Prepared on June 27, 2025
Top Building Oy Business ID: 1847657-6 Espoo, Finland
Jonne Melleri
jonne.melleri@topbuilding.fi
+358 50 571 2854
Top Building Oy Customer Register
The legal basis for processing personal data, in accordance with the EU General Data Protection Regulation (GDPR), is the consent of the individual.
The purpose of processing personal data is new customer acquisition and customer relationship maintenance. Data processing may also be necessary for managing customer and subcontracting agreements, project implementation, invoicing, documenting occupational safety and training data, and fulfilling statutory official requirements.
The register may collect the following personal data:
Name, contact information, website addresses.
IP addresses of network connections.
IDs/profiles in social media services.
Information regarding ordered services and changes thereto.
Invoicing details and other data related to the customer relationship and ordered services.
Special Data: The register may also store information on work performance, occupational safety training (e.g., safety cards), machine and access permits, photographs of worksites, location data from project management systems, and customer feedback.
Website Visitors: IP addresses of website visitors and necessary functional cookies are processed based on legitimate interest for purposes such as cybersecurity and collecting statistical visitor data when deemed personal data. Consent for third-party cookies is requested separately when necessary.
Data stored in the register is obtained from the customer via messages sent through online forms, email, telephone, social media services, contracts, customer meetings, and other situations where the customer discloses their information. Contact details for companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.
Data may be transferred to technical service providers (e.g., email, cloud service, and system providers) only to the extent necessary for the implementation of the services. Data will not be disclosed outside the EU or EEA area without appropriate safeguards.
The processing of the register is conducted with due care, and data processed with the aid of information systems is properly protected. When register data is stored on Internet servers, the physical and digital security of the hardware is appropriately maintained. The Controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes such processing.
Every individual listed in the register has the right to check the data stored about them and to request the correction of any erroneous data or the completion of incomplete data. If an individual wishes to review the stored data or request its rectification, a request must be sent in writing to the Controller. The Controller may request the individual to prove their identity if necessary. The Controller will respond to the customer within one month.
The individual listed in the register has the right to request the deletion of their personal data from the register. Requests must be sent in writing to the Controller. The Controller may request the individual to prove their identity if necessary. The Controller will respond to the customer within one month.