|1. Name of the register||Clean Vehicles Wizard|
|2. Owner of the register||Vediafi Oy|
|3. Person in charge of the register||Miika Nordström, Vediafi|
|4. Contact person of the register||Sarianne Vihakara, Vediafi|
|5. Data Protection Officer||Atro Lehtinen, Vediafi|
|6. Reasons for processing personal data||Vehicle register plate number information is required to get technical data of vehicles. This information is base of the calculation of CO2 emissions and sustainability reporting. User’s personal data is also required to maintain and manage user profiles and rights to use the application.|
|7. Data content of the register||CVW service collects vehicle data and user data. Data content is described in Data Prosessing Agreement.|
|8. Source of personal data||Vehicle technical data is collected from international and domestic data providers. Data does not include vehicle owner information.|
|9. Who can get access to personal data?||In criminal cases, personal data will be given to authorities when they have the clearance.|
|10. Is data transfered ouside EU?||Personal data is not stored or transfered outside EU.|
|11. How long data is stored?||User related data is stored until the user wants it to be deleted or when the service contract is ended.|
|12. Administration and principles of data security||The personal data is processed only by the persons whose duties it involves.|
Personal data is located in cloud services and servers are located in EU.
|13. Right to request own personal data||The data subject has the right to know what information about him or her has been stored in the register or whether there is no information about him or her in the register.|
Information provided on the basis of a request for access to personal data and pursuant to Articles 13 and 14 of the General EU Data Protection Regulation, as well as all information and measures based on Articles 15 to 22 and 34, shall be free of charge. If the data subject’s requests are manifestly unfounded or unreasonable, in particular if they are repeated, the controller may either:
a) charge a reasonable fee, taking into account the administrative costs of providing the information or messages or carrying out the requested action; or
b) refuse to perform the requested action. In such cases, the controller shall demonstrate that the request is manifestly unfounded or unreasonable.
|14. Right to request correction to own personal data||The request for information is addressed to the contact person of the register (see above).|
The data subject has the right to demand that the controller corrects inaccurate and incorrect data concerning the data subject without undue delay.
The rectification request is addressed to the contact person of the register (see above).
|15. Right to make complaint||The data subject have right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes Regulation (GDRP article 77).|
|16. Other possible rights||Requests are addressed to the contact person of the register (see above).|
Right to erasure (Article 17 of the General Data Protection Regulation)
The data subject has the right to have the controller delete personal data concerning the data subject without undue delay, provided that one of the conditions of Article 17 (1) of the Data Protection Regulation is met.
Right to restriction of processing (Article 18 of the General Data Protection Regulation)
The data subject has the right to obtain from the controller restriction of processing if one of the conditions of Article 18 paragraph 1 (a-d) applies.
Right to object (Article 21 of the General Data Protection Regulation)
The data subject has the right at any time, on grounds relating to his or her personal situation, to object to the processing of personal data concerning him or her based on the performance of a task carried out in the public interest or the exercise of official authority. The controller may no longer process personal data unless the controller can demonstrate that there is a compelling reason to do so.