Privacy notice: HelgaPark.net service, parking fines and vehicle removals

Processing of personal data, HelgaPark.net service

Date of publication: 15.4.2025

City of Espoo

Lawyer, Public Works Department

Lawyer, Public Works Department

Address: P.O. Box 48, 02070 City of Espoo

Tel. +358 9 81621 (switchboard)

Email: lakiasiat.kake@espoo.fi

Data Protection Officer of the City of Espoo

Address: P.O. Box 12, 02070 City of Espoo

Tel. +358 9 81621 (switchboard)

Email: tietosuoja@espoo.fi

The purpose of processing personal data necessary for the performance of tasks under the Act on Parking Control is to enforce parking fine decisions, process related appeals, and carry out payment control and debt collection measures.

Article 6(1)(a) of the General Data Protection Regulation of the European Union: the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

Article 6(1)(c) of the General Data Protection Regulation of the European Union: Processing is necessary for compliance with a legal obligation to which the controller is subject.

Article 6(1)(e) of the General Data Protection Regulation of the European Union: Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

The register contains photographs as well as information obtained from the vehicle register based on the registration number or frame number of the vehicles. Information on the owner, holder and driver of vehicles, their names, addresses, any other contact information, and personal identity codes. For a person submitting a request for administrative review, their name, personal identity code, address, any other contact information, and bank account number.

The data is confidential. However, confidentiality does not apply to information on the parking fine imposed on a vehicle.

GROUNDS FOR CONFIDENTIALITY:

Act on the Openness of Government Activities, section 24, subsection 1, paragraph 23.

Finnish Transport and Communications Agency (Traficom), Digital and Population Data Services Agency, the client when submitting a request for administrative review, and enforcement authorities.

Data is disclosed to enforcement authorities for debt collection purposes, to the Administrative Court for handling appeals against parking fines, and to Statistics Finland for statistical purposes. In addition, data is disclosed with the client’s consent in different insolvency situations.

Data will not be transferred.

Data is stored for a period of five years from the end of the year in which it was collected. Even if a matter is settled before the end of the above-mentioned period, the data will not be deleted from the system.

ELECTRONIC HELGAPARK.NET SERVICE: The service provider, Fujitsu Finland Oy, is responsible for the protection of data, and it is stored in a cloud service managed by the service provider.

Access to the system is based on personal access rights, granted to the extent necessary for the performance of one’s tasks, and the use of these access rights is monitored. Usernames and passwords are personal. The City of Espoo is responsible for the management of access rights. The system is regularly backed up.

MANUAL MATERIALS: Manual materials are stored in the unit’s locked premises, equipped with access control and other electronic surveillance systems.

Further instructions on submitting information requests referred to in the General Data Protection Regulation: Data protection / Clients’ right of access to personal data

You have the right to obtain from the data controller a copy of the personal data that is subject to processing. The data controller must provide the data without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. If the data controller does not take action on the request of the data subject, the data controller must inform the data subject without delay, and at the latest within one month of receipt of the request, of the reasons for not taking action and of the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

Requests from the data subject and any resulting actions are free of charge. However, where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the data controller may either charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested, or refuse to act on the request.

You have the right to have inaccurate, incomplete, outdated or unnecessary personal data that we store either rectified or completed by us.

You have the right to have the data controller erase your personal data without undue delay under certain conditions. The data subject does not have the right to erasure if the processing of data is necessary for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller. In these cases, the data will only be erased after the statutory time limit.

If the data concerning you is inaccurate, you have the right to request that its processing be restricted until its accuracy has been verified.

You have the right to lodge a complaint with a supervisory authority if you feel that the processing of your personal data is in infringement of data protection legislation. You can lodge a complaint with the Office of the Data Protection Ombudsman(external link, opens in a new window).