1. General
With this register and privacy statement, we provide information about the collection and processing of personal data. We process personal data in accordance with the General Data Protection Regulation (GDPR) of the European Union for the purposes defined in this statement.
2. Data Controller
Will & Must Ltd (3295686-7, Töölönkatu 4, 00100 Helsinki) is the data controller (referred to as “we” herein). You can inquire further about the processing of personal data by emailing us at info@willmust.fi
Separate project companies established for our projects are controllers for the personal data provided and processed concerning those projects (read more about data disclosures in section 5).
3. Legal Basis and Practices of Processing
The processing of personal data is based on consent given by the data subject, a contract with the data subject, legal obligations, or legitimate interests of the data controller.
We process personal data concerning establishing and maintaining customer and contractual relationships, accounting, internal reporting, auditing, personnel management, payroll, recruitment, and corporate transactions. Certain personal data may be used for business development purposes such as market analysis, statistics, and risk management. Personal data may be used sparingly for marketing, such as sending information about our services and newsletters. We collect information from visitors to our website to enhance visitor experience and gather insights into website statistics.
Personal data is not used for profiling or automated decision-making.
Personal data is processed only for the time necessary for the purposes of processing unless we have a legal obligation to retain personal data for longer. We delete or anonymise the personal data once processing is complete (and any legal retention obligation has ceased).
4. Processed Data
We process the cookie data of visitors to our website. Such data may include the visitor’s device IP address, operating system, and browser type. Cookie data is not used to identify individual users. We may use third-party analytics services for cookies and other website data. Visitors to the website can refuse to accept cookies from our website and delete existing cookies from their web browser settings. We process personal data obtained through the contact form on our website, such as name, email address, position, property information, and other information provided by the sender when submitting the form response.
5. Data Disclosures
We primarily process personal data internally. Access to personal data is restricted to those employees who need to process personal data for the performance of their duties. If personal data is disclosed or transferred, the disclosure or transfer is made only to the extent necessary for the purposes of processing described in this statement. We may disclose personal data to our partners, subcontractors, external service providers, and other third parties such as legal advisors, technical consultants, notaries, agencies, authorities, and municipalities. We enter into necessary data processing agreements with the processors who receive the data. Processors must follow our instructions and commit to appropriate technical and organisational measures to protect personal data. The data controller of personal data for our projects may change, for example, due to corporate restructuring, in which case the personal data related to the project is transferred to a separate project company, and the project company’s privacy policy determines the purposes and methods of processing.
6. Basis of Data Protection
We process personal data in accordance with the law and exercise particular care in processing. We limit the processing of personal data to the purposes defined in the privacy statement and only to those employees for whom processing is necessary. We use appropriate technical and organisational measures to protect personal data. We only use proven and reliable IT solutions and, when necessary, our internal practices.
7. Rights of the Data Subject
The data subject has the right to information about the processing of personal data. The individual in the register has the right to receive confirmation of whether their personal data is being processed or not, the right to information about the purposes of any processing, the right to a copy of the processed personal data, the right to correct or delete incorrect personal data, the right to restrict the processing of personal data in certain situations, the right to withdraw consent previously given for the processing of personal data, and the right to request the transfer of personal data to a third party in certain situations. Requests regarding the data subject’s rights can be sent to the email address provided in section 2. The requester may be required to prove their identity. If you believe that the processing of your personal data violates applicable law, you can file a complaint with the supervisory authority. The data protection authority in Finland is the Office of the Data Protection Ombudsman (tietosuoja.fi/en/home).
8. Updates
Last update: May 2024. This privacy statement may be updated and amended as data protection practices require. Please note that we do not personally notify data subjects of any changes to the privacy statement.