PERSONAL DATA FILE DESCRIPTION
Personal Data Act (523/99), Section 10
1 June 2017
Oy Matkahuolto Ab (hereinafter “Matkahuolto”)
Business identity code 0111393-9
P.O. Box 100
00101 Helsinki, Finland
Tel. 020 710 5000
Oy Matkahuolto Ab
P.O. Box 100
00101 Helsinki, Finland
Matkahuolto’s customer register
The processing of personal data is based on the customer relationship between the Matkahuolto customer and Matkahuolto (relevant connection), the customer’s consent, the law and/or the provision of services to customers (necessity requirement).
Customer details:
name,
phone number, and
email address.
Service details:
details, such as discount groups and favourite routes, provided by the customer in order to personalize the service,
details related to purchases and the use of services in various channels, such as online and mobile services,
direct marketing consents and prohibitions.
The data are provided by Matkahuolto customers. In addition, data are generated through the purchase and use of services, such as ticket purchases.
Customers may give their consent to receive marketing messages or prohibit them completely for each channel (text messages, email) separately.
If a customer prohibits marketing messages for all channels, he or she will only receive communications necessary for managing purchased services and the customer relationship.
The first and last name of the buyer as well as travel data are forwarded to the bus operator responsible for the connection. No data shall be forwarded to any other parties or for any other purposes.
The data are transmitted from the buyer’s terminal device to the server using an SSL-encrypted web connection. The personal file data generated through purchases are stored in a machine-readable format for the period of time specified in the Accounting Act.
The machine-readable service is located in a protected and locked computer room accessible only by technical personnel with access badges. The servers are firewall-protected.
Access to the servers and applications is limited to the controller’s local area network (LAN) and authorised personnel within the LAN holding the necessary user IDs and passwords.