This Privacy Policy describes how Drive-Apps (“Controller”) processes its customers’ (“Subject”) personal data in accordance with the EU General Data Protection Regulation (2016/879, GDPR). The Controller processes personal data when producing the ADR- ADVISOR Web-application for shippers and transporters of dangerous goods for its customers.
This Privacy Policy has been updated 21.8.2024.
Drive-Apps, 2318753–3, Aallonmurtajankatu 5 B 15, 70500 Kuopio, Finland
Erkki Heiskanen
erkki.heiskanen@kuljetusturva.fi
Customer register of the ADR-ADVISOR Web-application
The purpose of the personal data processing is to provide ADR-ADVISOR Web-application to the customers, actions related to user support for the service, acquisition of new customers and maintenance of customer relationships. The legal basis for the processing of personal data in accordance with the GDPR is:
The Controller collects following personal data: name, contact information, www-website addresses, IP-address, information on the services ordered and their changes, billing information, consents and other information related to the customer relationship and services ordered. When the Subject adds information about the transport of a dangerous goods to the ADR-ADVISOR Web-application, the location information of loading and unloading of dangerous goods, as well as applicable information regarding holder of the license to use the ADR-ADVISOR Web-application, are collected.
The Controller collects most of the personal data directly from the Subject itself or through the contact with the Subject when the Subject uses the ADR-ADVISOR Web-application. The data the Controller obtains from public sources, such as websites, allows the Controller to add individuals to its registers for marketing purposes. In addition, personal data may be collected and updated from the registers of various service providers, such as service providers and networks that provide contact information.
The Controller uses Paytrail for invoicing, and for this purpose certain personal data is transferred to Paytrail. Personal data may also be transferred to authorities if required by applicable legislation. Personal data is not transferred outside the EU or EEA, but exceptionally through Paytrail, used for invoicing, personal data can be transferred outside the EU or EEA in accordance with Paytrail’s practices and only if the necessary safeguards are in place. The transfer of personal data complies with the requirements set out in the GDPR.
Personal data of the customers or potential customers will be retained only as long as necessary for the purposes described in this Privacy Policy. All personal data concerning the Subject will be deleted two years after the end of the customer relationship, unless otherwise required by the Controller's statutory obligations (such as accounting). The retention of customer data or potential customer data for sales and marketing purposes will be assessed on a regular basis. At the same time, the accuracy of the data will be reviewed. Unnecessary and outdated data shall be deleted during the verification or where otherwise deemed necessary.
The processing of personal data is carried out with care and the data processed with the help of information systems is appropriately protected. When personal data is stored on Internet servers, the physical and digital security of their hardware is taken care of appropriately. The Controller ensures that stored data, as well as server access rights and other data critical to the security of personal data, are treated confidentially and only by the employees whose job description it belongs to.
The Subject has a right to inspect his/her personal data and a right to request the Controller to correct inaccurate or incorrect personal data. If Subject wishes to inspect the data stored about him or her or to demand rectification, the request should be sent in writing to the Controller. If necessary, the Controller may ask the person making the request to verify his or her identity. The Controller will respond to the Subject within one month.
The Subject has the right to request erasure of his/her data without unnecessary delay, for example when the personal data is no longer required for the original purposes, the personal data has been processed unlawfully, or the Subject withdraws consent to the processing and when there is no other legal ground for the processing. The Subject has the right to request the Controller to limit the processing of personal data in certain situations, including when the Subject denies the data being accurate or the processing is illegal. Under certain circumstances the Subject also has the right to object to the processing.
The Subject may, under certain circumstances, have the right to request transferring the personal data they have provided to the Controller in a commonly used and machine- readable format from one system to another. Whenever the legal justification for processing the personal data is consent, the Subject also has the right to withdraw the consent at any time. The Controller wishes that any disputes concerning the processing of personal data are primarily resolved in a conciliatory manner between the parties. The Subject has also the right to lodge a complaint to the authorities responsible for personal data protection.