This privacy notice presents the information about this data register to the data subjects and addresses the requirements from the GDPR. Please notice that the content of this notice may change due to changes in legislation, legal practices or the principles of our company. In this notice, you will find up to date information about our personal data processing practices in connection with this personal data registry.
Name of the registry
Lähitaksi – Customers
Lähitaksi Oy, Nuijamiestentie 7, 00400 Helsinki
Data Protection Officer
Janne Rantala, firstname.lastname@example.org
Purpose of processing
The data subject’s personal data is used for the following purposes:
The legal basis of the processing of the data in this registry is based on the following:
The personal data is processed to implement preceding measures of a contract or the measures within the contract between the controller and the customer or the customers employer.
Personal data is processed based on the legitimate interest of the controller when the customer orders a ride but is not contractually bound with the controller. In such a situation, the customer's telephone number, the customer's name, the customer's requirements for transportation, and the address where the transportation is ordered to are stored in the controller's system. This information is only used to speed up order-related actions when a person orders a transportation service the next time from the same phone number.
Compliance of legal obligation
The controller stores customer information even after the termination of the customer relationship or after the business transaction, to fulfill its legal obligation, including the archiving obligations set in the Accounting Act.
The customer's information is used based on a consent when a customer profile is added to our customer register.
Customer information will also be processed based on a consent when the data is used for electronic direct marketing.
The data is collected from:
- The customer
- When a customer uses the services provided by the controller, such as telephone service for taxi ordering
- With regards to the business contact persons the information is obtained from the client company
1. Individuals with a customer relationship to the controller
2. Individuals who have used the services of the controller, for example, by ordering a taxi driver telephone service
3. Individuals whose employer has a customer relationship with the controller
4. Individuals who have had a relationship with the controller and whose information is stored to comply with statutory obligations
All the data in the registry form a logical data entirety. Information related to the processing of orders or offering of transports:
- Phone number
- Other information related to the order or the transport
- Customer’s name
- Customer number
- Card number
- Cardholder’s name
- Address and billing information
- Customer’s basic information, such as name and customer register number
- Customer’s contact information, such as phone number and address
- Additional information related to the transportation
- Transportation related Information
- The phone record of the order when the order is made by telephone
- Possible information related to billing
- Information related to lost and found items, such as the date of disappearance, the number of the car that transported the customer and a description of the lost item
- Location information, when the customer is using the mobile app
The controller shall disclose personal data to the authorities on the basis of legal obligations.
The controller uses external operators to support the processing of personal data, inter alia in the following cases:
- Maintenance and development of IT systems
- Transfer of payments
- Quality assurance
These service providers process personal data by order of and on the behalf of the controller. The processing of data shall be subject to the applicable legislation and will always be carried out in accordance with this notice. This is guaranteed, inter alia, through agreements between the organizations.
In principle, the controller does not transfer or disclose personal data contained in this register outside the EU or EEA territory. If information is transferred for any particular reason outside the EU or the EEA, the controller shall be assured with adequate legal safeguards.
Controller will comply with the statutory obligations regarding data retention. Customer's personal information will be stored for the duration of the customer relations and also after the termination on the basis of legal obligations. The retention periods are based on existing legislation, such as Accounting Act.
Below we have described your rights and the principles related to those rights:
Right to access data
The customer has a right to receive a confirmation of whether the controller has processed their personal data and receive a copy of the personal data. The copy shall be delivered electronically or by mailing the document.
Right to rectification
The customer has a right to request the controller to rectify inaccurate or erroneous data regarding them. The inaccuracy of the data will be resolved case-by-case based on whether the information is inaccurate for the purpose of the processing (unnecessary, incomplete, obsolete).
Right to erasure (‘right to be forgotten’)
All requests related to the erasure of personal data shall be processed on a case-by-case basis and the information shall be erased if there is no legal basis for storing the information. The basis for storing information can be related to applicable legislation, unpaid bill or debt collection.
Restriction of processing
The customer has a right in certain special situations stipulated by the regulation to request the restriction of the processing of their personal data.
Right to object
The customer has a right to object to the processing of their data, when the processing is based on controller’s legitimate interest or if the personal data is processed for direct marketing.
Right to data portability
The customer has a right to request to receive their data in a commonly used format to be able to transfer it forward to another service provider. This right concerns data that is in electronic format and whose processing is based on consent or the performance of a contract.
Right to withdraw consent
When the processing of data is based on consent, the customer has a right to withdraw the consent they have given at any time. When the consent in withdrawn, the consent-based processing of that personal data will be discontinued.
Right to lodge a complaint with a supervisory authority
If the data controller has not processed data in accordance with the applicable legislation, the customer may lodge a complaint with the data protection authority. We do hope that customers are always primarily in contact with us, so that possible issues can be dealt with.
The controller shall reply to all requests from data subjects within one month of receiving the request at the latest. This period may be extended by a maximum of two months if needed, taking into account the complexity and number of requests. If the deadline is extended, we will notify all the requestors of the delay and the reasons for the delay within one month of receiving the request.
Please note that in order to use each of these rights, the controller must identify you. The identification is always carried out using identification methods approved by the controller.
To use any of these rights, please contact the controller’s data protection officer in writing. For more detailed information on the practices of your rights, please check the Privacy page on the controller’s website.
The following methods are used to protect your data:
- Data is in premises that are protected with access control
- Use of the data is limited with authorization
- use of the data is instructed by the organization
- Employees are trained in data processing and data protection practices
- Data appropriately backed up and protected