Privacy policy
Privacy policy for the consumer customer register of A-Katsastus Oy, Yksityiset K-Asemat Oy, A-Katsastuspiste Oy and Ajovarma Oy
Revised on 19 March 2019
Data controller
A-Katsastus Group Oy
Valimotie 9–11, 00380 Helsinki
PO Box 200, FI-00381 Helsinki, Finland
Contact person in matters related to the register
tietosuoja@a-katsastus.fi
Name of register
Consumer customer register of A-Katsastus Oy, Yksityiset K-Asemat Oy, Ajovarma Oy and A-Katsastuspiste Oy
Purpose of processing personal data and legal grounds for processing
Personal data included in the register can be processed for the following purposes:
- management, development and analysis of customer relationships
- customer communication
- service provision
- verification of customer transactions
- development of customer service and business
- marketing
- analysis and statistics
Customer data can also be processed in other Finnish companies belonging to the A-Katsastus Group. Registered data can be used, as permitted by the legislation, for direct advertising, distant sales or other direct marketing of companies belonging to the A-Katsastus Group, opinion polls or market surveys or other similar addressed deliveries and customer communication, also in electronic channels, in accordance with the consent given by each customer.
Legal grounds for processing personal data include the data controller’s legitimate interests, the provision of services, consent given when ordering services or general consent.
Data content of the register
The register may contain the following data:
- Name of the customer
- Address, postal code and town/city
- Date of birth
- Email address
- Telephone number
- Marketing and contact permissions
- Revision history for customer data
- Customer number
- Personal identity code (for identification purposes only; not saved in the register in plain text)
- Vehicle registration number
- Customer relationship data, such as invoicing and payment data, product and order data, customer feedback and queries, prize draw and competition data, and appointment data
Regular sources of data
Customer data can be obtained from data subjects during the customer relationship through the internet, in customer service situations, by telephone, via email or by other similar means. Updates in data may also be obtained from officials and companies that provide update services.
Recipients of personal data
In order to provide services in accordance with the purpose of use, partners may also process personal data. Partners carry out technical services related to the register and offer IT systems connected to the use of the register.
Transfer of data outside the EU or EEA
Some of our partners also operate outside the EU or EEA. We require any partners located outside the EU or EEA to sign the EU-US Privacy Shield agreement or another agreement accepted for the processing of personal data in accordance with the GDPR.
Principles of register protection
The customer register can only be used by those employees of the A-Katsastus Group or its service providers who need the data in their work-related tasks. These employees use personal usernames and passwords. Data is collected in databases that are protected by firewalls, passwords and other technological means. Databases and their backup copies are located in locked facilities, and they are under the management of the IT service provider in accordance with information security principles.
Retention period for personal data
We will retain your personal data in our services until five years have elapsed from the most recent identifiable service event or for the statutory period, if it is longer.
Rights of data subjects
Customers have the following rights:
- Right to withdraw consent given to the processing of personal data
- Right to access their personal data
- Right to have their personal data rectified
- Right to have their personal data erased if legal grounds for processing no longer apply
- Right to object to the processing of their personal data if the processing of personal data is based on the data controller’s legitimate interests. In addition, customers can object to the processing of personal data for direct marketing purposes at any time.
- Right to have the processing of their personal data restricted if the data subject contests the accuracy of their personal data or considers the processing of their personal data to be illegal, or if an action related to objecting the processing of personal data is pending
Data subjects can also present a complaint with the supervisory authority if they consider that the processing of their personal data is in breach of the applied data protection regulations.
Exercising the rights of data subjects
In order to exercise their rights, data subjects can contact our customer service or send their request to the address indicated in this privacy policy. Extensive requests (such as requests to access data or have data erased) require that they are presented in person in one of the data controller’s locations.
It may not be possible to erase all personal data due to statutory obligations.
A-Katsastus Group reserves the right to modify this privacy policy as a result of service development or changes in legislation. This privacy policy supersedes the previous register description.
A-Katsastus Group’s telephone and email service register
Revised on 19th March 2019
Data controller
A-Katsastus Group Oy
Contact person in matters related to the register
tietosuoja@a-katsastus.fi
Name of register
A-Katsastus Group’s telephone and email service register
Purpose of processing personal data
The register is used, with the customer’s consent, to serve customers of the A-Katsastus Group and its subsidiaries A-Katsastus Oy, Yksityiset K-Asemat Oy, A-Katsastuspiste Oy, Ajovarma Oy, Finnish Loss Survey SVT Ltd, A-Test & Consulting Oy and InCar Oy, and to process customer feedback.
Data content of the register
The register contains recorded calls and email messages and identifiers related to these.
The register may contain the following personal data:
- Email address
- Telephone number
- Personal data provided by customers during calls or in email messages, such as
- name
- Personal identity code or date of birth
- Address
- Registration number
Regular sources of data
Data provided by customers by telephone or via email.
Recipients of personal data
In order to provide services in accordance with the purpose of use, partners may also process personal data. Partners carry out technical services related to the register and offer IT systems connected to the use of the register.
Data can be disclosed to the Finnish Transport and Communications Agency (Traficom) for queries related to services produced for it.
Transfer of data outside the EU or EEA
Some of our partners also operate outside the EU or EEA. We require any partners located outside the EU or EEA to sign the EU-US Privacy Shield agreement or another agreement accepted for the processing of personal data in accordance with the GDPR
Principles of register protection
The information security of the register and the confidentiality of personal data are verified by proper technological and administrative means following good data processing practices.
The system can only be used by those employees of the A-Katsastus Group or the service provider who need to process the data in their work-related tasks. Every user is authenticated in the system using their personal credentials that are provided in conjunction with the right to use the system. The right of use ends when an employee transfers to a new position from the position for which the right of use was provided. The secrecy and confidentiality obligation remains valid after the end of the tasks or service relationship in which data was processed.
Databases and their backup copies are located in locked facilities, and they can only be processed by designated employees of the data controller and IT service providers. Data is protected in accordance with legal provisions on the protection of electronic communications and the regulations and guidelines of the Finnish Communications Regulatory Authority (FICORA).
Rights of data subjects
Customers have the following rights:
- Right to withdraw consent given to the processing of personal data
- Right to access their personal data
- Right to have their personal data rectified
- Right to have their personal data erased if legal grounds for processing no longer apply
- Right to object to the processing of their personal data if the processing of personal data is based on the data controller’s legitimate interests. In addition, customers can object to the processing of personal data for direct marketing purposes at any time.
- Right to have the processing of their personal data restricted if the data subject contests the accuracy of their personal data or considers the processing of their personal data to be illegal, or if an action related to objecting the processing of personal data is pending
Exercising the rights of data subjects
In order to exercise their rights, data subjects can contact our customer service or send their request to the address indicated in this privacy policy. Extensive requests (such as requests to access data) may require that they are presented in person in one of the data controller’s locations.
It may not be possible to erase all personal data due to statutory obligations.
Retention of data
Data is retained for at most 210 days, after which it will be erased automatically. Data related to official assignments (Traficom) cannot be requested to be erased before the end of the retention period.
Note concerning cookies
Revised on 19st March 2019
We use cookies and other similar technologies, such as local browser storage, on our website for the implementation of functions and analytics. Cookies are small text files sent between the browser and server.
We use Google Analytics, for example, to analyse the use of our website and related trends. Any data sent to Google is anonymised.
Our payment service is provided by Klarna. Please also read the Klarna cookie policy.