Revised on 2 November 2020
Data controller
A-Katsastus Group Oy
Valimotie 9–11, 00380 Helsinki
PO Box 200, FI-00381 Helsinki, Finland
Contact person in matters related to the register
tietosuoja@a-katsastus.fi
Name of register
Consumer customer register of A-Katsastus Oy and Ajovarma Oy
Purpose of processing personal data and legal grounds for processing
Personal data included in the register can be processed for the following purposes:
Customer data can also be processed in other Finnish companies belonging to the A-Katsastus Group. Registered data can be used, as permitted by the legislation, for direct advertising, distant sales or other direct marketing of companies belonging to the A-Katsastus Group, opinion polls or market surveys or other similar addressed deliveries and customer communication, also in electronic channels, in accordance with the consent given by each customer.
Legal grounds for processing personal data include the data controller’s legitimate interests, the provision of services, consent given when ordering services or general consent.
Data content of the register
The register may contain the following data:
Regular sources of data
Customer data can be obtained from data subjects during the customer relationship through the internet, in customer service situations, by telephone, via email or by other similar means. Updates in data may also be obtained from officials and companies that provide update services.
Recipients of personal data
In order to provide services in accordance with the purpose of use, partners may also process personal data. Partners carry out technical services related to the register and offer IT systems connected to the use of the register.
Transfer of data outside the EU or EEA
We only use partners operating outside the EU or EEA to send reminders of vehicle inspections and other inspection messages via email to customers who have separately given their consent. Transferred data includes the customer’s email address and the message content (emails from A-Katsastus to customers). With regard to our partners operating outside the EU or EEA, we have ensured the protective measures required by the EU General Data Protection Regulation (GDPR) by adding standard contractual clauses adopted by the European Commission concerning the transfer of data to our agreements or by using other similar means approved in accordance with the GDPR.
Principles of register protection
The customer register can only be used by those employees of the A-Katsastus Group or its service providers who need the data in their work-related tasks. These employees use personal usernames and passwords. Data is collected in databases that are protected by firewalls, passwords and other technological means. Databases and their backup copies are located in locked facilities, and they are under the management of the IT service provider in accordance with information security principles.
Retention period for personal data
We will retain your personal data in our services until five years have elapsed from the most recent identifiable service event or for the statutory period, if it is longer.
Rights of data subjects
Customers have the following rights:
Data subjects can also present a complaint with the supervisory authority if they consider that the processing of their personal data is in breach of the applied data protection regulations.
Exercising the rights of data subjects
In order to exercise their rights, data subjects can contact by electronic form our customer service or send their request to the address indicated in this privacy policy.
It may not be possible to erase all personal data due to statutory obligations.
A-Katsastus Group reserves the right to modify this privacy policy as a result of service development or changes in legislation. This privacy policy supersedes the previous register description.
Revised on 19th March 2019
Data controller
A-Katsastus Group Oy
Contact person in matters related to the register
tietosuoja@a-katsastus.fi
Name of register
A-Katsastus Group’s telephone and email service register
Purpose of processing personal data
The register is used, with the customer’s consent, to serve customers of the A-Katsastus Group and its subsidiaries A-Katsastus Oy and Ajovarma Oy and to process customer feedback.
Data content of the register
The register contains recorded calls and email messages and identifiers related to these.
The register may contain the following personal data:
Regular sources of data
Data provided by customers by telephone or via email.
Recipients of personal data
In order to provide services in accordance with the purpose of use, partners may also process personal data. Partners carry out technical services related to the register and offer IT systems connected to the use of the register.
Data can be disclosed to the Finnish Transport and Communications Agency (Traficom) for queries related to services produced for it.
Transfer of data outside the EU or EEA
Data will not be transferred outside the EU or EEA.
Principles of register protection
The information security of the register and the confidentiality of personal data are verified by proper technological and administrative means following good data processing practices.
The system can only be used by those employees of the A-Katsastus Group or the service provider who need to process the data in their work-related tasks. Every user is authenticated in the system using their personal credentials that are provided in conjunction with the right to use the system. The right of use ends when an employee transfers to a new position from the position for which the right of use was provided. The secrecy and confidentiality obligation remains valid after the end of the tasks or service relationship in which data was processed.
Databases and their backup copies are located in locked facilities, and they can only be processed by designated employees of the data controller and IT service providers. Data is protected in accordance with legal provisions on the protection of electronic communications and the regulations and guidelines of the Finnish Communications Regulatory Authority (FICORA).
Rights of data subjects
Customers have the following rights:
Exercising the rights of data subjects
In order to exercise their rights, data subjects can contact by electronic form our customer service or send their request to the address indicated in this privacy policy.
It may not be possible to erase all personal data due to statutory obligations.
Retention of data
Data is retained for at most 210 days, after which it will be erased automatically. Data related to official assignments (Traficom) cannot be requested to be erased before the end of the retention period.
Revised on 19st March 2019
We use cookies and other similar technologies, such as local browser storage, on our website for the implementation of functions and analytics. Cookies are small text files sent between the browser and server.
We use Google Analytics, for example, to analyse the use of our website and related trends. Any data sent to Google is anonymised.