1. Data Controller
ParkkiPate Oy (2707938-8)
PO Box 73, 00701 Helsinki
[email protected], +358 20 7218499
2. Register name
ParkkiPate Oy / Reklamaatio-, tietosuoja- ja valvontarekisteri valvontamaksuasioissa
3. Purpose of processing personal data
ParkkiPate Oy uses the personal data collected for the purpose of verifying the validity of parking rights and examining the basis of complaints or any private parking control fees issued by the company. The data are also used in any judicial proceedings related to cases of failure to make payments.
The register may also be used to fulfil legal obligations or obligations based on official regulations.
4. Storage of personal data
We will store your personal data for as long as is necessary. The duration of the storage period is determined according to the legal basis for processing personal data. Once the legal basis for processing personal data is no longer valid, the data will be deleted in their entirety and will no longer be available in any of our databases. When processing your personal data, we will not process the data by means of automated decision-making as specified in the General Data Protection Regulation.
Due to the obligations outlined in accounting legislation, by default, the data concerning matters related to control fees will be stored for six years from the end of the calendar year during which the financial year has ended. For example, if a control fee has not been paid due to a challenge related to our claim or another reason, it is very likely that the claim will be ultimately recovered through judicial proceedings. Several factors have an impact on the judicial proceedings related to claims, for example: a) the expected processing time, b) alternative dispute settlement methods and their functionality, c) the content of current legislation and official practices and d) the present resources currently available for the proceedings related to the challenge. The data will be stored for as long as the possibility of potential judicial proceedings exists. In practice, this means that the aim is to bring all matters to a court within the deadlines of three and ten years as specified in the act on the expiration of debt (728/2003).
5. Register contents
ParkkiPate Oy records the following data depending on the purpose of processing:
- digital photos taken of a vehicle,
- vehicle register number, model and make,
- the name, contact details and other information disclosed by a person registered for the reclamation process (including electronic and manual correspondence and telephone conversations).
The register also contains the basis for a private control fee, any measures taken concerning the case and data obtained from authorities.
6. Regular sources of information
ParkkiPate Oy obtains private control fee data (including digital photos of vehicles) from its traffic wardens. ParkkiPate Oy photographs vehicles parked in its control areas in order to perform its parking control duties. ParkkiPate Oy may photograph vehicles e.g. to prove improper or unauthorised parking or monitor individual vehicles’ parking time. If a vehicle is photographed for monitoring purposes and the vehicle owner is not issued a control fee, the photos taken of the vehicle will be automatically deleted from all ParkkiPate Oy systems within 48 hours. Data is also obtained directly from the data subjects through parking permit registration and reclamation processes.
7. Regular disclosure of data
Personal data is disclosed to debt collection agencies operating in Finland for debt collection purposes. Personal data is also shared between the group company’s parent company and subsidiaries. Personal data may also be disclosed to our franchisees.
Furthermore, data is disclosed to data subjects and various authorities under existing laws. Personal data may also be disclosed under other legal circumstances. Personal data may be disclosed to IT support personnel.
8. Transfer of data outside the EU or the EEA
Personal data is not disclosed outside the European Union or the European Economic Area, unless existing legislation so requires.
9. Principles of protection
A surveillance and alarm system has been installed on the company premises. All written material is stored in secure facilities. This material is stored for
a period of time defined by existing laws. Personal data is only processed by employees responsible for our reclamation process.
Data recorded in the register is considered confidential. Our employees have agreed to maintain professional secrecy regarding any information they obtain in the course of their work. Access to the register requires entering a personal user ID and password. An employee’s access right to the register is revoked at the end of their employment relationship. Personal data is only processed by employees responsible for our reclamation process.
10. Right to access
Data subjects have the right to access and review their personal data recorded in the customer register. In order to access their data, a data subject must submit a request on the website of ParkkiPate Oy or e.g. via email at [email protected] ParkkiPate Oy provides the data subject with their data and informs them of the data sources, purpose of processing their data and to whom their data may be disclosed. The request must include identification data necessary for finding the data subject’s personal data in the register.
Requests to access personal data may also be sent to the following address:
ParkkiPate Oy, PO Box 73, 00701 Helsinki
11. Right to rectification
Data subjects have the right to demand the rectification of inaccurate personal data concerning them. In order to rectify their data, a data subject must submit a request on the website of ParkkiPate Oy or e.g. via email at [email protected] The request must include identification data necessary for finding the data subject’s personal data in the register as well as the changes to be made to the data.
12. Other rights related to the processing of personal data
In certain cases, data subjects have the right to have the data controller erase data concerning them. In order to have their data erased, a data subject must submit a request on the website of ParkkiPate Oy or e.g. via email at [email protected]
Our Cookiebot prompts anyone visiting our website to consent to cookies. Strictly necessary cookies are always active, but the user may accept or refuse the rest of the cookies.
After a user has accepted/refused cookies, a unique, random, anonymous and encrypted identification mark is created for them, e.g. 3Dh80w05hREDhmrLDYGohKkkmAJ4IeJ/tY005RQK+7kLKuguGnBliQ==. The date and time of approval is shown below the identification mark. The user may change their cookie preferences or revoke the approval of non-essential cookies at any point at parkkipate.fi/evasteet. After this, a new unique, random, anonymous and encrypted identification mark is created for them.
We can verify a user’s cookie consent via the Cookiebot admin panel against the identification mark and approval date.
This approach ensures that the data of our website users remains completely anonymous until a user or a competent authority compels the disclosure of the user’s identity. A unique, random, anonymous and encrypted identification mark also guarantees that a user’s existing consent state cannot be changed by the user themselves or a malicious third party without a trace. Cookiebot generates a new identification mark whenever a user changes their consent state and the previous consent state remains in the log.
This does not concern our parkkipate.fi and reklamaatio.parkkipate.fi websites, because strictly necessary cookies must always be accepted.
4. Can you use the website if you have blocked all cookies?
Even if a user has technically blocked all cookies, strictly necessary cookies will still remain active.
If a user tries to change their consent state by selecting “Manage consent preferences”, their browser will prompt them to unblock cookies.
5. How do we manage a user’s cookie consent? How and for how long is a user’s cookie consent stored?
How do we manage and store a user’s cookie consent? Cookiebot stores a user’s cookie consent in the consent log automatically. Only one person in our company has access to this log.
Cookiebot stores the following data:
- a user’s anonymised IP address (three final numbers are replaced with zeros), e.g. 126.96.36.199
- date and time of consent
- browser data, e.g. mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36
- the URL where the user gave their consent, e.g. https://parkkipate.fi
- the user’s unique, random, anonymous and encrypted identification mark
- the user’s consent state which confirms that the user has given their consent.
If necessary, we can demonstrate our users’ cookie consent to the authorities. Our Cookiebot server is located in Ireland and it is subject to EU legislation.
Cookiebot saves a “CookieConsent” cookie to the website user’s browser. This cookie contains the user’s unique, random, anonymous and encrypted identification mark and consent state. This way our website respects the existing consent state of all our users automatically. The same information is transferred to the consent log on our Cookiebot server through an encrypted connection.
How long is a user’s cookie consent stored for? The “CookieConsent” cookie will remain in the browser automatically for 12 months, after which the user will be requested to accept cookies again, unless:
- the user erases/removes cookies from their browser