Privacy Statement

 

This is the register and privacy statement of GoByBike Finland Oy in accordance with the Finnish Personal Data Act (Sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Created on 01.10.2020. Last modified on 25.6.2024

 

1. Data Controller and Register Administrator

Name: GoByBike Finland Oy

Business ID: 3165688-9

Phone number: +358 45 319 3295

Email address: info@gobybike.fi

 

2. Purpose of the Register

The collected personal data is used for customer identification and access management, delivery of orders for registered users, and maintaining customer relationships. The data may also be used for development, analysis, statistics, as well as sales and marketing.

 

3. Basis for Data Collection and Processing

Customer data is collected and processed based on the customer’s voluntary registration or to fulfill a contract with the customer. We do not seek separate consent for sending marketing messages, but we provide an option to unsubscribe from such messages in all marketing communications.

 

4. Content of the Register

The data stored in the register includes:

  • Name of the person
  • Position
  • Company/organization
  • Business ID
  • Username
  • Password
  • Contact information (phone number, email address, address)
  • Website addresses
  • IP address of the network connection
  • Information about ordered services and their changes
  • Billing information
  • Other information related to the customer relationship and ordered services

 

5. Retention Period of Data

Personal data is retained as long as necessary to fulfill contractual obligations, improve customer service, meet accounting requirements, or comply with other statutory obligations.

 

6. Regular Data Sources

Data stored in the register is obtained from the customer through contracts, web forms, emails, phone calls, customer meetings, and other situations where the customer provides their information. Information is also collected from registers maintained by authorities within the limits of the law (e.g., ytj.fi).

 

7. Regular Data Disclosures and Data Transfers Outside the EU or the European Economic Area

Data Disclosures:

Necessary data for the provision and implementation of services is disclosed to the seller of the rental property, financier, possible assignee, guarantor, and insurance company. Disclosed data may include customer information, rental property user, credit decisions, service and rental agreements, and rental property.

 

Data Transfers Outside the EU or the European Economic Area:

Some external service providers’ data storage locations are outside the EU, in the United States. These service providers are committed to complying with EU data protection requirements and providing appropriate safeguards. Data is transferred only to organizations in the United States that adhere to the EU-U.S. Privacy Shield framework, such as:

  • HubSpot Inc
  • Help Scout PBC
  • SaaS Labs US

 

8. Use of Cookies

We do not use cookies to collect personal information on our website.

 

We use Simpleanalytics analytics software, which collects anonymous data about website usage without cookies. Simpleanalytics collects data such as visitor numbers, visit durations, and popular pages, completely anonymously. This anonymous data allows us to continuously improve our website content and offer personalized services to our customers.

 

9. Protection of the Register

Care is taken in processing the register, and data processed via information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the hardware is ensured appropriately. The data controller ensures that stored data, server access rights, and other critical information related to personal data security are handled confidentially and only by employees whose job descriptions include this. Electronic data is protected by firewalls, usernames, and passwords. Only those employees of the data controller who need the data to perform their duties have access rights to the data.

 

10. Automated Decision-Making

Automated individual decisions (Article 22 of the EU Data Protection Regulation) are not made.

 

11. Rights of the Data Subject

Every individual in the register has the right to inspect their stored data and request correction or completion of any incorrect or incomplete information. If a person wishes to inspect their stored data or request a correction, the request must be sent in writing to the data controller. The data controller may ask the requester to verify their identity if necessary. The data controller responds to the customer within the timeframe set by the EU Data Protection Regulation (generally within one month). The right of inspection is free once a year.

 

The data subject has the right to request the correction or deletion of incorrect or outdated information or the transfer of data from one system to another. They also have the right to restrict or object to the processing of their data in accordance with Articles 18 and 21 of the EU Data Protection Regulation.

 

The data subject has the right to cancel the receipt of marketing messages via the unsubscribe link in all marketing messages. Additionally, the data subject has the right to prohibit the use of their data for direct marketing purposes by notifying GoByBike Finland Oy.