1. Data Controller

 

ParkkiPate Oy (2707938-8)
PO Box 73, 00701 Helsinki
tietosuoja@parkkipate.fi, +358 20 721 8499

 

2. Register name

 

ParkkiPate Oy / Complaints, data protection and control register for matters concerning parking and control fees

​

3. Purpose and justification for the processing of personal data

 

The basis for processing personal data is the ParkkiPate Oy’s legitimate interest on the basis of the customer relationship or other appropriate connection or the fulfilment of the agreement. ParkkiPate Oy uses the personal data collected for the purpose of verifying the validity of parking permits and examining the basis of complaints or any private parking control fees issued by the company. The data are also used in any court proceedings related to cases of payment defaults and in connection with requests concerning data protection.

 

The register may also be used to fulfil legal obligations or obligations based on official regulations.

 

4. Storage of personal data

​

We will store your personal data for as long as is necessary. The duration of the storage period is determined according to the legal basis for processing personal data. Once the legal basis for processing personal data is no longer valid, the data will be deleted in their entirety and will no longer be available in any of our databases. When processing your personal data, we will not process the data by means of automated decision-making as specified in the General Data Protection Regulation.

​

By default, the personal data entered in the register (including data obtained through reclamation processes and data concerning parking permits) will be stored for 3 years from the date of their entry as specified in the Act on the Statute of Limitations on Debt (728/2003). The data will be erased or anonymised before this deadline if the data proves to be redundant before the specified date or if processing the data for the specified period of 3 years would be contrary to privacy protection legislation due to a change in circumstances.

​

The table below lists exceptions to the general rule of the 3-year data storage period:

​

​

​

​

​

​

​

​

​

​

 

 

 

 

 

 

 

 

 

 

​

Due to the obligations outlined in accounting legislation, by default the data concerning the payment of control fees will be stored for six years from the end of the calendar year during which the financial year has ended. For example, if a control fee has not been paid due to a challenge related to our claim or another reason, it is very likely that the claim will be ultimately recovered through judicial proceedings. Several factors have an impact on the court proceedings related to claims, for example: a) the expected processing time, b) alternative dispute settlement methods and their effectiveness, c) the content of current legislation and official practices and d) the present resources currently available for the proceedings related to the challenge. The data will be stored for as long as the possibility of potential judicial proceedings exists. In practice, this means that the aim is to bring all matters to a court within the deadlines of three and ten years as specified in the Act on the Statute of Limitations on Debt (728/2003)

 

5. Register contents

​

ParkkiPate Oy records the following data depending on the purpose of processing:

​

• digital photographs taken of a vehicle,

• vehicle registration number, model and make,

• the site and period of validity of a parking permit,

• the definitions related to a parking permit,

• the name, contact details and other information disclosed by a person registered for the reclamation process (including electronic and manual correspondence and telephone conversations).

• the names, email addresses, vehicle registration numbers added by users to the OmaRuutu application and, for users who have chosen to pay by invoice, the invoicing information.

 

The register also contains the basis for a private control fee, any measures taken concerning the case and data obtained from authorities.

​

6. Regular sources of information

​

ParkkiPate Oy obtains private control fee data (including digital photographs of vehicles) from its traffic wardens. ParkkiPate Oy photographs vehicles parked in its control areas in order to perform its parking control duties. ParkkiPate Oy may photograph vehicles to prove improper or unauthorised parking or monitor individual vehicles’ parking time. If a vehicle is photographed for time monitoring purposes and the vehicle owner is not issued a control fee, the photographs taken of the vehicle will be automatically deleted from all ParkkiPate Oy systems within 48 hours. Data is also obtained directly from the data subjects through parking permit registration and reclamation processes.

​

Data can also be obtained from private car park holders or owners who are clients of ParkkiPate Oy when they enter parking permits into ParkkiPate Oy’s systems. The data recorded in the parking permit include the vehicle registration number and any definitions, such as identification data. When registering parking permits, the clients act as data processors in accordance with the agreement between the Data Controller and the processor.

​

Data is also obtained directly from the data subjects through parking permit registration and reclamation processes.

​

7. Regular disclosure of data

​

Personal data is disclosed to debt collection agencies operating in Finland for debt collection purposes. Personal data is also shared between parent companies and subsidiaries within the group. Personal data may also be disclosed to our franchisees.

​

Data may also be transferred with limitations to holders of parking sites who are clients of the Data Controller and act as processors of such data.

​

Furthermore, data is disclosed to data subjects and various authorities under existing laws. Personal data may also be disclosed under other legal circumstances. Personal data may also be disclosed to IT support personnel.

​

8. Transfer of data outside the EU or the EEA

​

Personal data is not disclosed outside the European Union or the European Economic Area, unless existing legislation so requires.

​

9. Principles of protection

​

The company premises are equipped with a surveillance and alarm system. All written material is stored in secure facilities. This material is stored for a period of time defined by existing laws. Personal data is only processed by employees responsible for our reclamation process.

​

Data recorded in the register is considered confidential. Our employees have agreed to maintain professional secrecy regarding any information they obtain in the course of their work. Access to the register requires entering a personal user ID and password. An employee’s access right to the register is revoked at the end of their employment relationship. Personal data is only processed by employees responsible for our reclamation process.

​

10. Right to access

​

Data subjects have the right to access and review their personal data recorded in the customer register. In order to access their data, a data subject can submit a request on the website of ParkkiPate Oy or via email at tietosuoja@parkkipate.fi. ParkkiPate Oy provides the data subject with their data and informs them of the data sources, purpose of processing their data and to whom their data may be disclosed. The request must include identification data necessary for finding the data subject’s personal data in the register.

​

Requests to access personal data may also be sent to the following address:

ParkkiPate Oy, PO Box 73, 00701 Helsinki

​

11. Right to rectification

​

Data subjects have the right to demand the rectification of inaccurate personal data concerning them. In order to rectify their data, a data subject can submit a request on the website of ParkkiPate Oy or via email at tietosuoja@parkkipate.fi. The request must include identification data necessary for finding the data subject’s personal data in the register as well as the changes to be made to the data.

​

12. Other rights related to the processing of personal data

​

In certain cases, data subjects have the right to have the data controller erase data concerning them. In order to have their data erased, a data subject can submit a request on the website of ParkkiPate Oy or via email at tietosuoja@parkkipate.fi.

​

13. Cookie Policy

​

1. How do you ask users for cookie consent? How can I refuse the storage and use of cookies?

​

Our Cookiebot prompts anyone visiting our website to consent to cookies. Strictly necessary cookies are always active, but the user may accept or refuse the rest of the cookies.

​

The user may refuse the storage and use of cookies by selecting “Use necessary cookies only” or “Allow selection”.

​

2. How do you verify that the website users have consented to the use of cookies?

​

After a user has accepted/refused cookies, a unique, random, anonymous and encrypted identification mark is created for them, e.g. 3Dh80w05hREDhmrLDYGohKkkmAJ4IeJ/tY005RQK+7kLKuguGnBliQ==. The date and time of approval is shown below the identification mark. The user may change their cookie preferences or revoke the approval of non-essential cookies at any point at parkkipate.fi/evasteet. After this, a new unique, random, anonymous and encrypted identification mark is created for them.

​

We can verify a user’s cookie consent via the Cookiebot admin panel against the identification mark and approval date.

We can generate a daily consent log and filter a specific user’s activity from the list using their identification mark and approval date. This allows us to verify that the identification mark we have created, e.g.  3Dh80w05hREDhmrLDYGohKkkmAJ4IeJ/tY005RQK+7kLKuguGnBliQ==, has consented to the use of cookies.

​

This approach ensures that the data of our website users remains completely anonymous until a user or a competent authority compels the disclosure of the user’s identity. A unique, random, anonymous and encrypted identification mark also guarantees that a user’s existing consent state cannot be changed by the user themselves or a malicious third party without a trace. Cookiebot generates a new identification mark whenever a user changes their consent state and the previous consent state remains in the log.

​

3. How can I use the website if I do not accept cookies?

​

This does not concern our parkkipate.fi and reklamaatio.parkkipate.fi websites, because strictly necessary cookies must always be accepted.

​

4. How can I use the website if I have blocked all cookies?

​

Even if a user has technically blocked all cookies, strictly necessary cookies will still remain active.

​

If a user tries to change their consent state by selecting “Manage consent preferences”, their browser will prompt them to unblock cookies.

​

5. How do you manage a user’s cookie consent? How and for how long is a user’s cookie consent stored?

​

How do you manage and store a user’s cookie consent?  Cookiebot stores a user’s cookie consent in the consent log automatically. Only one person in our company has access to this log.

​

Cookiebot stores the following data:

• a user’s anonymised IP address (three final numbers are replaced with zeros), e.g. 199.238.0.0

• date and time of consent

• browser data e.g. Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36

• the URL where the user gave their consent, e.g. https://parkkipate.fi

• the user’s unique, random, anonymous and encrypted identification mark

• the user’s consent state which confirms that the user has given their consent.

 

If necessary, we can demonstrate our users’ cookie consent to the authorities. Our Cookiebot server is located in Ireland and it is subject to EU legislation.

​

Cookiebot saves a “CookieConsent” cookie to the website user’s browser. This cookie contains the user’s unique, random, anonymous and encrypted identification mark and consent state. This way our website respects the existing consent state of all our users automatically. The same information is transferred to the consent log on our Cookiebot server through an encrypted connection.

​

How long is a user’s cookie consent stored for? The “CookieConsent” cookie will remain in the browser automatically for 12 months, after which the user will be requested to accept cookies again, unless:

• the user erases/removes cookies from their browser

• we change our cookie policy or add/remove cookies. In such cases, we will force the user to update their consent state to make it comply with the new cookie policy. Only strictly necessary cookies remain active until the user has accepted/refused our cookies.