Data protection
Privacy Policy Service Terms and Conditions

Privacy Policy

IGL-Technologies Oy does not compromise on data security. We take the information security of our customers and stakeholders very seriously and we constantly work to ensure that the use of our products and services is always reliable and safe. Our ISO 27001-certified information security management system directs us to train our personnel and develop our operations systematically, comprehensively and in accordance with best practices.

1. Registrar

The Data Controller (hereinafter referred to as the "Data Controller") is:

IGL-Technologies Oy
Business ID: 2304284-4
Korkeakoulunkatu 7
33720 TAMPERE

For inquiries regarding the processing of personal data, please contact: info@eparking.fi .


2. Definitions of Terms

  • " Data Subject " refers to the individual whose personal data is processed by the Data Controller in its registries.

  • " Personal data " means any information relating to an identified or identifiable natural person, i.e., the data subject, including but not limited to name, address, email, phone number, location data, and transaction history.

  • "Customer " refers to consumers as well as contact persons from companies and other organizations (hereinafter referred to as "entity") with which the Data Controller has a customer relationship, or where no more than three calendar years have passed since the termination of that customer relationship.

  • "End user " refers to individuals from community customers who use our services through the entity's customer relationship (such as staff from educational institutions, students, and residents of housing cooperatives).

  • " Potential Customer " refers to consumers and contact persons from entities with whom the Data Controller aims to establish a new customer relationship or renew a customer relationship that ended more than three years ago.

  • " Stakeholders " refers to consumers and contact persons from entities with which the Data Controller has a cooperative relationship (e.g., representatives from entities providing services to the Data Controller) or other connections (e.g., social decision-makers related to public relations activities).

3. Purposes of Personal Data Processing

The Data Controller processes the personal data of data subjects for the following purposes (one or more simultaneously):

• Managing, Analyzing, and Developing Customer and Stakeholder Relationships

The Data Controller may process your personal data to manage, analyze, and develop the customer relationship formed with you or the entity you represent. This may involve analyzing and developing how data subjects use the Data Controller's services and determining what kind of customer experience would be optimal for the data subjects.

• Delivering Products and Services 

The Data Controller may process your personal data to deliver products and services if you or the entity you represent have purchased or used our products and/or services, have subscribed to the Data Controller's newsletter or other digital content, or have participated in the Data Controller's events. Personal data is processed to fulfill rights and obligations based on the contract or other commitments between the Data Controller and the customer.

• Customer Communication

The Data Controller may process your personal data in its customer communications, for example, to send you notifications related to products and services, inform you of changes made to products and services, and request feedback on products, services, and customer experiences. 

• Marketing

The Data Controller may contact you through direct marketing and targeted digital marketing to inform you about new products, services, and benefits from itself and its partners. The Data Controller may process your personal data to tailor its offerings and provide relevant content. This means, for example, that the Data Controller may provide recommendations or display tailored content and customized advertisements on its own and third-party services, including targeted online advertising and social media.

• Developing Products and Services

The Data Controller may process your personal data to develop its products and services, for example, to enhance its product and service offerings to make them more interesting and useful for customers, end users, and potential customers. 

The legal basis for processing personal data is found in the following provisions of Article 6 of the EU General Data Protection Regulation: 

  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

  • processing is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject;

  • the data subject has given consent to the processing of their personal data for one or more specific purposes; and/or

  • processing is necessary for compliance with a legal obligation to which the Data Controller is subject.

The Data Controller processes your data to fulfill the contract with you or the entity you represent.  

The Data Controller has legitimate interests related to its business operations, such as the right to promote the sale of its products and services through marketing and sales activities, and may engage in direct marketing and sales using your contact information based on legitimate interests. Other legitimate interests of the Data Controller that allow for the processing of your personal data include providing advice and other customer service to non-customers, further developing the business, and investigating potential abuses.  

If the processing of data is not based on contractual necessity or legitimate interest, the Data Controller may request your consent for other types of personal data processing, such as processing location data and electronic direct marketing to potential consumer customers. 

Additionally, the Data Controller may process your personal data as required by law, such as under the retention obligations of the Accounting Act.

4. Types of Personal Data Processed

The personal data collected by the Data Controller may include, among other things, the following types of information and any modifications made to them: 

4.1 Basic Information about Data Subjects 

  • First and last name 

  • Contact details (postal address, email address, phone number)

  • Language

  • Communication directed at the data subject and related activities (such as clicking on unique links in email marketing)

  • Direct marketing preferences

  • Information regarding the use of the Data Controller's digital services and the content created by the data subject for these services (such as content produced by the data subject on the Data Controller's social media accounts)

  • Information about cookies and other similar actions sent to the data subject's devices (such as computers and mobile devices) and data collected through them, provided that the data subject can be identified based on this information

  • Possible recordings of customer service calls, as well as recorded email and chat conversations related to customer service, including online conversations on social media channels


4.2 Additional Information about Representatives of Organizations and End Users

  • The name of the organization and other necessary identifying information that the data subject represents in relation to the Data Controller

  • Title and/or job description 

  • The end user's position or relationship to the organization (e.g., staff member of an educational institution or resident of a housing company)


4.3 Data of Registered Users Who Have Purchased the Data Controller’s Products and/or Services and Provided Feedback 

  • Start and end time and manner of the customer relationship or similar relationship

  • Customer/end user's customer number (ID)

  • License plate numbers of the vehicles reported by the customer/end user and information on electric or hybrid power sources

  • Information about the end user reported by the organization (e.g., personal identification number for staff at educational institutions)

  • Purchases made by the customer/end user for products and services, waiting lists, and downloads (such as app downloads to devices)

  • The last four digits of the payment card currently used by the customer/end user

  • Location information of the customer/end user's vehicle based on the location of the charging point or parking area 

  • Information about the map areas where the customer/end user has opened the app and the map feature

  • Access rights of the customer/end user to the private contract area

  • Electricity consumption data of the customer/end user 

  • Campaigns directed at the customer/end user and their usage 

  • Interests and other information reported by the customer/end user

  • Content of feedback and any complaints provided by the customer/end user, related communication, and follow-up actions

  • Content created by the customer/end user in the services (such as content produced by the registered user in the Data Controller's application communication channel)

  • Actions related to parking enforcement concerning the customer/end user

4.4 Sensitive Personal Data

  • If the customer/end user voluntarily provides the Data Controller with sensitive information about themselves (such as health data related to parking for special groups) with their own consent. 

5. Source of Personal Data

The Data Controller obtains a significant portion of your personal data from you at the beginning and during the customer or stakeholder relationship, as well as from the programs you use to access our services. 

The Data Controller also receives personal data and updates from authorities and organizations that provide personal and credit information acquisition and updating services, as well as from public directories and other public information sources, such as websites and social media channels. The Data Controller collects personal data for marketing purposes from registered individuals through various activities, such as lotteries, competitions, surveys, or events (conducted by the Data Controller or its partners).

Additionally, the Data Controller receives personal data about representatives of organizations and end users from the organization itself, meaning the organization can also provide the Data Controller with personal data regarding other individuals related to the use of the Data Controller's products and services and marketing. 

For parking events and related enforcement measures, the Data Controller obtains personal data from companies operating parking facilities as well as organizations engaged in parking enforcement. 

We use Leadoo’s tracking service to follow what users are doing on the site and combine this behavioral data with other data we can gather from e.g. chat interactions. Leadoo uses etag tracking in order to hook together the same users behavior over several sessions – in practice this works similarly to cookie based tracking. Please check out Leadoo Marketing Technologies Ltd’s Privacy Policy ( https://leadoo.com/privacy-policy/ ) for more information on what is tracked and what your rights are. Leadoo works as the Processor and we work as the Controller for the data in terms of GDPR. You can stop the tracking by emptying your browser’s cache after the visit. For more on how Leadoo works as a GDPR compliant processor, see https://leadoo.com/privacy-policy-processor/

6. Sharing of Personal Data

The Data Controller does not give, sell, or otherwise disclose your personal data to outside third parties, unless otherwise stated below.

The Data Controller may share your personal data with third parties that provide services to the Data Controller. These services may include customer service, installation and maintenance services, operators of parking facilities and parking enforcement, software services, research activities, marketing and analytics services, as well as event production. The Data Controller may share your personal data for the collection of payments, and it may, for example, transfer or sell unpaid invoices to third-party debt collection services. 

Protecting your personal data is important to the Data Controller, and we do not allow these parties to use the data for any purposes other than providing the agreed-upon services to us as the Data Controller. We require these parties to protect the personal data of registered individuals in accordance with this privacy statement, applicable legislation, and regulatory requirements.

The Data Controller may share your personal data with other carefully considered partners with whom the Data Controller jointly manages and implements projects, such as co-hosted events.

The Data Controller may share your personal data with carefully selected third parties for justified reasons, for the parties’ joint or independent direct marketing purposes. Data may only be shared for these purposes if the intended use by the third party does not conflict with the purposes defined in this privacy statement. Generally, only a very limited amount of information will be shared, primarily the individual's name and contact details for communication, using methods allowed by law.  

The Data Controller may share your personal data in connection with a business acquisition or other corporate arrangement or if the service is transferred to another service provider. The Data Controller may share your personal data at the request of a court or relevant authority, or as required by law. 

7. Transfer of Personal Data Outside the EU

The Data Controller may utilize resources and servers located around the world in providing services. Therefore, the Data Controller may transfer your personal data outside the country of service usage and possibly to countries outside the EU, where data protection legislation may differ. 

In these cases, the Data Controller ensures that there is a legal basis for the transfer of data and that personal data is protected by, for example, using (when necessary) standard contractual clauses and data processing agreements approved by the relevant authorities, and by requiring adherence to appropriate technical and other data protection measures.

8. Retention Period of Personal Data

The Data Controller will process your personal data for as long as there is a valid basis for processing the data as described in Section 3 of this privacy statement, as well as for a reasonable period thereafter.

The Data Controller may process customers' personal data for the duration of your customer relationship and until the end of the third year following the year of termination. After this, the Data Controller may transfer your essential, necessary personal data to a marketing registry and process your personal data again in the role of a potential customer. 

The Data Controller may process potential customers' personal data indefinitely until you become a customer or until you request the deletion of your data from the Data Controller's marketing registry. 

9. Exercising the Rights of the Data Subject

As a data subject, you have various opportunities to influence the processing of your personal data. As a general rule, we will fulfill your requests within a month. If you wish to exercise your rights related to your personal data, please contact us using the contact information provided in Section 1 of this privacy statement. Your rights include (the scope of rights depends on the basis for processing your personal data, meaning that not all of the rights listed below may be available to you in every situation): 

  1. Right to access personal data collected about you. You have the right to access the personal data collected about you. Based on a proper and identified request, we will provide you with a report of the personal data collected about you in the personal register.

  2. Right to request correction or deletion of personal data collected about you. If you notice any errors or omissions in your data, you can submit a request for correction to us.

  3. Right to request deletion of personal data collected about you. We are obligated to delete the personal data you have requested from our personal register if any of the following grounds are met, and there is no obligation to retain the data imposed by other legislation or authority regulations:

    • The personal data is no longer needed for the purposes for which it was processed;

    • You withdraw your consent, and there is no other legal basis for processing;

    • You object to the processing related to your specific personal situation, and there are no justified grounds for processing, or you oppose the processing of your personal data for direct marketing;

    • Your personal data has been processed unlawfully;

    • Your personal data must be deleted to comply with a legal obligation applicable to the data controller under European Union law or Finnish legislation; or

    • Your personal data has been collected in connection with the provision of information society services, such as when ordering the data controller's digital information services.

  4. Right to request the restriction of processing your collected personal data. You can request the data controller to restrict the processing of your personal data if:

    • You contest the accuracy of the personal data held by the Data Controller;

    • The processing is unlawful, and you request the restriction of use instead of deletion;

    • The Data Controller no longer needs the personal data for processing purposes, but you need it for the establishment, exercise, or defense of legal claims;

    • You have objected to the processing of personal data while awaiting confirmation of whether the legitimate grounds of the data controller override your grounds.

  5. Right to object to the processing of your personal data. If the Data Controller processes your data based on legitimate interest, you have the right to object to the processing of your personal data based on grounds relating to your particular situation. All individuals covered by the registers mentioned in this privacy policy have the right to object to the processing of their personal data for direct marketing purposes.

  6. TRight to data portability. If the automated processing of your personal data is based on consent or a contract, you have the right to receive the personal data you have provided to the Data Controller in a structured, commonly used, and machine-readable format, and the right to transfer those data to another data controller.

  7. The right to withdraw consent. If all or part of your personal data is processed based on the consent you provided in this register, you have the right to withdraw your consent.

  8. Right to lodge a complaint with a supervisory authority. If any disagreement regarding the processing of your personal data cannot be resolved amicably between you and the Data Controller, you have the right to take the matter to the data protection authority for resolution at the Office of the Data Protection Ombudsman.


10. Applicable Legislation

The processing of personal data in the data controller's personal registers and the personal data contained therein is governed by Finnish legislation and directly applicable EU legislation in Finland, such as the EU General Data Protection Regulation (GDPR). 

11. Updating the Privacy Policy

The Data Controller continuously develops its business operations, which may also involve changes related to the processing of personal data. We will update the privacy policy as needed to reflect any changes in our practices. Changes may also be based on amendments to legislation. We recommend that you review the contents of the Privacy Policy regularly.

If the Data Controller starts processing your personal data for purposes other than those for which your personal data was originally collected, we will notify you of this and provide you with an updated privacy policy before such further processing. For other changes, we will inform you about the update of the privacy policy on our website.