Matkahuolto's Customer Register

PERSONAL DATA FILE DESCRIPTION
Personal Data Act  (523/99), Section 10
1 June 2017

File controller

Oy Matkahuolto Ab (hereinafter “Matkahuolto”)
Business identity code 0111393-9
P.O. Box 100
00101 Helsinki, Finland
Tel. 020 710 5000

Contact person responsible for the data file


Oy Matkahuolto Ab
P.O. Box 100
00101 Helsinki, Finland

Name of the data file

Matkahuolto’s customer register

Purpose of the personal data file

The processing of personal data is based on the customer relationship between the Matkahuolto customer and Matkahuolto (relevant connection), the customer’s consent, the law and/or the provision of services to customers (necessity requirement).

Content of the data file

Customer details:

Service details:

Regular sources of data

The data are provided by Matkahuolto customers. In addition, data are generated through the purchase and use of services, such as ticket purchases.

Marketing consents and prohibitions

Customers may give their consent to receive marketing messages or prohibit them completely for each channel (text messages, email) separately.

If a customer prohibits marketing messages for all channels, he or she will only receive communications necessary for managing purchased services and the customer relationship.

Regular disclosures and transfer of personal data to outside the European Union or EEA

The first and last name of the buyer as well as travel data are forwarded to the bus operator responsible for the connection. No data shall be forwarded to any other parties or for any other purposes.

File protection policy

The data are transmitted from the buyer’s terminal device to the server using an SSL-encrypted web connection. The personal file data generated through purchases are stored in a machine-readable format for the period of time specified in the Accounting Act.

The machine-readable service is located in a protected and locked computer room accessible only by technical personnel with access badges. The servers are firewall-protected.

Access to the servers and applications is limited to the controller’s local area network (LAN) and authorised personnel within the LAN holding the necessary user IDs and passwords.