Privacy statement
Last changed on 08.08.2023.
This document is in accordance with the Finnish personal data act (henkilötietolaki) (10 and 24 §) and the General Data Protection Regulation (GDPR) of the European Union.
1. Registrar
Driveco Oy
Metsänneidonkuja 6, 02130 Espoo
Contact person: Jon Uotila, email: gdpr@driveco.fi
2. Name of the register
Customer personal data register (Asiakkaiden henkilötietojen rekisteri)
3. Legal basis and purpose of processing of personal data
In accordance with the General Data Protection Regulation (GDPR) legal basis for the processing of personal data is gained through contractual agreement, which the person gives either to their employer or to a contractual partner of Driveco.
4. Register data content
Information stored in the register includes: the person’s name, e-mail address, telephone number, street address, company/organization, website addresses, IP addresses of network connections, and, depending on the services ordered, information defined as private gathered via vehicle telematics.
5. Sources of information
Information stored in the register is obtained from the customer or, if contractually applicable, from a third party and via vehicle telematics.
6. Transfer of data outside the EU or EEA
Information stored in the register is not disclosed to other parties without the express consent of the customer. Information can be published to the extent agreed upon with the customer.
Data is stored within the European Union (EU) or European Economic Area (EEA).
7. Protection of the registry
Care is taken in processing information in the registry and data processed with the help of information systems is protected appropriately. When registry data is stored on servers, the physical security of their hardware, as well as their digital information security is taken care of accordingly. The registrar ensures that data stored in the register, as well as server access rights and other information critical to the security of personal data, are handled confidentially and only by those employees whose job description includes handling of personal data.
8. Right of access and right to be forgotten
Every person in the register has the right to access their data stored in the register, which in respect to telematics can be seen in the user interface received by the person based on their customership and otherwise in the backend systems of Driveco.
Any person in the register has rights in accordance with the General Data Protection Regulation (GDPR). If a person wants to access, remove, or update information stored about them, the person must send a written request to the registrar. If necessary, the registrar may ask the sender of the request to prove their identity. The registrar will respond to requests within the time stipulated in the General Data Protection Regulation (GDPR)