7th Jan 2019
A-Katsastus Group Oy
Valimotie 9-11, 00380 Helsinki
PO Box 200, FI-00381 Helsinki, Finland
Contact person in matters related to the register
Name of register
Customer register of A-Katsastus Oy, Yksityiset K-Asemat Oy, Ajovarma Oy and A-Test & Consulting Oy
Purpose of the register
Customer data can be processed for the following purposes:
- management, development and analysis of customer relationships
- customer communication
- service provision
- verification of customer transactions
- development of customer service and business
- analysis and statistics
- other similar purposes
Customer data can also be processed in other Finnish companies belonging to the A-Katsastus Group. Registered data can be used, as permitted by the legislation, for direct advertising, distant sales or other direct marketing of companies belonging to the A-Katsastus Group or partners of A-Katsastus Group, opinion polls or market surveys or other similar addressed deliveries and customer communication, also in electronic channels.
Data content of the register
The register may contain the following data:
- Name of the customer
- Address, postal code and town/city
- Date of birth
- Email address
- Telephone number
- Possible permission and consent
- Revision history for customer data
- Customer number
- Customer identification
- Personal identity code (for identification purposes only in permit and insurance services )
- Vehicle registration number
- Other data collected with the customer’s consent
- Customer relationship data, such as invoicing and payment data, product and order data, customer feedback and queries, prize draw and competition data and cancellation data
Regular sources of data
Customer data can be obtained from customers during the customer relationship through the internet, in customer service situations, by telephone, via email or by other similar means. Updates in data concerning the name, address or death may also be obtained from officials and companies that provide update services.
Regular disclosure of data
The data controller may, within the scope permitted and obligated by the valid legislation, disclose data to its selected partners for marketing purposes, unless data subjects prevent their data from being disclosed in this manner.
Transfer of data outside the EU or EEA
Customer data is processed in accordance with the EU General Data Protection Regulation (GDPR). We require any partners located outside the EU or EEA to sign the EU-US Privacy Shield agreement or apply another practice accepted in accordance with the GDPR.
Principles of register protection
The customer register can only be used by those employees of the A-Katsastus Group or its service providers who need the data in their work-related tasks. These employees use personal usernames and passwords. Data is collected in databases that are protected by firewalls, passwords and other technological means. Databases and their backup copies are located in locked facilities, and they are under the management of the IT service provider in accordance with information security principles.
Right to access data, right to have any incorrect data rectified and right to have data erased
Customers have the right to access their data in the customer register. Requests to access data must be presented in person in the data controller’s locations. A request to access data can be presented free of charge once a year. Requests to access data will be responded to without any delay, usually within two weeks after receiving the request.
Customers have the right to refuse the use of their data for marketing or profiling and to request to have any incorrect data rectified. Customers also have the right to request to have their personal data erased from the customer register. It may not be possible to erase all personal data due to statutory obligations.
Requests concerning personal data (access, rectification, erasure) must be presented in person in the data controller’s locations.