Sustera Group
Contact / Privacy statement: Customers and Stakeholders

Privacy statement: Customers and Stakeholders

Updated: 3 march 2025

Customers and Stakeholders

In this privacy statement, we explain how we collect, process, disclose, and protect the personal data of our customers and stakeholders. Personal data refers to any information that relates to an identified or identifiable natural person, i.e., you. Such information about you includes, for example, your name, address, phone number, and photograph.

We also explain your rights as a data subject.

Any surveys and feedback forms directed at you may contain links to the websites or services of other companies, which have their own privacy policies. We recommend that you familiarize yourself with the privacy policies of such third parties.

At Sustera, we comply with the General Data Protection Regulation (“GDPR”) of the European Union (“EU”) and other applicable data protection legislation.

Below you will find more information on how we process your personal data. If you have any further questions, please contact us.

Data Controller and contact information

The data controller is Sustera Oy or another company within the Sustera group (hereinafter “we” or “data controller”) that processes personal data related to its customers, partners, and other stakeholders.

Email: sales@sustera.com
Phone: +358 30 670 5500

Recipients of Personal Data

Your personal data is processed only by those individuals within the Sustera group whose work duties require the processing of such data.

Your personal data may also be transferred, based on a contract, to outsourced service providers for processing on our behalf. For example, data and responses from potential surveys and feedback forms may be processed by our contractual partners as necessary. Such subcontractors include, for example, IT service providers who handle the technical maintenance of systems or the processing of feedback. Service providers process your personal data in the manner we define for the provision of our services and do not have the right to use your data for their own purposes.

We use external service providers for purposes such as research and development of our services, marketing, customer relationship management, billing and collection, system delivery and maintenance, and the provision of various technical platforms.

Purpose of Processing Personal Data

The maintenance, management, and statistical analysis of customer, business associate, and stakeholder data, business development, and the monitoring, management, and statistical analysis of data on the interests of data subjects. The monitoring and management of order and billing information, the execution of assignments, the maintenance and statistical analysis of customer, author, and site data required for the content and delivery of reports, the provision of services and products, marketing, business development, and related customer service development, the management and development of customer relationships, and the monitoring and analysis of service-related choices and preferences.

We also collect and process your personal data to comply with our legal obligations, for example, regarding accounting or to fulfill legally based requests from authorities.

We process your personal data in connection with the collection, utilization, processing, and publication of surveys and feedback, as well as for event registration and participation. We may publish and utilize your feedback on our website, newsletters, marketing materials, social media, and internal training, as well as for the development of our operations. We will inform you in the feedback survey if your responses are processed anonymously or if the feedback is not published.

We may also photograph and video record meetings, events, and occasions we organize, and such material may be used in our internal and external communications, such as on our website, social media, and printed materials.

Basis for Processing Personal Data

We process your personal data based on one of the following:

  • A legal obligation that we, as a company, must fulfill or to comply with legally based requests from authorities.
  • A mutual agreement (e.g., an order agreement),
  • Your consent (e.g., electronic direct marketing). In this case, you can withdraw your consent at any time,
  • Our legitimate interest (e.g., statistical analysis and the transfer of your personal data within our group), or
  • A legal obligation that we, as a company, must fulfill or to comply with legally based requests from authorities.

Categories of Data Subjects

Customers and their possible representatives, such as real estate agents or property managers. Additionally, business associates and other stakeholders or their representatives.

Categories of Personal Data

We process your personal data only to the extent necessary. The following data may be collected about data subjects:

  • Additionally, we may record calls to ensure customer satisfaction and service situations, as well as for training purposes
  • Name, personal identification number, date of birth, language, photograph, video, address, email address, phone number, and site information
  • Job title, education information, language skills, title, organization
  • Contact information, call requests, and other inquiries, as well as consent for direct marketing and possible consent for newsletter subscription and the withdrawal of such consents
  • Requests for quotations, sent offers, orders, customer number
  • Data stored with your consent from third-party registers
  • Your stated interests, areas of interest, and other information
  • Your satisfaction data and comments related to the data controller’s services
  • Other information and attachments you provide and add, including images
  • When responding to feedback and survey forms, we collect background information about you in addition to the feedback for statistical purposes and service performance, such as ownership duration and the number of people living in the same household
  • Information about participation in events and training. For events and training, we also collect necessary information, such as dietary preferences related to catering. The event registration information you provide may include health information, such as allergy information
  • For our applications and web-based services, we also collect information about your username and password, as well as usage history data
  • We also collect and process your personal data to comply with our legal obligations, for example, regarding accounting or to fulfill legally based requests from authorities.
  • We process your personal data in connection with the collection, utilization, processing, and publication of surveys and feedback, as well as for event registration and participation. We may publish and utilize your feedback on our website, newsletters, marketing materials, social media, and internal training, as well as for the development of our operations. We will inform you in the feedback survey if your responses are processed anonymously or if the feedback is not published.
  • We may also photograph and video record meetings, events, and occasions we organize, and such material may be used in our internal and external communications, such as on our website, social media, and printed materials.

Regular Sources of Information

Primarily, we obtain information either directly from you, with your explicit consent, or otherwise with your involvement from third-party registers.

The main sources of information are the order agreement and information obtained directly from the data subject during contact inter alia with customer service and other interactions. Company information may also be collected from various public registers and company websites.

Additionally, customers and other stakeholders can enter their information into systems themselves, for example, when participating in training and filling out survey and feedback forms. Other sources of information may include our website and the information you provide/enter yourself. Furthermore, during the establishment of various services, we collect your information via order forms and during customer service interactions, as well as from the customer information system database.

Information may be collected directly from you during registration, from business associates, or from contact information published by various media.

Regular Disclosures of Data and Transfer of Data Outside the EU and the European Economic Area

Data may be disclosed and transferred within the group for the performance of tasks necessary for maintaining customer relationships, providing services, enabling billing, offering and marketing our own and our partners’ services, and managing customer relationships or partnerships, as well as to parties with a statutory right to receive the data. Reports related to assignments and the personal data contained therein may be disclosed to the clients of the assignment, their representatives, or third parties within the limits permitted by law.

We primarily process data within the EU and the European Economic Area. Therefore, data is generally not transferred or disclosed outside the EU and the European Economic Area unless it is necessary for the processing of personal data as described above, in which case we ensure an adequate level of protection for personal data as required by law and particularly by Articles 45-46 of the EU General Data Protection Regulation (GDPR). Please note that some of our business associates may process your personal data outside the EU (such as Google and Facebook).

Retention Period of Personal Data

Data is retained only as long as it is necessary for our operations or as required by law. The retention period may vary by data category. The retention of data and reports is important, for example, to determine whether we have previously conducted inspections, investigations, or other actions at a site that may be relevant for new assignments. Additionally, for example, in the case of a Condition Inspection in connection with a real estate transaction, the report must be retained for at least 10 years according to the instructions (KH 90-00393, Kuntotarkastus Asuntokaupan yhteydessä, Tilaajan ohje).

Principles of Personal Data Protection

Personal data is primarily stored electronically and protected by necessary technical measures. Appropriate technical and organizational security measures are in place to protect personal data against loss, misuse, disclosure, alteration, and destruction. Physical materials containing personal data are stored in locked premises/filing cabinets, accessible only to designated and authorized individuals whose duties require access. Access to databases and systems, as well as the use of personal data, is restricted to employees, practitioners, and other individuals who need access to the database for their duties and who have the right to process such personal data as part of their work.

Rights of the Data Subject

The data subject has the right to:

  • Lodge a complaint with a supervisory authority regarding the processing of personal data.
  • Request access to their personal data from the data controller and the right to request the rectification or erasure of such data or the restriction of processing or to object to processing, as well as the right to data portability;
  • To the extent that the processing of personal data is based on the data subject’s consent, the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal;
  • Not be subject to automated decision-making without a legal basis;
  • Lodge a complaint with a supervisory authority regarding the processing of personal data.

Right to Lodge a Complaint with a Supervisory Authority

If you believe that we are not processing your personal data in accordance with data protection regulations, you can lodge a complaint with the supervisory authority in the EU member state where your permanent residence or workplace is located or where you believe the infringement has occurred.

In Finland, the supervisory authority is the Data Protection Ombudsman:

Office of the Data Protection Ombudsman
Visiting address: Lintulahdenkuja 4 00530 Helsinki
Postal address: P.O. Box 800, 00531 Helsinki
Phone (switchboard): +358 (0)29 566 6700
Email: tietosuoja(at)om.fi
www.tietosuoja.fi

In Sweden, the authority in question is Swedish Authority for Privacy Protection:
www.imy.se