EuroPark Finland Oy, 1544350-9 P.O. Box 336, 00101 Helsinki

Technical parking and customer register

The basis for the processing of personal data is EuroPark Finland Oy’s legitimate interest based on a customer relationship and/or other appropriate connection and the implementation of a contract.

In situations where the basis for data processing is legitimate interest, we have conducted a balance test and assessed that the person’s interests or basic rights and freedoms requiring data protection do not supersede our legitimate interest.

The purpose of processing personal data is:

• the delivery and development of our products and services
• the management and invoicing of parking contracts and parking rights
• parking control and the verification of parking rights
• processing complaints
• customer and market research
• other management of our customer relationships

In connection with the customer register, we process the following personal data of customers or other data subjects, such as trainees:

• The data subject’s basic information, such as name, date of birth, social security number, customer number
• The data subject’s contact information, such as email address, phone number, address
• Data pertaining to a company and the company’s contact persons, such as business ID and the contact persons’ names and contact information
• Data pertaining to the customership and contract, such as data on past and current contracts and orders, call recordings, written communication with the customer/data subject, and other contacts, cookies and the data related to the use thereof
• Vehicle registration number
• In connection with parking control, the vehicle’s make, model, and registration number, and digital photographs of the vehicle

Providing the personal data is a prerequisite for creating a contract relationship and/or customer relationship. Without the necessary personal data, we cannot supply the product and/or service.

We obtain data primarily from the following sources: the data subject themselves, the authorities, credit report companies and client companies’ websites. In addition, data is obtained from those filing a complaint who identify themselves as a data subject.

Personal data can also be collected and updated for the purposes described in this privacy policy from publicly available sources and from authorities or other third parties within the bounds of legislation applied on the basis of the data obtained. This kind of update of data is done manually or automatically.

The data saved in the register can be disclosed to debt collection agencies operating in Finland for the purposes of debt collection.

We utilise subcontractors acting on our account for the processing of personal data. We have outsourced IT management to an outside service provider. Personal data is saved on a server managed and protected by this provider. We utilise trusted contract partners, whose contracts all account for the requirements set out by the EU General Data Protection Regulation and other legislation. Together with third parties, we also utilise customer data for analytics and personalisation purposes.

We may also turn your data over to authorities in the event that the law obliges us to disclose the data, for example if it is required for the prevention or investigation of fraud or other illegal activity. We may also disclose your personal data to other parties on order by a competent court. In addition, in connection with a possible business sale or other business restructuring, we may disclose your data to the buyer of the business or other party relevant to the restructuring of the business.

Personal data will not be disclosed outside the EU or the EEA.

The confidentiality of personal data is important to us. We have carried out the proper technical and organisational measures to protect the personal data from accidental or illegal loss, disclosure, abuse, alteration, destruction or unauthorised access.

Only employees authorised to process customer data for their work are entitled to use the system containing personal data. Each user has their own username and password for the system. Data is collected in databases that are protected by firewalls, passwords and other technical measures. The databases and their backups are located in locked rooms, and only certain previously designated persons have access to the data. Paper documents are stored in locked rooms. The disposal of materials containing personal data is done in a secure manner.

Our staff have been extensively trained and instructed in the appropriate processing of personal data, and all persons processing personal data are under obligation of secrecy in regards to all personal data.

We regularly evaluate the necessity of retaining data, taking into account the applicable legislation. In addition, we will take reasonable steps to ensure that no personal data is stored in the register that is incompatible, outdated or inaccurate with regard to the purposes of the processing. We will correct or erase any such data immediately.

If, despite the security measures, a security breach which is likely to have a negative impact on the data security of the data subjects were to occur, we will notify the competent authorities and relevant data subjects of the breach as soon as possible, if the applicable data protection legislation so requires.

As a data subject, you have the right to inspect the personal data collected about you and stored in the personal data register and to demand the rectification or erasure of incorrect, outdated, unnecessary or illegal data. The right of inspection is free of charge once per year. If you request multiple copies of your data or if your request is otherwise clearly unfounded or unreasonable, we may charge you a reasonable fee for the performance of the request.

If you have access to your own data, you can edit it yourself. If processing is based on consent, you also have the right to revoke or change your consent.

As a data subject, in accordance with the Data Protection Regulation, you also have the right to object to or request restriction of processing and to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Finland, this is the Data Protection Ombudsman, the contact information of which can be found at the address tietosuoja.fi.

Insofar as the data subject has personally provided information in the customer register that is processed under the consent or mandate given by the data subject, the data subject has the right to obtain such information, primarily in machine-readable format, and the right to transfer this information to another data controller.

For specific personal reasons, you also have the right to object to the processing of your data when the processing of data is based on our legitimate interest. Your claim must specify the specific situation on the basis of which you object to the processing. We may only refuse to comply with a request for objection on the grounds laid down by law.

In the event that we make any amendments to this policy, they will be visible in the policy along with their dates. If the amendments are significant, we may also communicate them through other means, such as via email or by posting about the matter on our website. We recommend that you regularly visit our website and take note of any possible changes in the policy.

This privacy policy was last updated on 7 December 2023.