Terms and conditions

Our privacy policy

This document presents our company’s general principles for processing personal data. We process personal data according to this policy and effective legislation. This policy shall be revised as legislation is amended.

Controller/processor

Javatrans Oy
Rahtarinkatu 5
FI-00980 Helsinki
Finland

Business ID: 1789745-9

Contact person:
Jari Vanninen
jari.vanninen@javatrans.fi
tel. +358 (0)10 666 7790

 

Lawful basis and purpose of processing personal data

We process personal data only for those purposes, for which they were originally collected and for which they were disclosed to us. We ensure that there is always at least one lawful and valid basis for the processing.

We process personal data for the following purposes, among others:

 

Provision of transport services

The processing of personal data is based on an agreement with the purchaser and our company. During the customer relationship, data will be processed for the purposes of execution of transport, invoicing, and customer service:

Where the transport has been purchased by a private individual or a company, we act as the controller with regard to the personal data disclosed to us. The processed personal data is received from the purchaser themselves. Where the purchaser discloses personal data pertaining to other people (for example, as a contact person) to us for processing, the purchaser is personally responsible for ensuring that they are entitled to disclose said data.

We also provide transport services to municipalities, cities, communities and companies under a transport service contract. This includes such services as school and workplace transport. In these cases, we receive personal data pertaining to the transported people from the purchaser who acts as the controller and is responsible for their right to disclose such data. We act as the processor with regard to the data. The processing is performed on behalf of the controller according to the instructions provided to us.

Fulfilling legal obligations

Fulfilling our legal obligations may require the processing of personal data, after other basis for the processing have ceased to exist. We take the principle of data minimization into account and only process necessary personal data. Laws based on which personal data is processed include the Finnish Accounting Act and Employment Contracts Act, among others.

Recruitment

We process personal data in the context of recruitment. The data is primarily received from the applicants themselves. The data processing is based on the applicant’s consent. The application data of hired people is retained for the entire duration of their employment. As for the rest, the data is disposed of, unless otherwise agreed with the applicant.

Personnel management

Personnel-related data is processed for the purposes of fulfilling mutual obligations and rights related to employment, such as:

  • Working time monitoring
  • Payment of salary
  • Taxation
  • Providing references
  • Other rights and obligations arising from employment

Contact requests

It is possible to provide feedback through our website. In this case, we process personal data with the consent of the person providing us feedback in order to respond to a contact request or feedback.

Processed personal data

For the people we transport, we process the following data, among others:

  • Name of the transported person
  • Telephone number
  • Home address
  • Address where the person is collected from
  • Destinations
  • Information regarding assistive devices
  • Information regarding special requests
  • Information of the contact person
  • Email address
  • Invoicing information
    • Name of the payer
    • Business ID
    • Address
    • Email address
    • Telephone number
    • Name of the contact person

The content of the processed data depends on the data that has been provided to us during the booking process. The data is always collected from the data subjects themselves or received from the controller in relation to a contract.

For our personnel, we process the following data, among others:

  • Name
  • Address
  • Telephone number
  • Email address
  • Bank account
  • Personal Identity Code
  • Category of driving license (drivers)
  • Information required for tax withholding
  • Working time monitoring and usage
  • Information pertaining to absence due to illness
  • Employment contract
  • User IDs for systems

For job applicants, the processed data includes:

  • Name and contact information
  • Education, employment history
  • Application and CV
  • References (with consent)
  • Extract from the judicial record (reviewed, provided by the applicant)

We also process data pertaining to our partners and subcontractors:

  • Name and address of the company
  • Business ID
  • Information of the contact person
  • Names and contact information of employees

 

Processing, transfers, and disclosure of data

Our personnel process personal data in relation to their assignments. They have been trained to process various groups of personal data properly and securely. Our personnel have current non-disclosure agreements and are committed to processing data in a confidential manner.

We also provide transport services together with subcontractors and partners. As such, we may hand over personal data to be processed by them insofar as it is necessary for successfully providing a safe service. We ensure that everyone working with us is committed to compliance with our data security principles and that they have current non-disclosure agreements.

Personal data is not regularly handed over or transferred outside of EU or the EEA.

The data is not used for profiling or automated decision-making.

We may disclose data to a competent authority on request where required to do so by law.

 

Retention and protection of data

We only retain data for as long as it is necessary to do so due to an intended purpose or agreement. We shall always ensure that lawful basis exists for processing data. The storage periods of personal data vary depending on the basis for processing.

Personal data is primarily processed and stored in an electronic format. User access is granted and managed by specifically designated persons. We use systems whose suppliers we consider to fulfill the requirements of the EU General Data Protection Regulation and to comply with accepted principles of processing personal data.

We have mapped the personal data repositories held by us and the risks related to processing. We know where the data is stored and as data is disposed of, we also remove it from any paper archives that may exist. We also pay attention to data security in relation to the disposal of personal data. Our premises and equipment are appropriately protected.

 

Rights of the data subject

The rights of the data subject pertaining to the processing of their personal data under the EU General Data Protection Regulation are guaranteed. We ask that any requests to exercise these rights are provided to us in writing.

Insofar as we act as the processor of personal data, the data subject must address their request to exercise their rights directly to the controller. Our customer service will answer your inquiries regarding the registers’ contact persons.

 

Right of access by the data subject

The data subject has the right to review the personal data pertaining to them stored in the personal data register.

Right to withdraw your consent

When data is processed with the consent of the data subject, the data subject has the right to withdraw their consent and to request that their data is disposed of. The controller must dispose of the data within one month, subject to applicable laws.

Right to rectification

The data subject has the right to demand the controller to rectify any inaccurate or incorrect personal data pertaining to them without undue delay.

Right to erasure (right to be forgotten)

A person has the right to request that personal data pertaining to them is disposed of where

a. the personal data is no longer needed for the original purpose of the processing
b. the data subject withdraws their consent of the processing of data, and another basis for the processing does not exist

Whether it is possible to dispose of the personal data, as well as the actions required due to the disposal are determined on a case-by-case basis. The assessment is carried out by the person in charge of matters related to data security, who shall ensure that disposal is carried out in a lawful manner.

 

Right to restriction of processing

The data subject has the right to demand that the processing of their personal data is restricted if the personal data is inaccurate, the processing is unlawful, or any other basis required by law is met.

Right to data portability

The data subject has the right to receive the personal data pertaining to them, which they have provided to the controller, in a structured, machine-readable format and the right to transfer said data to another controller.

Right to lodge a complaint with the supervisory authority

If a person believes that the processing of personal data breaches existing legislation, they have the right to lodge a complaint with a competent supervisory authority, who in Finland is the Data Protection Ombudsman.