Privacy Policy Service Terms and Conditions

Privacy Policy

IGL-Technologies Oy does not compromise on information security. We take the information security of our customers and stakeholders very seriously and we are constantly working to ensure that the use of our products and services is always reliable and secure. Our ISO 27001 certified information security management system guides us to train our personnel and develop our operations systematically, comprehensively and in accordance with best practices.

1. Data Controller

The data controller (hereinafter referred to as the “Data Controller”) is:

IGL-Technologies Ltd
business ID: 2304284-4
Korkeakoulunkatu 7
33720 TAMPERE

Please address any questions regarding the processing of personal data to: info@eparking.fi .


2. Definitions of terms

  • data subject ” we mean the person whose personal data the Controller processes in its personal registers.

  • personal data ” we mean all information related to an identified or identifiable natural person, i.e. data subject, such as name, address, email, telephone number, location information and transaction history.

  • Customer ” we mean consumers and contact persons from companies and other entities (hereinafter referred to as “entities”) with whom the Controller has a customer relationship, or a maximum of three calendar years have passed since the customer relationship ended.

  • end user ” we mean those individuals from corporate customers who use our services as customers through corporate customership (such as staff of educational institutions, students and residents of housing companies).

  • potential customer ” we mean consumers and community contacts with whom the Controller seeks to create a new customer relationship or renew a customer relationship that ended more than three years ago.

  • stakeholders ” we mean consumers and community contact persons with whom the Controllers have a cooperative relationship (for example, representatives of communities providing services to the Controllers) or other connection (for example, social decision-makers involved in public relations).

3. Purposes of processing personal data

The controller processes the personal data of the data subjects for the following purposes (one or more at the same time):

• Management, analysis and development of customer and stakeholder relationships

The Controller may process your personal data to manage, analyze and develop the customer relationship established directly with you or the entity you represent. This may include, for example, analyzing and developing how data subjects use the Controller's services and what customer experience would be optimal for data subjects.

• Delivery of products and services 

The Controller may process your personal data to provide products and services if you or the entity you represent have purchased or used our products and/or services, have subscribed to the Controller's newsletter or other digital content, or have participated in the Controller's events. The personal data is processed to implement the rights and obligations based on the agreement or other commitment between the Controller and the customer.

• Customer communication

The controller may process your personal data in its customer communications, for example to send you notifications related to products and services, to inform you about changes made to products and services, and to request feedback on products and services and customer experience. 

• Marketing

The Controller may contact you through direct marketing and targeted digital marketing to inform you about new products, services and benefits of its own and those of its partners. The Controller may process your personal data to tailor its offerings and provide relevant content. This means, for example, that the Controller may provide recommendations or display tailored content and tailored advertisements on its own and third-party services, including targeted online advertising and social media.

• Development of products and services

The controller may process your personal data to develop its products and services, for example to improve its product and service offering to make it more interesting and useful to customers, end users and potential customers. 

The legal basis for the processing of personal data is the following subparagraphs of Article 6 of the EU General Data Protection Regulation: 

  • processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract;

  • processing is necessary for the purposes of the legitimate interests pursued by the Controller or a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data;

  • you have given your consent to the processing of your personal data for one or more specific purposes; and/or

  • the processing is necessary to comply with a legal obligation of the Controller.

The controller processes your data to perform a contract with you or the entity you represent.  

The Controller has legitimate interests related to the conduct of business, such as the right to promote the sale of its products and services through marketing and sales, and the Controller may, on the basis of a legitimate interest, engage in direct marketing and sales using your contact information. Other legitimate interests of the Controller, on the basis of which your personal data may be processed, include, among others, advice and other customer service to non-customers, further development of the business and investigation of possible abuses.  

If the processing of data is not based on contractual need or legitimate interest, the Controller may request your consent for other types of processing of personal data, such as processing location information and electronic direct marketing to potential consumer customers. 

The controller may also process your personal data if required by law, such as based on the retention obligation under the Accounting Act.

4. Types of personal data processed

The personal data collected by the controller may include, among others, the following types of information and changes made to them: 

4.1 Basic information about the data subjects 

  • first and last name 

  • contact information (postal address, email address, telephone number)

  • language

  • communications targeted to the data subject and communication-related activities (such as clicking on individual links in email marketing)

  • direct marketing options

  • Information regarding the use of the Controller's digital services and content created by the data subject for the services (such as content produced by the data subject on the Controller's social media accounts)

  • information about cookies and other similar functions sent to the data subject's terminal devices (such as computers and mobile devices) and the data collected through them, if the data subject can be identified based on this information

  • possible recordings of customer service calls and customer service-related, recorded email and chat conversations as well as online conversations, for example on social media channels


4.2 Additional information about community representatives and end users

  • the name and other necessary identification information of the entity that the data subject represents in relation to the Data Controller

  • title and/or job description 

  • the end user's status or relationship to the community (e.g., a member of the staff of an educational institution or a resident of a housing company)


4.3 Information about data subjects who have purchased and provided feedback on the controller's products and/or services 

  • the time and manner of beginning and ending of a customer relationship or similar relationship

  • customer / end user customer number (ID)

  • car registration numbers and information about electric or hybrid drivetrains provided by the customer/end user

  • information about the end user provided by the community (e.g. educational institution personal identification number)

  • purchases of products and services made by the customer/end user, queuing for them, and downloads (such as downloading an application to a terminal device)

  • the last four digits of the payment card used by the customer/end user at any given time

  • customer/end user car location information based on the location of the charging point or parking area 

  • information about the map areas in which the customer/end user has opened the application and the map feature

  • customer/end user access rights to the private contract area

  • customer/end user electricity consumption data 

  • campaigns targeted at the customer / end user and their use 

  • Interests and other information reported by the customer/end user

  • the content of customer/end user feedback and any complaints, related communications and follow-up actions

  • content created by the customer/end user for the services (such as content produced by the data subject in the Controller's application communication channel)

  • parking control related measures concerning the customer/end customer

4.4 Sensitive personal data

  • if the customer / end user voluntarily and with their own consent provides the Controller with sensitive information about themselves (such as their health information related to special group parking) 

5. Source of personal data

The controller receives a large portion of your personal data from you at the beginning and during the customer or stakeholder relationship, as well as from the programs you use to use our services. 

The controller also receives personal data and updates thereof from authorities and organizations that provide personal and credit information acquisition and update services, as well as from public directories and other public information sources, such as websites and social media channels. The controller also collects personal data from data subjects for marketing purposes in connection with various activations, such as lotteries, competitions, surveys or events (by the controller or their partners).

The Controller also receives personal data about representatives and end users of the entities from the entity, meaning that the entity may also provide the Controller with personal data about other persons related to the use and marketing of the Controller's products and services. 

Regarding parking events and measures related to parking control, the Controller also receives personal data from companies operating parking facilities and from entities engaged in parking control. 

We use Leadoo user tracking to track how our users move around our website and combine this data with user data collected, for example, through chat interactions. Leadoo uses etag tracking, which is technically different from cookie-based tracking, but is subject to the same legal requirements as cookies. Please review Leadoo Marketing Technologies Oy's privacy policy ( https://leadoo.com/privacy-policy/ ) to learn more about what is tracked in the system. For GDPR purposes, we act as the controller and Leadoo as the data processor. If you do not want to be tracked, you can clear your browser cache. For more information about how Leadoo works, please see: https://leadoo.com/privacy-policy-processor/

6. Sharing of personal data

The controller will not give, sell or otherwise disclose your personal information to external third parties, unless otherwise stated below.

The Controller may share your personal data with third parties who provide services to the Controller. These services may include, for example, customer service, installation and maintenance services, operators of parking facilities and parking surveillance, software services, research activities, marketing and analytics services, and event production. The Controller may share your personal data for the purpose of collecting payments, and may, for example, transfer or sell unpaid invoices to third parties who provide collection services. 

The protection of your personal data is important to the Controller, and we do not allow these parties to use the data for any purpose other than to provide the agreed services to us as the Controller. We require the parties to protect the registered personal data in accordance with this Privacy Policy and applicable legislation and regulatory requirements.

The Controller may share your personal data with other carefully considered partners with whom the Controller jointly manages and implements projects, such as joint events.

The controller may share your personal data with carefully considered third parties, for a legitimate reason, for the parties' joint or independent direct marketing purposes. The data may be shared for such purposes only when the third party's intended use does not conflict with the purposes specified in this privacy policy. The data will be shared in principle to a very limited extent, mainly the person's name and contact details for contact purposes, for contact methods permitted by law.  

The controller may share your personal data in connection with a corporate acquisition or other corporate restructuring or when the service is transferred to another service provider. The controller may share your personal data upon a court order or similar order, or when required by an authority. 

7. Transfer of personal data outside the EU

The controller may use resources and servers located in different parts of the world when providing the services. The controller may therefore transfer your personal data outside the country in which the services are used and possibly also to countries outside the EU that have different data protection laws. 

In these cases, the Controller ensures that there is a legal basis for the data transfer and that the personal data is protected, for example by using (where necessary) standard contracts and processor agreements approved by the relevant authorities, and by requiring the implementation of appropriate technical and other data protection measures.

8. Processing time of personal data

The Controller will process your personal data as long as the Controller has one of the grounds for processing the data described in section 3 of this privacy policy, and for a reasonable period thereafter.

The controller may process customers' personal data for the duration of your customer relationship and until the end of the third year following the year of termination. After this, the controller may transfer your more limited, necessary personal data to the marketing register and process your personal data again in the role of a potential customer. 

The Controller may process the personal data of potential customers for an indefinite period of time until you become a customer or until you request that your data be deleted from the Controller's marketing register. 

9. Exercising data subject rights

As a registered user, you have various options to influence the processing of your personal data. As a rule, we will implement your request within one month. If you wish to exercise your rights related to your personal data, please contact us using the contact details provided in section 1 of this privacy policy. Your rights include (the scope of your rights depends on the processing basis on which your personal data is processed, i.e. not all of the rights below are available to you in all situations): 

  1. The right to access personal data collected about you. Based on your appropriate and identified request, we will provide you with a report on the personal data collected about you in the personal register.

  2. The right to request correction or deletion of personal data collected about you. If you notice errors or omissions in your data, you can make a correction request to us.

  3. The right to request the deletion of personal data collected about you. We are obliged to delete the personal data you have requested from our personal register if one of the following criteria is met and there is no obligation to retain the data due to other legislation or official regulations:

    • the personal data are no longer necessary for the purposes for which they were processed;

    • you withdraw your consent and there is no other legal basis for the processing;

    • you object to the processing on grounds relating to your particular personal situation and there are no legitimate grounds for the processing or you object to the processing of your personal data for direct marketing purposes;

    • your personal data has been processed unlawfully;

    • your personal data must be erased in order to comply with a legal obligation to which the controller is subject under European Union law or Finnish law; or

    • Your personal data has been collected in connection with the provision of information society services, such as when subscribing to the Controller's digital information services.

  4. The right to request restriction of processing of personal data collected about you. You may request the Controller to restrict the processing of your personal data if:

    • you dispute the accuracy of your personal data held by the Controller;

    • the processing is unlawful and you request restriction of use instead of deletion;

    • The controller no longer needs the personal data for the purposes of the processing, but you need them for the establishment, exercise or defence of legal claims;

    • you have objected to the processing of your personal data pending verification of whether the legitimate grounds of the Controller override your grounds.

  5. The right to object to the processing of personal data concerning you. If the Controller processes your data based on a legitimate interest, you have the right, on grounds relating to your particular personal situation, to object to the processing of personal data concerning you. All individuals in the registers covered by this privacy policy have the right to object to the processing of their personal data for direct marketing purposes.

  6. The right to transfer the data you have provided from one system to another. If the automated processing of your personal data is based on consent or a contract, you have the right to receive the personal data you have provided to the Controller in a structured, commonly used and machine-readable format, and the right to transfer that data to another controller.

  7. Right to withdraw consent. If all or part of your personal data is processed in this register based on your consent, you have the right to withdraw your consent.

  8. The right to lodge a complaint with a supervisory authority. If a possible disagreement regarding the processing of your personal data cannot be resolved amicably between you and the Controller, you have the right to refer the matter to the Office of the Data Protection Ombudsman for resolution by a data protection authority.


10. Applicable law

Finnish legislation and EU legislation directly applicable in Finland, such as the EU General Data Protection Regulation, apply to the controller's personal registers and the processing of personal data contained therein. 

11. Updating the privacy policy

The controller is constantly developing its business operations and this may also mean changes related to the processing of personal data. We will update the privacy policy as necessary to reflect changed practices. Changes may also be based on changes in legislation. We recommend that you review the content of the privacy policy regularly.

If the Controller starts processing your personal data for a purpose other than that for which your personal data was originally collected, we will inform you of this and the updated privacy policy before such further processing. For other changes, we will inform you on our website about the update of the privacy policy.

Privacy Policy for Customers, Potential Customers, and Stakeholders

At IGL-Technologies Oy, we do not compromise on data security. We take the security of our customers and stakeholders very seriously and continuously work to ensure that the use of our products and services is always reliable and secure. Our ISO 27001-certified information security management system guides us in systematically and comprehensively training our staff and developing our operations in accordance with best practices.

1. Data Controller

The Data Controller (hereinafter referred to as the "Data Controller") is:

IGL-Technologies Oy
Business ID: 2304284-4
Korkeakoulunkatu 7
33720 TAMPERE

2. Definitions of Terms

  • "Data Subject" refers to the individual whose personal data is processed by the Data Controller in its registries.

  • "Personal Data" means any information relating to an identified or identifiable natural person, ie, the data subject, including but not limited to name, address, email, phone number, location data, and transaction history.

  • "Customer" refers to consumers as well as contact persons from companies and other organizations (hereinafter referred to as "entity") with which the Data Controller has a customer relationship, or where no more than three calendar years have passed since the termination of that customer relationship.

  • "End User" refers to individuals from community customers who use our services through the entity's customer relationship (such as staff from educational institutions, students, and Residents of housing cooperatives).

  • "Potential Customer" refers to consumers and contact persons from entities with whom the Data Controller aims to establish a new customer relationship or renew a customer relationship that ended more than three years ago.

  • "Stakeholders" refers to consumers and contact persons from entities with which the Data Controller has a cooperative relationship (eg, representatives from entities providing services to the Data Controller) or other connections (eg, social decision-makers related to public relations activities).

3. Purposes of Personal Data Processing

The Data Controller processes the personal data of data subjects for the following purposes (one or more simultaneously):

  • Managing, Analyzing, and Developing Customer and Stakeholder Relationships : The Data Controller may process your personal data to manage, analyze, and develop the customer relationship formed with you or the entity you represent. This may involve analyzing and developing how data subjects use the Data Controller's services and determining what kind of customer experience would be optimal for the data subjects.

  • Delivering Products and Services : The Data Controller may process your personal data to deliver products and services if you or the entity you represent have purchased or used our products and/or services, have subscribed to the Data Controller's newsletter or other digital content, or have participated in the Data Controller's events. Personal data is processed to fulfill rights and obligations based on the contract or other commitments between the Data Controller and the customer.

  • Customer Communication : The Data Controller may process your personal data in its customer communications, for example, to send you Notifications related to products and services, inform you of changes made to products and services, and request feedback on products, services, and customer experiences.

  • Marketing: The Data Controller may contact you through direct marketing and targeted digital marketing to inform you about new products, services, and benefits from itself and its partners. The Data Controller may process your personal data to tailor its offerings and provide relevant content. This means, for example, that the Data Controller may provide recommendations or display tailored content and customized advertisements on its own and third-party services, including targeted online advertising and social media.

  • Developing Products and Services : The Data Controller may process your personal data to develop its products and services, for example, to enhance its product and service offerings to make them more interesting and useful for customers, end users, and potential customers.

The legal basis for processing personal data is found in the following provisions of Article 6 of the EU General Data Protection Regulation:

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to Entering into a contract;

  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject;

  • the data subject has given consent to the processing of their personal data for one or more specific purposes; and/or

  • processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

The Data Controller processes your data to fulfill the contract with you or the entity you represent.

The Data Controller has legitimate interests related to its business operations, such as the right to promote the sale of its products and services through marketing and sales activities, and may engage in direct marketing and sales using your contact information based on legitimate interests. Other legitimate interests of the Data Controller that allow for the processing of your personal data include providing advice and other customer service to non-customers, further developing the business, and investigating potential abuses.

If the processing of data is not based on contractual necessity or legitimate interest, the Data Controller may request your consent for other types of personal data processing, such as processing location data and electronic direct marketing to potential consumer customers.

Additionally, the Data Controller may process your personal data as required by law, such as under the retention obligations of the Accounting Act.

4. Types of Personal Data Processed

The personal data collected by the Data Controller may include, among other things, the following types of information and any modifications made to them:

4.1 Basic Information about Data Subjects

  • First and last name

  • Contact details (postal address, email address, phone number)

  • Language

  • Communication directed at the data subject and related activities (such as clicking on unique links in email marketing)

  • Direct marketing preferences

  • Information regarding the use of the Data Controller's digital services and the content created by the data subject for these services (such as content produced by the data subject on the Data Controller's social media accounts)

  • Information about cookies and other similar actions sent to the data subject's devices (such as computers and mobile devices) and data collected through them, provided that the data subject can be identified based on this information

  • Possible recordings of customer service calls, as well as recorded email and chat conversations related to customer service, including online conversations on social media channels


4.2 Additional Information about Representatives of Organizations and End Users

  • The name of the organization and other necessary identifying information that the data subject represents in relation to the Data Controller

  • Title and/or job description

  • The end user's position or relationship to the organization (eg, staff member of an educational institution or Resident of a housing company)


4.3 Data of Registered Users Who Have Purchased the Data Controller's Products and/or Services and Provided Feedback

  • Start and end time and manner of the customer relationship or similar relationship

  • Customer/end user's customer number (ID)

  • License plate numbers of the vehicles reported by the customer/end user and information on electric or hybrid power sources

  • Information about the end user reported by the organization (eg, personal identification number for staff at educational institutions)

  • Purchases made by the customer/end user for products and services, waiting lists, and downloads (such as app downloads to devices)

  • The last four digits of the payment card currently used by the customer/end user

  • Location information of the customer/end user's vehicle based on the location of the charging point or parking area

  • Information about the map areas where the customer/end user has opened the app and the map feature

  • Access rights of the customer/end user to the private contract area

  • Electricity consumption data of the customer/end user

  • Campaigns directed at the customer/end user and their usage

  • Interests and other information reported by the customer/end user

  • Content of feedback and any complaints provided by the customer/end user, related communication, and follow-up actions

  • Content created by the customer/end user in the services (such as content produced by the registered user in the Data Controller's application communication channel)

  • Actions related to parking enforcement concerning the customer/end user

4.4 Sensitive Personal Data

  • If the customer/end user voluntarily provides the Data Controller with sensitive information about themselves (such as health data related to parking for special groups) with their own consent.

5. Source of Personal Data

The Data Controller obtains a significant portion of your personal data from you at the beginning and during the customer or stakeholder relationship, as well as from the programs you use to access our services.

The Data Controller also receives personal data and updates from authorities and organizations that provide personal and credit information acquisition and updating services, as well as from public directories and other public information sources, such as websites and social media channels. The Data Controller collects personal data for marketing purposes from registered individuals through various activities, such as lotteries, competitions, surveys, or events (conducted by the Data Controller or its partners).

Additionally, the Data Controller receives personal data about representatives of organizations and end users from the organization itself, meaning the organization can also provide the Data Controller with personal data regarding other individuals related to the use of the Data Controller's products and services and marketing.

For parking events and related enforcement measures, the Data Controller obtains personal data from companies operating parking facilities as well as organizations engaged in parking enforcement.

We use Leadoo's tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from eg chat interactions. Leadoo uses etag tracking in order to hook together the same users behavior over several sessions – in practice this works similarly to cookie based tracking. Please check out Leadoo Marketing Technologies Ltd's Privacy Policy (https://leadoo.com/privacy-policy/) for more information on what is tracked and what your rights are. Leadoo works as the Processor and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser's cache after the visit. For more on how Leadoo works as a GDPR compliant processor, see https://leadoo.com/privacy-policy-processor/

6. Sharing of Personal Data

The Data Controller does not give, sell, or otherwise disclose your personal data to outside third parties, unless otherwise stated below.

The Data Controller may share your personal data with third parties that provide services to the Data Controller. These services may include customer service, installation and maintenance services, operators of parking facilities and parking enforcement, software services, research activities, marketing and analytics services, as well as event production. The Data Controller may share your personal data for the collection of payments, and it may, for example, transfer or sell unpaid invoices to third-party debt collection services.

Protecting your personal data is important to the Data Controller, and we do not allow these parties to use the data for any purposes other than providing the agreed-upon services to us as the Data Controller. We require these parties to protect the personal data of registered individuals in accordance with this privacy statement, applicable legislation, and regulatory requirements.

The Data Controller may share your personal data with other carefully considered partners with whom the Data Controller jointly manages and implements projects, such as co-hosted events.

The Data Controller may share your personal data with carefully selected third parties for justified reasons, for the parties' joint or independent direct marketing purposes. Data may only be shared for these purposes if the intended use by the third party does not conflict with the purposes defined in this privacy statement. Generally, only a very limited amount of information will be shared, primarily the individual's name and contact details for communication, using methods allowed by law.

The Data Controller may share your personal data in connection with a business acquisition or other corporate arrangement or if the service is transferred to another service provider. The Data Controller may share your personal data at the request of a court or relevant authority, or as required by law.

7. Transfer of Personal Data Outside the EU

The Data Controller may utilize resources and servers located around the world in providing services. Therefore, the Data Controller may transfer your personal data outside the country of service usage and possibly to countries outside the EU, where data protection legislation may differ.

In these cases, the Data Controller ensures that there is a legal basis for the transfer of data and that personal data is protected by, for example, using (when necessary) standard contractual clauses and data processing agreements approved by the relevant authorities, and by requiring adherence to appropriate technical and other data protection measures.

8. Retention Period of Personal Data

The Data Controller will process your personal data for as long as there is a valid basis for processing the data as described in Section 3 of this privacy statement, as well as for a reasonable period thereafter.

The Data Controller may process customers' personal data for the duration of your customer relationship and until the end of the third year following the year of termination. After this, the Data Controller may transfer your essential, necessary personal data to a marketing Registry and process your personal data again in the role of a potential customer.

The Data Controller may process potential customers' personal data indefinitely until you become a customer or until you request the deletion of your data from the Data Controller's marketing registry.

9. Exercising the Rights of the Data Subject

As a data subject, you have various opportunities to influence the processing of your personal data. As a general rule, we will fulfill your requests within a month. If you wish to exercise your rights related to your personal data, please contact us using the contact information provided in Section 1 of this privacy statement. Your rights include (the scope of rights depends on the basis for processing your personal data, meaning that not all of the rights listed below may be available to you in every situation):

  1. Right to access personal data collected about you. You have the right to access the personal data collected about you. Based on a proper and identified request, we will provide you with a report of the personal data collected about you in the personal register.

  2. Right to request correction or deletion of personal data collected about you. If you notice any errors or omissions in your data, you can submit a request for correction to us.

  3. Right to request deletion of personal data collected about you. We are obliged to delete the personal data you have requested from our personal register if any of the following grounds are met, and there is no obligation to retain the data imposed by other legislation or authority regulations:

    • The personal data is no longer needed for the purposes for which it was processed;

    • You withdraw your consent, and there is no other legal basis for processing;

    • You object to the processing related to your specific personal situation, and there are no justified grounds for processing, or you oppose the processing of your personal data for direct marketing;

    • Your personal data has been processed unlawfully;

    • Your personal data must be deleted to comply with a legal obligation applicable to the data controller under European Union law or Finnish legislation; or

    • Your personal data has been collected in connection with the provision of information society services, such as when ordering the data controller's digital information services.

  4. Right to request the restriction of processing your collected personal data. You can request the data controller to restrict the processing of your personal data if:

    • You contest the accuracy of the personal data held by the Data Controller;

    • The processing is unlawful, and you request the restriction of use instead of deletion;

    • The Data Controller no longer needs the personal data for processing purposes, but you need it for the establishment, exercise, or defense of legal claims;

    • You have objected to the processing of personal data while Awaiting confirmation of whether the legitimate grounds of the data controller override your grounds.

  5. Right to object to the processing of your personal data. If the Data Controller processes your data based on legitimate interest, you have the right to object to the processing of your personal data based on grounds relating to your particular situation. All individuals covered by the registers mentioned in this privacy policy have the right to object to the processing of their personal data for direct marketing purposes.

  6. Right to data portability. If the automated processing of your personal data is based on consent or a contract, you have the right to receive the personal data you have provided to the Data Controller in a structured, commonly used, and machine-readable format, and the right to transfer those data to another data controller.

  7. Right to withdraw consent. If all or part of your personal data is processed based on the consent you provided in this register, you have the right to withdraw your consent.

  8. Right to lodge a complaint with a Supervisory authority. If any disagreement regarding the processing of your personal data cannot be resolved amicably between you and the Data Controller, you have the right to take the matter to the data protection authority for resolution at the Office of the Data Protection Ombudsman.

10. Applicable Legislation

The processing of personal data in the data controller's personal registers and the personal data contained therein is governed by Finnish legislation and directly applicable EU legislation in Finland, such as the EU General Data Protection Regulation (GDPR).

11. Updating the Privacy Policy

The Data Controller continuously develops its business operations, which may also involve changes related to the processing of personal data. We will update the privacy policy as needed to reflect any changes in our practices. Changes may also be based on amendments to legislation. We recommend that you review the contents of the Privacy Policy regularly.

If the Data Controller starts processing your personal data for purposes other than those for which your personal data was originally collected, we will notify you of this and provide you with an updated privacy policy before such further processing. For other changes, we will inform you about the update of the privacy policy on our website.