Best Data Processing Practices
FIMX is the data controller regarding the Data included in the User register of FIMX Service and is responsible for ensuring proper compliance with general data protection principles, such as duty of care, exclusivity of purpose, necessity, accuracy and lawfulness requirements in processing the Data. FIMX specifically observes restricted access to the Data as well as the protection of the Data and the required confidentiality procedures.
FIMX is aware of the close connection between data protection and data security, and deems data security to be essential in collecting, processing and storing Data. Personal data is protected from disappearing, unauthorised processing and use, destruction, alteration and unauthorised disclosure using reasonable technical safety measures. In order to protect information in practice, FIMX employs appropriate technical and administrative safety measures proportionate to the likelihood and severity of any losses and threats as well as the sensitivity of the data. The databases are protected against external security breaches by firewalls, passwords and other appropriate means. The databases and their backups are physically located in locked premises.
Use of Data
FIMX primarily uses the data collected from Data Subjects to enable the use of the Service, for maintenance and development, for investigating liabilities and permit matters and for customer communications regarding, for example, software updates as well as for residential notices within the framework of the Service (including maintenance requests, apartment inspections and general meetings), and the performance of other duties arising from a residential relationship. The Data may also be used for communication and distributing information regarding the Service between FIMX and Data Subjects.
The Service is subject to the User’s Terms and Conditions which each User must accept in connection with registering. Data collection is primarily based on the specific consent of each Data Subject. Within the limits of the legislation, data can be collected in relation to the customer relationship, a legitimate interest, or the management, administration, development or analysis of a relationship based on a factual link. Some of the Data included in the service is based on an employment relationship. Data can be processed automatically to a certain extent.
Within the limits of and in accordance with the requirements of applicable legislation and the Terms and Conditions of the Service, Data can be disclosed to, for example, FIMX’s subcontractors and Partners related to completing service orders (such as maintenance duties). FIMX customer organisations can process Data in the Service in accordance with the Terms and Conditions of the Service. Data will not be disclosed outside the Service for commercial purposes.
Data is only collected to the extent and for as long as this is appropriate for the purpose of use or justified for the specific purpose of FIMX complying with its legal obligations and fulfilling its agreements. For example, resident Data is destroyed at the latest when a Data Subject has not lived in a certain housing company managed in FIMX Service for a period of ten (10) years, unless otherwise required due to legislation or compliance with legal obligations. The User’s Data is automatically removed from the Service after the User has remained passive for a period of ten (10) years, unless otherwise required due to legislation or compliance with legal obligations.
The Data is either removed at the end of the storage period or anonymised and appropriately archived. The Data Subject will be requested to verify the accuracy of the used Data periodically.
The User is aware that using the Service is impossible without certain information, such as an email address and a password.
The Rights of Data Subjects
FIMX guarantees that Data Subjects can at all times exercise their legal rights. These include the right to access and check data, the right to correct and transfer data, the right to be forgotten, and the right to prohibit. Data Subjects have the right to check any data concerning them that is stored in the Service. Users can check, modify and delete their user information directly by logging on to the FIMX Service.
Data Subjects have the right to refuse the processing and disclosure of their personal data by contacting the controller. In addition, Data Subjects have the right to demand corrections to incorrect data by contacting the controller. Data Subjects’ right to have their Data removed is not without exception. FIMX can refuse to remove data if the processing or storage of the data is necessary for the purpose of, for example, complying with a legal obligation, verifying a contractual obligation, performing measures necessary to a customer relationship or another similar justification. However, in such cases the data is pseudonymised or archived so that it is not actively processed.
The User is always entitled to prohibit the processing of his/her Data, to cancel his/her previous consent for collecting Data or to request that the Data is removed. However, the User is aware that the use of the Service will then not be possible.
If the User considers that FIMX has processed personal data in violation of data protection legislation, the User may lodge a complaint with the competent supervisory authority.
Sensitive Data and Children’s Personal Data
Because FIMX cannot practically prevent its customer organisations from saving sensitive data in the Service, including social security numbers, it will endeavour to maintain a particularly high level of data protection for the whole Service at all times and will offer both Partners and Users guidelines on how to avoid recording sensitive Data in the Service.
FIMX will try to collect as little sensitive personal data as possible and will only process sensitive data if it is necessary for the purpose of implementing the Service or performing its contractual obligations. FIMX especially respects the privacy of children. However, due to the nature of the Service and its appropriate implementation, FIMX collects the personal data of children only with the consent of their guardian.
Cookies and Other Technical Data
Technical data is collected from the Data Subjects for the purpose of developing services, enhancing the customer experience and complying with FIMX’s rights and obligations. Such data includes at least the IP address, log information, location data and cookies. FIMX’s visitor analytics respect the Do Not Track preference available in major browsers. The analytics application FIMX uses supports these preferences.
If the Data Subjects do not want cookies to be collected, they can choose to not accept the cookies. In such cases, some of the Service properties may not function partly or at all.