Boffice Oy's General Privacy Policy

Valid from 16.8.2023



1. The controller

Boffice Oy ("Boffice Oy" or "we") processes personal data in the course of its activities for customer relationship management, enabling customer communication, executing contracts and for direct marketing purposes. In addition, we collect analytics data about visitors to our website.

In addition to individual customers, Boffice Oy has corporate customers and partners whose representatives' personal data may be processed as part of this register. The data of representatives of corporate customers will only be used to carry out communications and marketing for the community.

It is important to Boffice Ltd that you know how we process your personal data. Below we explain more about how we process your personal data.

Please note that this Privacy Policy applies only to the processing of personal data by Boffice Oy as the controller.

2. Contact information

Contact details of the controller 

Business ID: 3127332-7

Address: Kaivokatu 10A, 00100, Helsinki

Phone number: 029 002 2220

E-mail address: info@boffice.fi

Website: www.boffice.fi

Person responsible for the register

Tommi Ora

info@boffice.fi

Kaivokatu 10A, 00100, Helsinki

3. Data collected

Customers and marketing contacts

  • First and last name 

  • Contact us

  • Consents, prohibitions or other information relating to direct marketing or additional information provided

  • Information related to office rental, contacts and other processes

  • For representatives of corporate customers, the name, position and other details of the organisation

  • Other customer-related information

Website

  • IP address

  • Browser session tags

  • URL route on the site

  • Date of visit

  • Browser type and version

  • Type of device

  • Name and email address or phone number of the person who received the newsletter or contact request from the website

  • Change log for information relevant to the tenancy relationship

4. Sources of personal data

In principle, we obtain the data processed in accordance with this Privacy Policy from the data subjects themselves.

The data collected from the website is stored on the server when you visit it.

Information may also be obtained through other service providers, such as business registries and authentication service providers.

5. Purposes of data processing

Personal data may also be used for the following other lawful and consented purposes: marketing, service provision and implementation, customer service implementation and development, statistics and analysis, service, customer service and business development and other activities relevant to the rental.

To provide a service or perform a contractual relationship

Personal data is used for the provision of office services and other activities related to the management of the office. The collection and use of data is based on a signed lease agreement.

Customer communication and relationship management

Personal data is used for the management and administration, maintenance, development and communication of the customer relationship between Boffice Oy and the Customer. If you contact us, we will use the information provided to answer questions and resolve any problems you may have and to process your communication.

For direct marketing purposes

If you have given your consent to receive direct marketing, we may send you information about Boffice Oy's activities, office locations, additional services and other direct marketing material.

The data subject always has the right to object to our use of personal data for direct marketing, market research or profiling by contacting us using the contact details provided above or by using the unsubscribe option provided in direct marketing messages or newsletters.

6. Shelf life

We will only retain personal data for as long as required by law or as necessary to fulfil the purposes identified above.

7. Transfer of personal data outside the European Economic Area

We may process personal data in systems that transfer data outside the European Union and the European Economic Area. If the European Commission has not considered the level of data protection in the country of destination to be adequate, we will take other measures to ensure an adequate level of protection for your personal data.

8. Categories of recipients of personal data

We may disclose information to the authorities supervising your business activities, the Tax Authority, the Data Protection Ombudsman or any other party required by law to the extent set out in this Privacy Notice.

For legal reasons

We may disclose personal information to parties outside of Boffice Ltd's organization if access to the personal information is reasonably necessary (i) to comply with applicable law, regulation or court order; (ii) to detect, prevent or otherwise address fraud, money laundering, terrorist financing, security or technical issues; or (iii) to protect or ensure the safety of Boffice Ltd or our customers' property or for public interest purposes as required by law.


For authorised service providers

We may disclose personal information to authorised service providers who provide services to us. Our contracts with our service providers include commitments under which the service providers agree to limit the use of personal data and to comply with, at a minimum, the privacy and security standards set out in this Privacy Statement.


With your explicit consent

We may disclose personal data to third parties outside Boffice Oy's organisation for reasons other than those mentioned above where we have the data subject's explicit consent. The data subject has the right to withdraw such consent at any time.

9. Rights of the data subject

Right of access to data

Data subjects have the right to access their personal data processed by Boffice Oy. If you wish, you can contact us to find out what personal data we process and for what purpose it is used.

The right to request the correction of information 

You have the right to have any inaccurate, inaccurate, incomplete, outdated or unnecessary personal data that we hold corrected or completed by us. By contacting us, you can, for example, update your contact details or other personal data.

The right to request the deletion of information 

You can ask us to delete your personal data. We will comply with your request unless we have a legitimate reason not to.

Right to object and right to restrict processing

You have the right to object to the processing or profiling of your data if your data is processed for direct marketing purposes. You also have the right to request the restriction of the processing of your personal data, including where the information about you is inaccurate. In addition, in certain specific situations, you have the right to object to the processing of your personal data on grounds of a particular personal situation.

The right to transfer data from one system to another

The data subject has the right to receive his or her personal data from us in a structured and commonly used format and to independently transfer the data to a third party.

Exercising rights

If you wish to exercise any of the above rights, please send Boffice Ltd by post or email the following information: name, address, telephone number and a copy of a valid identity document. In order to prove your identity, we may request additional information. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded. 

11. Information security

We have put in place administrative, organisational, technical and physical safeguards to protect the personal data we collect and process. Our security measures are designed to maintain an appropriate level of confidentiality, integrity and availability of data.

Personal data may only be processed by persons whose job duties justify it. The use of personal data is protected by appropriate user-specific IDs, passwords and access rights.

12. Making a complaint

You have the right to lodge a complaint with a supervisory authority if you believe that Boffice Oy's processing of your personal data is in breach of data protection legislation.