Privacy policy
1. Data controller
Company name: Finnpark Oy
Company postal address: P.O. Box 15, 33211 Tampere
Business ID: 0155063-7
Email for register inquiries: asiakaspalvelu@finnpark.fi
2. Contact person in register-related matters
Name: Mikko Paavola
Email: asiakaspalvelu@finnpark.fi
Telephone: +358 3 387 800
3. Register name
Moovy Service Parking and Customer Register
4. The purpose of processing personal data
The purpose of processing the personal data contained in the Moovy Service Parking and Customer Register is to manage and maintain the customer relationship of the customer using the Moovy service, manage the customer contracts, billing details, and access rights, verify customer transactions, develop customer service and the business, and customer communication and marketing.
Furthermore, vehicle registration numbers are processed for charging parking events to the correct customer. Vehicle registration numbers are also used as a basis for access rights verification, for controlling the access control devices, and for facilitating the customer’s entry into and exit from parking facilities. Vehicle registration numbers can also be used in parking surveillance to verify the right to park and to match the parking event with the correct customer.
The personal data in the register can also be used to investigate situations of abuse that have occurred in connection with the parking service.
The provision of personal data is a prerequisite for using the Moovy digital service through the Moovy application. The processing of personal data is based on national legislation and the EU’s General Data Protection Regulation (GDPR). The legal bases for processing personal data are the customer’s consent, the contract between the customer and Finnpark Oy, and Finnpark Oy’s legitimate interest derived from the customer relationship.
Personal data is processed only to the extent necessary for the controller’s business and the provision of services. Where processing of personal data is based on the customer’s consent, the customer has the right to withdraw their consent at any time. However, the withdrawal of consent will not affect the lawfulness of the processing prior to the withdrawal of consent.
5. Data to be registered, data groups, and legal bases for processing
The data collected and processed in the register comprises personal data disclosed by Finnpark Oy’s customers when registering for and using the Moovy service.
Personal data required for setting up and using the Moovy service is stored in the register on the basis of the contract and the customer’s consent. This data includes the registration numbers of the vehicles added by the customer, which are linked to the customer’s name, address, telephone number and e-mail addresses provided by the customer, to the services and products subscribed to by the customer, and to their order, billing, and payment details. For electronic services, the user ID, password, and other potential unique identifier are stored. For corporate customers, the company’s business ID and contact details of the contact person are stored.
On the basis of the contract and the customer’s consent, photographs of the registration numbers of vehicles used for parking may also be collected from the users of the Moovy service by using camera technology, both for the duration of the parking event and for storage in the parking event log. This data is used to control the access control processes and to identify the customer. In addition, data collected of the parking event includes the parking facility or area used and the start and end times of the event. Furthermore, the registration number is used to charge the parking event to the correct customer.
We collect location data about parking sessions started in the application, i.e. where the parking takes place. Location data is also collected at camera-equipped parking facilities when the parking starts and ends. If you have allowed the app to access your device’s location services, the data will be used to provide our services and optimise them based on your location.
The register also contains data related to communication and customer service provision, such as customer service call recordings. On the basis of consent, the customer’s name and contact details can also be processed for mailing customer and marketing bulletins.
The customer’s name and contact details, their vehicle registration numbers, vehicle parking information, their order, billing, and payment details, and customer service call recordings may also be processed on the basis of the legitimate interest of the controller for the purposes of developing the Moovy service or to secure the legal status of the controller.
Personal data, such as information related to the customer’s payment transactions, may also be processed to the extent required by the Accounting Act in order for the controller to fulfil their statutory obligations.
By disclosing their personal data to Moovy, the customer consents to their data being processed in accordance with this privacy policy.
6. Regular sources of data
The register’s regular and primary source of data is the data collected from customers themselves. The customer’s personal and vehicle data are collected from the data subject in connection with their registration to and use of the Moovy service. In addition, customer data can be collected from the customer by telephone, return cards, via the Internet, by e-mail, or through other similar means. Furthermore, the registration number data of vehicles used for parking is also collected in connection with the use of the Moovy service using camera technology.
Customer data can also be collected with programmatic cookies, technical devices, or other similar technologies.
In case of suspected abuse in short-term parking, the contact details of the vehicle owner and holder may be collected from Traficom’s Vehicular and Driver Data Register.
7. Regular disclosures of data
Customer information can be disclosed to partners, such as city parking supervisors, and to other parties acting as processors of personal data on behalf of the controller, if the provision of the service so requires.
Personal data will not be disclosed to third parties for direct marketing purposes or for opinion or market surveys or other similar surveys without the express consent of the party concerned.
The registration number of a vehicle may be disclosed to parking supervision in connection with the use of the Moovy service for the purpose of determining the validity of the vehicle’s right to park, and to Traficom for the purpose of finding out the vehicle’s details and the address information of the owner or holder.
Register data can be disclosed to the authorities insofar as the authorities have the legal right to have them.
Personal data will not be disclosed except for the aforementioned purpose, unless otherwise provided by legislation.
Statistical service usage data may be disclosed to third parties in a format that does not allow for the identification of individual personal data.
8. Transfer of data outside the EU or EEA
The personal data processed by the controller is stored on a server located within the area of the European Union. However, personal data may be transferred outside the European Union/the European Economic Area (EU/EEA) if, for example, a service provider is located outside the EU/EEA. In these cases, the data controller shall ensure that the transfer of data is performed within the framework of appropriate data protection provisions, such as the adequacy decisions adopted by the EU Commission.
9. Cookies
Cookies are used to improve the customer experience of using the services and to collect information for analysis and marketing purposes. The cookie is stored on the mobile phone or computer used by the customer. The cookie helps the Moovy service to identify the customer’s mobile phone or computer. Cookies can be used to customise the service to better meet the customer’s needs. The customer can choose to block or disable cookies. Blocking the use of cookies may interfere with the use and operation of the Moovy service.
10. Data retention period
The customer’s personal data is stored only for the time required for the purpose of the processing or for as long as required of the controller by law. In general, personal data provided by the customer is stored until the end of the customer relationship. However, customer service call recordings are typically only stored for 12 months, unless legislation requires recordings to be stored for a longer period of time or unless the controller has a legitimate interest for continuing to store the data.
At the end of the customer relationship or if the customer submits a request for the erasure of their personal data to the controller, the personal data will be erased and information on parking events will be anonymised. However, the data will be stored for a longer period of time to the extent required by legislation (such as the Accounting Act) or the legitimate interest of the controller (such as the presentation of a legal claim on the controller’s receivables). Anonymised data may be stored until further notice.
11. Principles of register protection
Finnpark has an established information security policy. The information security policy defines the principles by which data is processed and protected.
The Moovy Service Parking and Customer Register is maintained as a technical recording by the controller or a party authorised by the controller within the EEA.
The information system is protected against external data breaches by appropriate technological safeguards. Access to the register is limited to individuals whose job description requires access to the register. Access to the register is monitored with user IDs and passwords. The controller’s personnel are under an obligation of confidentiality.
12. Right of access, rectification of data, and right to lodge a complaint
Customers have the right to access their register data free of charge once a year. For more frequent exercise of the right of access, the controller may charge a reasonable compensation covering any direct expenses to the controller. The request for access must be submitted to the aforementioned person managing the personal data register in writing. Prior to the disclosure of data, the customer’s identity is verified by a photo ID, or other required measures are taken to ensure that the data will not be disclosed to a party other than the customer.
If the customer finds that the personal data in the register is inaccurate, incomplete, or has been processed in violation of the purpose of the register or applicable legislation, the customer may use the e-mail address mentioned above to request the controller to rectify, block, restrict, or erase the personal data in question.
Where the processing of personal data is based on the customer’s consent, the customer may withdraw their consent at any time by notifying the controller either through the Moovy application or by using the controller’s aforementioned contact details. As the use of the Moovy service requires the processing of the customer’s personal data, the customer accepts that withdrawing consent to the processing of personal data may prevent them from using the service.
If the customer finds that their rights under the EU General Data Protection Regulation have been violated, they have the right to lodge a complaint with the supervisory authority. The supervisory authority is the Data Protection Ombudsman, Lintulahdenkuja 4, P.O. Box 800, FI-00531 Helsinki, tietosuoja@om.fi).
13. Direct marketing
With the customer’s consent, the controller may send the customer information about other services and products provided by Moovy and customer bulletins related to the use of the Moovy service as well as forward the customer’s data to the controller’s partners whose activities are related to the controller’s activities or offerings in some way, in order for them to send the customer offers concerning their own business.
The customer may withdraw their consent in the Moovy application.
14. Amendments
The controller reserves the right to amend or change the privacy policy at any time if so required by changes in the relevant data protection and privacy legislation. The controller encourages customers to regularly review the privacy policy to ensure that they have up-to-date information on how the controller processes their personal data.