Privacy policy

Privacy Policy on Technopolis Group Companies’ Customer and Partner Register

Data Controller

TECHNOPOLIS PLC, Business ID 0487422-3, Address: Elektroniikkatie 8, 90570 Oulu, on its own behalf and on behalf of companies belonging to the same group which act as joint controllers as applicable. Such group companies are listed in the section “Regular disclosure and transfer of data, and data transfer outside the EU or EEA”.

Contact Person for Data-Related Matters

In matters related to data protection please contact via email to Coordinator Risto Kivisilta, Energiakuja 3 FI-00180 Helsinki, tel. + +358408400380, email:

Name of Register

Customer and partner register

Legal Basis and Purpose of Processing Personal Data

The processing of personal data is based on (i) performance of the rights and obligations of a lease and/or service agreement between a controller and a customer, or a data controller and its partner, for a supplier agreement, and performance of the preliminary measures required for the agreement, (ii) and/or for the purposes of the legitimate interests of the controller or of a company belonging to the same group.Personal data is used for managing, developing and maintaining the customer (including potential customer) relationship between the controller and the customer, and the related analysis, compilation of statistics, customer communication, organizing of events, customer experience evaluation, identification of the customer’s users, user management, troubleshooting of electronic services, and management of relationships between the cooperation partners. In addition, personal data is used for direct marketing by the controller and its group companies (including electronic newsletters), targeting and profiling of online advertising, and for designing and development of the controller’s products and services.

Data Content of the Register, and the Data Protection Groups

Decision-makers and contact persons of current and potential customers , suppliers and partners  of the controller, and newsletter subscribers. The registry may contain following personal data:

First name
Last name
Position in the organization (title)
Language of communication
Company address
Email address
Phone number
Electronic services username and password
Communication information (such as emails and e-forms)
Marketing and promotional data (such as marketing measures targeted at data subjects, participation in events)
Data on the use of electronic services (e.g. browsing and search data, IP addresses, and cookies)
Direct marketing consent and prohibition
Any other information provided by the data subject themselves

Regular Sources of Data

Data is collected regularly about the data subject by telephone, email, on the internet, in meetings, and in conjunction with concluding agreements and contractual relations. Personal data can also be collected and updated from public and private registers, such as the population register, other authorities, credit information companies, contact information providers, and other similar trustworthy parties.

Regular Disclosure and Transfer of Data, and Data Transfer Outside the EU or EEA

The controller does not regularly disclose the registered data to third parties.The controller uses external subcontractors to handle the tasks described in this policy, and in such cases, the service providers act on behalf of the controller. Subcontractors, i.e. recipients of personal data, include e.g. marketing and communication agencies, event organizers, data system suppliers and partners in property services and services for space. The controller is responsible for the activities of its subcontractors as for the controller’s own activities. The controller will ensure, by means of data processing agreements with subcontractors, that these parties are committed to protecting the personal data of the data subject in the manner stated in this document. In addition, the controller may disclose contact details for marketing purposes to its subcontractors used within its business operations.Some of the personal data contained in this policy will be processed outside the EU and the EEA, whereby the data controller has ensured that its subcontractor is covered by the Privacy Shield data protection system or other similar arrangements (e.g. EU Commission Model Clauses).Personal data are also disclosed and transferred to the subsidiaries and associated companies of the Technopolis Group for their use, for the purposes specified above. Personal data is transferred to the following companies in Technopolis Group:


Technopolis UMA Holding Oy
Kiinteistö Oy Innopoli II
Technopolis Kiinteistöt Espoo Oy
Technopolis Kiinteistöt Pääkaupunkiseutu Oy
Kiinteistö Oy Helsingin Energiakatu 4
Kiinteistö Oy Falcon Tinnu
Kiinteistö Oy Falcon Hali
Kiinteistö Oy Falcon Lago
Kiinteistö Oy Falcon Gentti
Technopolis Kiinteistöt Oulu Oy
Kiinteistö Oy Technopolis Peltola
Technopolis Kiinteistöt Tampere Oy
Kiinteistö Oy Technopolis Tohloppi
Kiinteistö Oy Oulun Ydinkeskusta
Oulun Ydinkeskustan Parkki Oy
Kiinteistö Oy Hermia
Technopolis Kuopio Oy
Kiinteistö Oy Technopolis Viestikatu 1-3
Kiinteistö Oy Technopolis Microkatu 1
Kiinteistö Oy Technopolis Viestikatu 7


Technopolis AB
Technopolis Gårda AB


Technopolis AS
Campus H AS
Campus T AS
Campus X AS
Campus P AS


Technopolis ApS


Technopolis Lietuva UAB
UAB Domestas
UAB Urban housing
UAB Gama projektai
Delta Biurai UAB
UAB Sorta
Nova Biurai UAB


AS Technopolis Ülemiste

Principles of Registry Protection and Data Storage Period

The only persons who have access rights to the personal data system are those employees of the controller who have the right to process personal data contained in this register for the purposes of carrying out their work. Each user has their own username and password for the system. Data is collected in databases that are protected by firewalls, passwords, and other technical measures. Databases and backups are located in locked spaces, and only certain pre-designated persons can access them.Personal data is stored for as long as it is necessary for fulfilling the purpose of the personal data. As a rule, the data are kept for the full duration of the customer or partnership relationship, and for six (6) months after its end. However, the controller always has the right to store personal data or otherwise process them after the aforementioned period of storage in the circumstances permitted by law in force from time to time, such as the retention periods to be observed in the Accounting Act and the Withholding Tax Act. The personal data of decision-makers will be stored permanently for direct marketing purposes within the limits of the law.The controller will regularly assess the need for the storage of personal data, and will also take reasonable measures to ensure that incompatible, obsolete or inaccurate personal data on data subjects is not saved in the register.

Rights of the Data Subjects

The data subject has the right to inspect the data on him or her that is stored in the register, as well as to demand that any incorrect data be corrected and that any data on him or her be deleted from the register. Any such requests must be submitted in writing personally to Technopolis’ reception service or to data subject has the right to deny the controller access to data about the subject for the purposes of direct advertising, market research, opinion polling or related profiling. Such a prohibition may be provided at any time to or, for example, by opting out of the mailing list in the manner instructed in the marketing messages themselves.In accordance with the General Data Protection Regulation, the data subject has the right to object or request restriction of processing of the subject’s data, and to file a complaint against the processing of their personal data to the relevant supervisory authority.

Data Controller

This privacy policy as in force from time to time is available at