(Updated: 15.11.2018)
We process your personal data, so that we are able to offer our services, maintain and develop our business and improve the quality of our services. Personal data is also processed, so that we can be in contact with you about the application (“Application”) and notify you of any changes that apply to it. We also process your personal data to comply with our legally mandated obligations. In addition, we process and release personal data to our partners for direct marketing purposes if you have provident consent to it.
We follow the effective data privacy laws in our operations. We also exercise special care to ensure data privacy of our Users when using the Application. By using the Application, you consent to the Application’s privacy principles and the terms of the Privacy Policy. You can withdraw consent at any time for processing your data and upon withdrawal, you are to terminate use of the Application from the account management of the Application or by contacting our Customer Service.
When you create a login for the Application, you are to provide your name, email address and phone number. Providing this information is a requirement for using the Application. People less than 15 years of age may only use the Application, if their legal guardian has provided consent to process the data.
Location data is utilised upon submitting orders in order to offer the default location and to offer the order history. The location data of orders can be used to develop the Service and it may be released to third parties to offer value add services. The location data can also be disabled, but this reduces the usability of the service.
You can review and manage your information in the user management function in the Application.
If you delete the Application, your user information will be deleted from the phone. You can delete your user account from the user management function in the Application.
The personal data of users will not be released outside of the EU or EEA.
If you have any privacy related questions, please contact: Data Protection Officer, tietosuoja@taksitampere.fi.
We use all reasonable and appropriate technical and organisatory procedures to protect the Service and prevent unauthorised access to your personal data and to prevent the loss, misuse, discovery and unauthorised revisions of your personal data.
In the event that a data breach that will likely result in being harmful to your privacy occurs despite our preventive measures, we will notify you of the breach.
(Updated: 15.11.2018)
The controller of the data register is Tampereen Aluetaksi Oy (Business ID 0829622-1) (“Tampereen Aluetaksi”).
Sammon Valtatie 7
33530 Tampere, Finland
+358 (0)10 4765 600
info@taksitampere.fi
Data protection officer
tietosuoja@taksitampere.fi
Requests about data subject rights are sent to the controller’s contact person.
Data protection officer
tietosuoja@taksitampere.fi
Tampereen Aluetaksi’s Taksi Tampere application (“application” and the register of customers and stakeholders for the application.
Tampereen Aluetaksi processes the collected data for the following purposes, among others:
Offering services and features
The data is processed in order of offer, revise and maintain products and services. This includes the use of the data for the following purposes:
Customer support
Tampereen Aluetaksi uses customer-specific history data in order to resolve potential problems and claims, if requested by the customer.
Research and development
Tampereen Aluetaksi uses the data for testing, research, analysis and product development. The data makes it possible to develop new features and products.
Communication between parties that use the service
Tampereen Aluetaksi uses the data to enable communication between the parties that use the service.
Communication from Tampereen Aluetaksi
Tampereen Aluetaksi may use the data to communicate on services, campaigns, studies, surveys, news, updates and events.
Court trials and demands
Tampereen Aluetaksi may use the data to examine demands and disputes associated with customers using the service, in order to answer these demands and disputes or also for other similar purposes if this is allowed in compliance with applicable laws.
Subcontractors
The controller processes the data itself and utilises subcontractors that process personal data on behalf of and for the controller.
Automated decision-making
Tampereen Aluetaksi may utilise automated decision-making for targeted offers and marketing, for limiting use of the application, optimising use and other similar purposes.
Tampereen Aluetaksi processes personal data in accordance with the following justifications of the EU General Data Protection Regulation (“GDPR”).
a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes (GDPR Article 6, 1.a);
b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (GDPR Article 6, 1.b);
c) processing is necessary for compliance with a legal obligation to which the controller is subject (GDPR Article 6, 1.c);
d) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Article 6, 1.f).
The aforementioned controller’s legitimate interest may exist when, for example, there is a meaningful and appropriate relationship between the data subject and the controller, because the data subject is a customer of the controller and when the processing occurs for purposes that the data subject should reasonably expect at the time of data collection and during the appropriate relationship.
The customer data register contains the following personal data groups:
The customer data register contains the following personal data groups:
Customer basic information:
Data associated with customer’s payment transactions:
Data associated with customer’s payment transactions:
Driver basic information:
Basic information of transport operator:
Private customers and business customers enter their own information. This information is not supplemented using other information sources.
The information for drivers and transport operators is obtained from Tampereen Aluetaksi’s broker system.
Personal data collected into the data register is only stored as long and to the extent that as necessary for the purpose of processing the data for each personal data group. In addition, personal data is stored as required by any potential legally mandated storage period.
The controller evaluates the need for storing the data regularly in accordance with internal procedural rules.
Basic customer relationship data is stored as long as the customer relationship is active and as long after it as is necessary to fulfil the obligations and rights of the parties.
Driver and transport operator data is stored as long as they have an effective service or other relationship with Tampereen Aluetaksi and as long after it as is necessary to fulfil the obligations and rights of the parties.
Accounting data is stored for six (6) or ten (10) years in addition to the current year, in accordance with the Accounting Act.
Payment and receipt information is stored five years after the end of the calendar year of the payment transaction in order to resolve potential claims.
Date related to orders is stored a maximum of two years in order to resolve potential claims and to develop and analyse operations.
Personal data is not released regularly to external parties from the data register. The location data may be released to a third party to offer value add services. Personal data is only released to authorities from the data register if necessary and they have a lawful reason to demand the data.
The personal data of users are not released outside of the EU or EEA.
Databases and systems and the data register can only be accessed by employees of the controller or subcontractors working for the controller that have the right to process data in the data register in order to complete their work. Each user that uses the data register has a personal username and password systems.
Content with personal data is stored in an encrypted database. The database with personal data is on a server that is stored in a locked room, which can only be accessed by specific individuals who are authorised due to their work responsibilities. The servers are protected with appropriate firewalls and technical protection. The servers are located in Ireland and the servers are maintained Amazon Web Services Inc.
The data subject has the following rights in accordance with GDPR:
1) The right to obtain confirmation from the controller if any of the personal data of the data subject is processed or not and if the personal data is processed, the right to access the data and the following information:
In addition, the data subject has the following rights:
1) The right to withdraw consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (GDPR Article 7).
2) The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement (GDPR Article 16).
3) The right to have the controller delete the personal data of the data subject without unnecessary delay, provided that:
4) Right to restriction of processing, if
5) The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent and the processing is carried out by automated means (GDPR Article 20).
6) The right to file a complaint with a supervisory authority if the data subject believes that EU GDPR regulations are not followed with the processing of his or her personal data (GDPR Article 77).
Requests pertaining to fulfilling data subject rights are directed to the contact person of the controller.
The data subject may prohibit the use of his or her personal data for direct marketing, distance selling, surveys or market research.
Sammon valtatie 7
33530 Tampere
Infon numero:
010 476 5600 (pvm/mpm)
(Avoinna ark. klo 8-15.30.
La-su ja arkipyhät suljettuina.)