Privacy policy

Privacy policy for the customer register of A-Katsastus Oy, Yksityiset K-Asemat Oy, Ajovarma Oy and A-Test & Consulting Oy

Data controller

A-Katsastus Group Oy

Valimotie 9-11, 00380 Helsinki

PO Box 200, FI-00381 Helsinki, Finland

Contact person in matters related to the register

tietosuoja@a-katsastus.fi

Name of register

Customer register of A-Katsastus Oy, Yksityiset K-Asemat Oy, Ajovarma Oy and A-Test & Consulting Oy

Purpose of the register

Customer data can be processed for the following purposes:

  • management, development and analysis of customer relationships
  • customer communication
  • service provision
  • verification of customer transactions
  • development of customer service and business
  • marketing
  • analysis and statistics
  • other similar purposes

Customer data can also be processed in other Finnish companies belonging to the A-Katsastus Group. Registered data can be used, as permitted by the legislation, for direct advertising, distant sales or other direct marketing of companies belonging to the A-Katsastus Group or partners of A-Katsastus Group, opinion polls or market surveys or other similar addressed deliveries and customer communication, also in electronic channels.

Data content of the register

The register may contain the following data:

  • Name of the customer
  • Address, postal code and town/city
  • Date of birth
  • Email address
  • Telephone number
  • Possible permission and consent
  • Revision history for customer data
  • Customer number
  • Customer identification
  • Personal identity code (for identification purposes only in permit and insurance services )
  • Vehicle registration number
  • Other data collected with the customer’s consent
  • Customer relationship data, such as invoicing and payment data, product and order data, customer feedback and queries, prize draw and competition data and cancellation data

Regular sources of data

Customer data can be obtained from customers during the customer relationship through the internet, in customer service situations, by telephone, via email or by other similar means. Updates in data concerning the name, address or death may also be obtained from officials and companies that provide update services.

Regular disclosure of data

The data controller may, within the scope permitted and obligated by the valid legislation, disclose data to its selected partners for marketing purposes, unless data subjects prevent their data from being disclosed in this manner.

Transfer of data outside the EU or EEA

Customer data is processed in accordance with the EU General Data Protection Regulation (GDPR). We require any partners located outside the EU or EEA to sign the EU-US Privacy Shield agreement or apply another practice accepted in accordance with the GDPR.

Principles of register protection

The customer register can only be used by those employees of the A-Katsastus Group or its service providers who need the data in their work-related tasks. These employees use personal usernames and passwords. Data is collected in databases that are protected by firewalls, passwords and other technological means. Databases and their backup copies are located in locked facilities, and they are under the management of the IT service provider in accordance with information security principles.

Right to access data, right to have any incorrect data rectified and right to have data erased

Customers have the right to access their data in the customer register. Requests to access data must be presented in person in the data controller’s locations. A request to access data can be presented free of charge once a year. Requests to access data will be responded to without any delay, usually within two weeks after receiving the request.

Customers have the right to refuse the use of their data for marketing or profiling and to request to have any incorrect data rectified. Customers also have the right to request to have their personal data erased from the customer register. It may not be possible to erase all personal data due to statutory obligations.

Requests concerning personal data (access, rectification, erasure) must be presented in person in the data controller’s locations.

A-Katsastus Group reserves the right to modify this privacy policy as a result of service development or changes in legislation. This privacy policy supersedes the previous register description.

A-Katsastus Group’s telephone and email service register

 
Data controller 
 
A-Katsastus Group Oy 
 
Contact person in matters related to the register 
 
tietosuoja@a-katsastus.fi
 
Name of register 
 
A-Katsastus Group’s telephone and email service register
 
Purpose of processing personal data 
 
The register is used, with the customer’s consent, to serve customers of the A-Katsastus Group and its subsidiaries A-Katsastus Oy, Yksityiset K-Asemat Oy, Ajovarma Oy, Finnish Loss Survey SVT Ltd, A-Test & Consulting Oy and InCar Oy, and to process customer feedback.
 
Data content of the register 
 
The register contains recorded calls and email messages and identifiers related to these. 
 
The register may contain the following personal data:
 
  • Personal identity code or date of birth
  • First name
  • Last name
  • Email address
  • Telephone number
  • Street address
  • Postal code
  • Town/city
  • Registration number
  • Possible sensitive data 
 
Regular sources of data 
 
Data provided by customers by telephone or via email.
 
Regular disclosure of data 
 
Data can be disclosed to the Finnish Transport Safety Agency (Trafi) for queries related to services produced for Trafi.
 
Transfer of data outside the EU or EEA 
 
Customer data is processed in accordance with the EU General Data Protection Regulation (GDPR). We require any partners located outside the EU or EEA to sign the EU-US Privacy Shield agreement or apply another practice accepted in accordance with the GDPR.
 
Principles of register protection 
 
MANUAL MATERIAL
 
No manual material is generated from the register.
 
ELECTRONIC DATA
 
The information security of the register and the confidentiality of personal data are verified by proper technological and administrative means following good data processing practices.
The system can only be used by those employees of the A-Katsastus Group or the service provider who need to process the data in their work-related tasks. Every user is authenticated in the system using their personal credentials that are provided in conjunction with the right to use the system. The right of use ends when an employee transfers to a new position from the position for which the right of use was provided. The secrecy and confidentiality obligation remains valid after the end of the tasks or service relationship in which data was processed.
Databases and their backup copies are located in locked facilities, and they can only be processed by designated employees of the data controller and IT service providers. Data is protected in accordance with legal provisions on the protection of electronic communications and the regulations and guidelines of the Finnish Communications Regulatory Authority (FICORA).
 
Right of data subjects to access data 
 
Data subjects have the right to access their data saved in the register. Requests to access data must be presented in person in the data controller’s location. A data subject who exercises their right to access data must prove their identity. The right to access data can be used free of charge once during a calendar year.
Right of data subjects to have data rectified
If the registered data is incorrect, data subjects have the right to request to have their data rectified. These requests must be presented in person in the data controller’s location.
 
Right of data subjects to have data erased 
 
Data is retained for at most 210 days, after which it will be erased automatically. Data related to official assignments (Trafi) cannot be requested to be erased before the end of the retention period.

Note concerning cookies

We use cookies and corresponding techniques such as local storage on our sites for functionality and analytics. Cookies are small text files shared between browser and server.

We make use of Google Analytics to analyze usage and trends on our site. The data sent to Google is anonymized.