Privacy data handling policy
We want to take good care of the personal information you provide.
Just like we do of our customers.
We process personal information for sales and marketing purposes, for customer service and
relationship purposes, and to improve customer satisfaction and our services. When you submit a form
on our online service, the information you provide will be processed by us.
It is not allowed to use the forms to submit information about persons under the age of 16, unless
otherwise stated in connection with the form. Personal information is processed in secure data systems
protected by us and selected processors of personal data.
Right to appeal
If you consider the processing of your data to violate regulations on the processing of personal data, you have the right to lodge a complaint with the supervising authority.
Any questions left?
If you have any questions about the processing of personal data, please feel free to contact us
BestPark Oy may also have separate service-specific terms and conditions, in which case these general terms and conditions are applied secondarily.
Marketing Information Register and Privacy Statement
1. Data controller
Finnish Business ID: 3119984-1
Address: Avainkierto 15
FI-05840 Hyvinkää, FINLAND
2. Registry contact person
3. Name of the register
BestPark Oy customer and marketing register
4. Uses and criteria for the processing of personal data
Personal data will be processed in accordance with the principles of the EU general data protection regulation and applicable national law.
The criteria for processing personal data in the register are agreement, consent and legitimate interest.
The data are processed on the basis of the customer relationship for invoicing and collection of fees, for the management and development of the customer relationship, for answering contacts, and for statistical purposes.
For electronic direct marketing, the data are used with the express consent of the registered party. The Data Subject has the right to withdraw his or her consent to the use of his or her data for electronic direct marketing by notifying the Data Controller with the contact information mentioned in section two of this statement, or by following the instructions contained in the direct marketing mail.
When calling BestPark Oy, the calls may be recorded to improve the quality of the service and to clarify any ambiguities
5. Information content of the register
The following personal data may be processed in the register:
- Phone number
- Email address
- Date of birth
- Vehicle registration number
- Permission for direct marketing
- Information provided by the customer related to customer relationship management and/or marketing
- IP address
In addition, the following data may be processed in the register for customers who have placed an order
- Customer number
- Order history and order information
The data of financial customers are not stored in BestPark Oy’s own registers, with BestPark Oy only processing the data of financial customers on behalf of the finance company at the customer’s request.
With regard to financial customers, BestPark Oy also does not answer questions about the processing of personal data when applying for financing, but requests for information regarding this data must be addressed directly to the financial service provider from whom finances have been requested from. If such requests for information are addressed to BestPark Oy, they will be forwarded, in accordance with regulations, to that financial service provider whom the request for information pertains to.
The data will only be processed to the extent necessary in accordance with the principle of data minimisation, i.e. not all of the above data will be processed for all data subjects.
6. General principles for the processing of personal data
BestPark Oy processes personal data in its possession in accordance with the EU general data protection regulation and the principle of due diligence. In processing personal data, BestPark Oy adheres to the principle of minimising data processing, according to which data is processed only to the extent necessary for the purpose of processing and only for the purpose for which they were collected. In its operations, the Data Controller generally utilises the technical and organisational means used in the business to protect personal data.
Disposal of personal data is done in a secure manner.
7. Rights of the Data Subject
The Data Subject has the right to exercise his or her rights within the means defined by the EU general data protection regulation. However, under the data protection regulation, the Data Controller may have the right not to comply with the Data Subject’s request. We will always justify our position if we conclude that the Data Subject’s request cannot be complied with.
Below are the main rights of the Data Subject.
Right of inspection
The Data Subject has the right to access his or her data (right of inspection) and the right to inspect what information about him or her is stored in the customer and marketing register.
The request for inspection must be made by email to the contact person mentioned in point 2 of this privacy statement. The right of inspection may be denied on the grounds provided by law. The exercise of the right of inspection is, in principle, free of charge.
Data rectification, deletion, restriction of processing and withdrawal of consent
The Data Subject has the right to;
– demand the rectification and deletion of data
– demand the Data Controller to restrict the processing of his or her personal data, for example in the event that the Data Subject is awaiting the Data Controller’s response to a request for rectification or erasure of his or her data
– demand the termination of direct marketing at any time
– the right to withdraw consent to the processing of personal data at any time. Consent will be revoked by notifying the contact person referred to in this statement by email.
All requests and demands from the Data Subject should be addressed to the contact person mentioned in section 2 of this privacy statement. If the Data Subject’s request cannot be complied with, the Data Controller shall always justify it to the data subject.
8. Right of the Data Subject to lodge a complaint with the supervising authority
The Data Subject has the right to lodge a complaint with the acting supervising authority if he or she considers that the Data Controller has not complied with the applicable data protection regulation in its activities.
9. Appropriate sources of information
Personal data are collected according to regulations from the data subject himself or herself, for example in connection with a purchase transaction, on forms on the website, or in other ways. If, for example, the information on a lottery ticket is deposited in the marketing register, the data subject’s consent is always separately requested.
In addition, data can be collected from trusted partners for marketing purposes. The information can also be updated with the help of reliable partners who ensure the accuracy of the information to be updated under the agreement.
10. Disclosure of information
At its discretion, BestPark Oy may disclose its customer data to its trusted partners and authorities for processing within the limits permitted and required by applicable legislation. If such information is shared with a third party, BestPark Oy ensures that the processing of personal data happens in accordance with the obligations of the EU general data protection regulation. The data will be disclosed for processing only on behalf of the Data Controller, except when the transfer is based on a legal obligation, or at the request of the data subject.
The data may be transferred for processing outside the EEA, but in this case the Data Controller will ensure that the processing is based on the conditions set by the EU Commission.
11. Register security
The Data Controller’s information system and files are protected by technical and organisational security methods regularly used in business operations. Access to the Register requires a personal username and password, which are only issued to a member of the Data Controller’s staff or to a trusted third party who processes personal data on behalf of the Data Controller. Access rights shall be granted only to those persons whose status and tasks are connected with the said access right. Processing with third parties has been agreed in writing.
Personal data are processed for a different period of time depending on the purpose for which the personal data are used. However, always at least for the minimum retention period required by the legislation in force at the time.
Personal data based on the customer and contractual relationship is processed during the validity of the customer and contractual relationship and for the time necessary after the end of the customer and contractual relationship.
Personal data, the processing of which is based on the consent of the Data Subject, shall be kept until the Data Subject withdraws his or her consent, or the data are no longer needed for the purpose for which they were collected.
Personal data processed on the basis of a legitimate interest shall be kept for as long as the legitimate interest can be considered valid, unless the Data Subject refuses the processing of his or her personal data for that purpose.
If necessary, the Data Controller has the right to deviate from the above-mentioned time limits for its own legal protection. The Data Subject has the right to request a justification for deviating from the above time limits.
About cookies in general
Usage statistics are collected from the site for the purpose of tracking, developing and marketing planning.
In addition, the site uses target group and topic data collection (Google Analytics Demographics), which combines user tracking data with e.g. age, gender and topics of interest to the user. You can change the settings related to the collection of this information in your own Google Account.
You can turn off Google Analytics tracking with a browser add-on (https://tools.google.com/dlpage/gaoptout/).
Functional aspects of the online service that require user login or other authentication require a cookie to function. The cookie information stores the necessary information about the user and the cookie is deleted at the end of its term or when the user logs out.
In connection with the use of the web service, identification information about the user of the web service is stored in the log files of the server and the web service (e.g. IP address, opened page and downloaded files, as well as possible online error situations) and information about the site’s user interface (recordings, hot map data, form usage data). The purpose of collecting this information is to monitor and develop the service and to continuously improve fault tolerance and data security.