Privacy policy

1. Controller

Company name: Finnpark Oy
Company postal address: P.O. Box 15, 33211 Tampere
Business ID: 0155063-7
Email for register inquiries:

2. Contact Person

Name: Mikko Paavola
Telephone: +358 3 387 800

3. Name of the Register

Moovy Service Parking and Customer Register

4. The Purpose of Processing Personal Data

The purpose of processing the personal data contained in the Moovy Service Parking and Customer Register is to handle, manage and maintain the customer relationship of the customer using the Moovy service, customer contract, invoicing information and access rights management, customer transaction verification, customer service and business development, marketing, analysis and statistics, and opinion and market research

Vehicle license plate numbers are also processed to allocate the customer’s parking transaction charge to that customer, in addition to which an access control is set up and they are used to control access control devices and make the customer’s entry and exit smoother. The vehicle license plate number can also be used in parking enforcement to check the parking permit and to allocate a parking transaction to the customer.

The personal data in the register can be used to investigate abuses that have occurred in association with the parking service.
Use of the Moovy digital service through the Moovy application requires the provision of personal data. The processing of personal data is based on national law and the EU General Data Protection Regulation (GDPR). The processing of personal data is based on the customer’s consent, the contract between the customer and Finnpark Oy and the legitimate interest of Finnpark Oy based on the customer’s customer relationship.

Personal data will only be processed to the extent necessary for the controller’s business and the provision of services. Where the processing of personal data is based on the customer’s consent, the customer has the right to withdraw their consent at any time. However, the withdrawal of consent shall not affect the lawfulness of the processing prior to the withdrawal.

5. Persons and Groups to Be Registered, and Related Data and Data Groups

Personal data is collected and processed of the customers of Finnpark Oy, who disclose their personal data when registering for the Moovy service.

The license plate number of the vehicle specified by the customer is stored in the register, which is associated with the customer’s name, address, telephone numbers, email addresses and the services, products and invoicing information subscribed and used by the customer. The customer’s location data, as well as the driving license category and technical information about the vehicle can also be stored if necessary. The electronic services store a username, password and any other possible unique identifier. In addition, for corporate customers, the company’s business ID and contact information of the contact person are stored in the register.

In addition, photographs of the license plate numbers of vehicles used for parking may be collected from the users of the Moovy service technically by using camera technology, both for the duration of the parking event and for storage in the parking event log. This information is used to control access control and to identify the customer.  In addition, information on the parking facility or area used and the start and end time of the parking is collected from the parking event. The license plate number is also used to allocate the parking transaction charge to that customer.

The register also contains information related to the implementation of communications and customer service, as well as information on the use of services, such as browsing and search information, recorded customer service calls and any profiling and interest information provided by the customer.

By submitting the personal data to Moovy, the customer agrees that the information will be used in accordance with this Privacy Policy.

6. Regular Data Sources

The regular and main source of data in the register is the data collected from customers themselves. Customers’ personal and vehicle data is collected from the data subjects when registering with the Moovy service. In addition, customer data may also be collected from the customer by telephone, return card, via the Internet, email or other similar means.

Data on the customer and the vehicle used by the customer, its license plate numbers and the customer’s driving license category can also be retrieved from the vehicle traffic register maintained by Traficom, the population information system, the postal address information system and other similar private and public registers.

Customer data may also be collected through software cookies or technical devices or other similar technologies.

In association with suspected misuse in short-term parking, the contact information of the vehicle owner and proprietor can be collected from the vehicle traffic register maintained by Traficom.

7. Regular Disclosure of Data

Customer data is disclosed to partners, such as city parking supervisors, as well as to other parties if the operation of the service so requires.
Personal data will not be disclosed to third parties without the express consent of the party concerned for direct marketing purposes or for opinion or market research or other similar surveys.

However, the vehicle license plate number may be handed over to parking enforcement to determine the validity of the vehicle’s parking permit and the vehicle license plate number may be handed over to Traficom to find out the vehicle information and the owner’s or proprietor’s address information. Customer’s personal data can also be handed over to Traficom in order to find out the customer’s driving license category.

The data in the register may be disclosed to public authorities in the manner in which public authorities are entitled to do so under specific legislation.

Personal data will not be disclosed except for the aforementioned purposes, unless otherwise provided by the law.
Statistical service usage data may be disclosed to third parties in a form that does not identify personally identifiable information.

8. Transfer of Data Outside the EU or EEA

The data in the register will not be transferred or disclosed outside the EU or the EEA.

9. Cookies

Cookies are used to improve the customer experience of the services and to collect information for analysis and marketing purposes. The cookie is stored on the mobile phone or computer used by the customer. The cookie is used by the Moovy service to identify the customer’s mobile phone or computer. Cookies can be used to tailor the service to better meet the customer’s needs. You may refuse or disable the use of cookies. Disabling the use of cookies may interfere with the use and operation of the Moovy service.

10. Data Retention Period

The customer’s personal data shall be retained only for the time required by the purpose of the processing or for as long as required by law from the controller or until the customer requests the deletion of their personal data to the controller, unless the controller is required to retain the data or the controller has a legitimate interest.

11. Principles of Register Protection

Finnpark has a data security policy in place. The data security policy defines the principles by which data is processed and how data is protected.

Moovy parking and customer register is maintained as a technical record by the register controller or a party authorized by them in the EEA. The information system is protected using appropriate technical means against external intrusions. Only persons assigned to use the register can use it. The use of the register is monitored with user-specific usernames and passwords. The personnel of the controller have an obligation of secrecy.

12. Right of Inspection and Rectification of Data and Right of Appeal

The customer has the right to have access to their own data in the register free of charge once a year. Any exercise of the right of inspection more frequently than this may be subject to a reasonable and direct compensation to the controller. A written and signed request for inspection must be submitted to the aforementioned person in charge of the personal register. Prior to the disclosure, the customer’s identity will be verified by means of a photo ID or other required measures will be taken to ensure that the data is not disclosed to anyone other than the customer.

If the customer finds that the personal data in the registers is incorrect, incomplete or has been processed contrary to the purpose of the register or applicable law, the customer may use the aforementioned email address to request the controller to correct, block, restrict or delete such personal data.

If the processing of personal data is based on the customer’s consent, the customer may at any time revoke their consent by notifying the data controller either through the Moovy application or using the data controller’s contact information mentioned above. As the use of the Moovy service requires the processing of the customer’s personal data, the customer accepts that the withdrawal of the consent to the processing of personal data may prevent the customer from using the service.

If the customer finds that their rights under the EU General Data Protection Regulation have been violated, they have the right to lodge a complaint with the supervisory authorities.

13. Direct Marketing

With the customer’s consent, the controller may send the customer notices about other services and products provided by Moovy and customer notices about the use of the Moovy service and pass the customer’s information to such partners of the controller whose activities are in some way related to the controller’s activities or offers.

The customer may revoke the consent in Moovy.

14. Amendments

The controller reserves the right to correct or amend the Privacy Policy at any time if changes in the relevant data protection and privacy legislation so require. The controller recommends to its customers that they review the Privacy Policy at regular intervals so that they have up-to-date information on how the controller processes their personal data.