Customer register privacy policy
1. Data controller
EuroPark Finland Oy, 1544350-9 P.O. Box 336, 00101 Helsinki
2. Contact person for matters relating to the register
3. Name of the register
Technical parking and customer register
4. Purpose and legal basis for the processing of personal data
The basis for the processing of personal data is EuroPark Finland Oy’s legitimate interest based on a customer relationship and/or other appropriate connection and the implementation of a contract.
The purpose of processing personal data is:
- the delivery and development of our products and services
- the management and invoicing of parking contracts and parking rights
- parking control and the verification of parking rights
- processing complaints
- customer and market research
- other management of our customer relationships
5. Data content of the register
In connection with the customer register, we process the following personal data of customers or other data subjects, such as trainees:
- The data subject’s basic information, such as name, date of birth, social security number, customer number
- The data subject’s contact information, such as email address, phone number, address
- Data pertaining to a company and the company’s contact persons, such as business ID and the contact persons’ names and contact information
- Data pertaining to the customership and contract, such as data on past and current contracts and orders, call recordings, written communication with the customer/data subject, and other contacts, cookies and the data related to the use thereof
- Vehicle registration number
- In connection with parking control, the vehicle’s make, model, and registration number, and digital photographs of the vehicle
Providing the personal data is a prerequisite for creating a contract relationship and/or customer relationship. Without the necessary personal data, we cannot supply the product and/or service.
6. Regular sources of data
We obtain data primarily from the following sources: the data subject themselves, the authorities, credit report companies and client companies’ websites. In addition, data is obtained from those filing a complaint who identify themselves as a data subject.
Personal data can also be collected and updated for the purposes described in this privacy policy from publicly available sources and from authorities or other third parties within the bounds of legislation applied on the basis of the data obtained. This kind of update of data is done manually or automatically.
7. Regular disclosure of data
The data saved in the register can be disclosed to debt collection agencies operating in Finland for the purposes of debt collection.
We utilise subcontractors acting on our account for the processing of personal data. We have outsourced IT management to an outside service provider. Personal data is saved on a server managed and protected by this provider.
8. Transfer of personal data outside the EU and the EEA
Personal data will not be disclosed outside the EU or the EEA.
9. Principles of protection for the register
Only employees authorised to process customer data for their work are entitled to use the system containing personal data. Each user has their own username and password for the system. Data is collected in databases that are protected by firewalls, passwords and other technical measures. The databases and their backups are located in locked rooms, and only certain previously designated persons have access to the data.
We regularly evaluate the necessity of retaining data, taking into account the applicable legislation. In addition, we will take reasonable steps to ensure that no personal data are stored in the register that are incompatible, outdated or inaccurate with regard to the purposes of the processing. We will correct or erase any such data immediately.
10. Rights of the data subject
As a data subject, you have the right to inspect the personal data collected about you and stored in the personal data register and to demand the rectification or erasure of incorrect, outdated, unnecessary or illegal data. If you request multiple copies of your data or if your request is otherwise clearly unfounded or unreasonable, we may charge you a reasonable fee for the performance of the request.
If you have access to your own data, you can edit it yourself. If processing is based on consent, you also have the right to revoke or change your consent.
As a data subject, in accordance with the Data Protection Regulation, you also have the right to object to or request restriction of processing and to lodge a complaint with the supervisory authority regarding the processing of your personal data.
Insofar as the data subject has personally provided information in the customer register that is processed under the consent or mandate given by the data subject, the data subject has the right to obtain such information, primarily in machine-readable format, and the right to transfer this information to another data controller.
For specific personal reasons, you also have the right to object to the processing of your data when the processing of data is based on our legitimate interest. Your claim must specify the specific situation on the basis of which you object to the processing. We may only refuse to comply with a request for objection on the grounds laid down by law.
11. Amendments
In the event that we make any amendments to this policy, they will be visible in the policy along with their dates. If the amendments are significant, we may also communicate them through other means, such as via email or by posting about the matter on our website. We recommend that you regularly visit our website and take note of any possible changes in the policy.