Lahden Pysäköinti stores and processes personal data in accordance with the EU’s General Data Protection Regulation
(GDPR, in force as of 25 May 2018; prior to this Finland’s Personal Data Act 523/1999).
1. Data controller
Lahden Pysäköinti Ltd
Hämeenkatu 26 B, 15140 Lahti, Finland
Business ID 0855202-9,
2. Person responsible for matters related to the register
Vesa Lappi, email@example.com, +358 44 340 4042
3. Name of the register
Lahden Pysäköinti’s technical parking and customer register.
4. Purpose of data processing
The purpose of data processing is the administration, management and maintenance of the relationship between Lahden Pysäköinti and its customers.
In addition, vehicle registration numbers may be collected either with camera technology or as provided by the users. Vehicle registration numbers are collected for the duration of parking and stored in a parking log. Registration numbers are also used to control the parking system and to make entrance and departure easier for the user.
In parking control activities, vehicle registration numbers may be used to verify the right to park and to allocate the parking event to a particular customer. Personal data stored in the register may be used in the investigation of parking regulation violations observed in connection with the use of the parking services.
Data processing is based on the contract between the customer and Lahden Pysäköinti and Lahden Pysäköinti’s legitimate interest based on the customer relationship.
5. Data stored in the register
For seasonal, congress and contract parking customers, the data stored in the register consists of the vehicle registration number they provided, which is linked to the name, address, telephone numbers, email addresses, services ordered and used, products and order and invoicing information in the customer register. For electronic services, the username, password and other identifying information is stored. In addition, for company clients, the company’s business ID and contact person’s contact information are stored.
For each parking event, the register contains the vehicle registration number, possibly photographs of the registration plate, information on the parking facility/area used, and the start and end time for the parking event.
6. Standard data sources
For contract customers, personal and vehicle information is collected from the data subject in connection with registration. In addition, personal data may be collected from the customer by phone, with a customer card, online, by email or in another similar manner.
As part of its operations, the data controller collects information on the registration numbers of the parked vehicles, which is used to control access and identify customers.
In connection with violations of parking regulations in short-term parking, contact information for the person who owns or is in the possession of the vehicle may be collected from the Finnish Transport and Communications Agency’s vehicle register.
7. Disclosure of data
Customer data may be disclosed to a third party if necessary for the functioning of the service.
Personal data is not disclosed to third parties for the following purposes:
• direct marketing
• opinion polls, market research or other similar surveys.
Statistics on service use and customer information may be disclosed to third parties in a format that prevents the identification of individuals.
A vehicle registration number may be disclosed to the Finnish Transport and Communications Agency for the purpose of finding out vehicle information and the address of the person who owns or is in possession of the vehicle.
A vehicle registration number may be disclosed to parking control to verify
the validity of the parking permit.
Data in the register may be disclosed to authorities to the extent permitted by special legislation.
8. Transfer of data outside the EU or EEA
Data in the register is not disclosed or transferred outside the EU or EEA.
9. Storage of data
Personal data is stored for the time required for the purposes of data processing or as long as is required by legislation, or until a data subject requests the data controller to delete the data pertaining to the data subject, unless the data controller has the right to continue to store the data on the basis of legitimate interest.
10. Principles of data protection
The data controller’s information system and files are protected with technical protection methods typically used in business operations. The register can only be accessed with a username and password, which are only granted to data controller’s employees on the basis of their position and tasks.
11. Rights of the data subject
Data subjects have the right to inspect the data pertaining to them stored in our register.
The data can be inspected free of charge once a year.
Data subjects have the right to request that erroneous data be rectified or that the data be deleted (right to be forgotten).