer and the controller or as required by Finnish authorities. The controller does not transfer personal data in the register outside the EU or EEA, except when necessary for the fulfillment of the rights and obligations of the customer and the controller or as required by Finnish authorities.

Rights of the Data Subject

The data subject has the possibility to see and review the information concerning themselves. The data subject can exercise their right of access according to the General Data Protection Regulation (2016/679, “GDPR”) by submitting a request to Kouvolan Asunnot Oy in a handwritten document or through a personal visit to Kouvolan Asunnot Oy’s premises. In the case of a personal visit, the data subject must prove their identity. The data subject has the right to request the correction or completion of their data and the right to request the restriction of processing in situations defined in Article 18 of the GDPR. The data subject also has the right to restrict the use of their data for targeted marketing communications.

Deletion of Data

The data is deleted, and the data subject can request the deletion of their data after the termination of the customer relationship, after all the rights and obligations of the customer and the controller have been fulfilled. The data can be marked as archived/non-active before this. Prolonged archiving requires the anonymization or pseudonymization of personal data. The register is regularly reviewed for outdated information.

Protection of the Register

Unauthorized access to data and devices containing data is prevented by various technical and administrative means.

Cookie Policy

In our cookie policy, we describe how we use cookies and other similar tracking and targeting technologies (hereinafter collectively referred to as “cookies”) on our websites.

Cookies are used to collect information about how and when the website is used. This information helps improve website usability and target marketing messages to visitors on the sites.

The use of cookies is based on user consent. If you do not disable cookies, you have accepted their use.

The data controller follows prevailing guidelines when seeking consent.

The use of cookie information may be subject to new legislation or regulatory guidelines. We will adjust practices as necessary in accordance with new laws and regulatory guidelines.

What cookies are and what information is collected

We use cookies on our websites. A cookie is a small text file sent to and stored on the user’s computer.

The site uses both first-party and third-party cookies. First-party cookies are set by the site visible in the address bar. In addition to these, the sites use cookies from third parties, such as ad tech providers and social media services. Only the server that set the cookie can later read it and identify the browser, such as when the user returns to a previously visited site.

The information collected through cookies on the sites includes:

  • The number of users on the site
  • The devices used to access the site
  • The web address from which users have accessed the website
  • Individual pages visited by users

Cookies and website servers automatically store requests made by users who have visited the site. The data usually includes the user’s web request, the request’s date and time, the user’s device IP address, and the browser type and language.

The data is in a format that cannot be linked to an individual user without additional information. For example, cookies do not store the user’s name, email address, phone number, or home address.

What are cookies and related information used for?

Visitor measurement and analytics cookies:

The web analytics tool Google Analytics uses cookies to collect statistical information. Information is collected to analyze visitor numbers, content relevance, service usage patterns, and to develop the website.

Other potential analytics tools are presented in the Cookie Notices section of the site’s footer.

Targeted marketing communication cookies:

Cookies enable the Company to target marketing communications to users who have visited their site. Company partners in targeting include Google and social media services. When these service providers’ cookies are used on the Company’s website, the Company enables the collection and transmission of data to these service providers.

Additionally, Google Tag Manager is used to manage these cookies.

The processing of third-party cookie data is subject to third-party terms, which users can review below. Other tracking tools possibly used on the website are presented in the Cookie Notices section of the site’s footer and may belong to categories other than those listed above.

Google Analytics:

Purpose of the cookie: Collecting and analyzing website statistics to improve the site. Google’s cookie policies:

Google Tag Manager:

Purpose of the cookie: Centralized management of tracking tags. Google Tag Manager’s cookie policies:


Purpose of the cookie: Targeting, implementing, and analyzing marketing communications to show visitors marketing communications likely to interest them. Facebook may link the cookie identifier related to visiting the Company’s site to the Facebook user if they have a Facebook account. Facebook’s cookie policies:

Cookie expiration

Cookies are valid for a specific session, until the user closes the browser, or they are persistent cookies, which are valid for several months to several years. Users can influence the retention period of data collected by cookies by clearing cookies through browser settings, resetting the previous cookie profile.

Detailed information on retention times is available in the site’s cookie functions.

Typical data retention times are as follows:

Visitor measurement and analytics cookies:

Data collected for this purpose is typically deleted from Google Analytics in less than two years.

Targeted marketing communication cookies:

Data collected for targeted marketing communication purposes is typically processed for several months.

How can users influence cookies?

Users can block the use of cookies through the website’s cookie management tool, which is visible at the bottom of the site, or delete cookies from the browser settings. Blocking cookies may affect service functionality. If a user decides to block cookies, they may not be able to fully utilize the site.

Blocking cookie use or deleting cookies may affect previous choices made on the sites, such as removing a partner’s cookie for targeting marketing communication. Choices are browser-specific, meaning users must make their desired choices separately for each browser.

Example of blocking cookies in a browser. For other browsers, refer to the browser’s instructions:

Google Chrome

Open Google Chrome. Click the menu icon in the upper right corner and select Settings. Click Show advanced settings. Under the Privacy header, click the Content settings button. Turn off the setting “Allow sites to save and read cookie data (recommended).”

What other options do users have?

In addition to the right to information about the processing of personal data, users have the right under data protection legislation to:

  • Access personal data stored about them
  • Correct information
  • Delete information and be forgotten
  • Withdraw consent given
  • Restrict data processing
  • Request the transfer of the data provided, which is processed automatically based on consent or contract, to another system

Primarily, users can influence processing by changing their cookie settings as mentioned above. If desired, users can contact the data controller via email or phone. Contact details are at the beginning of this document. Additionally, users can file a complaint with the Data Protection Ombudsman’s office.

Supervisory authority

The Data Protection Ombudsman’s Office is responsible for overseeing and advising on compliance with the General Data Protection Regulation (GDPR) and national data protection laws. Data subjects have the right to contact the Data Protection Ombudsman’s Office if they have questions or complaints about the processing of their personal data.

Supervisory authority

Office of the Data Protection Ombudsman (Data Protection Ombudsman)

Address: Ratapihantie 9, 00520 Helsinki

Postal address: PO Box 800, 00521 Helsinki

Phone: 029 566 6700 (switchboard)