Skip to content

Privacy policy

CAP-Group Oy’s privacy and data protection policy pursuant to sections 10 and 24 of Finland’s Personal Data Act and the EU’s General Data Protection Regulation (GDPR). Prepared on 1 June 2014. Last updated on 25 May 2018.

1. Data controller

CAP-Group Oy
Äyritie 12C, 01510 Vantaa, Finland
Business ID: 0841716-9
tel. +358 50 913 0300

2. Contact person

Krista Hakkarainen
krista.hakkarainen@cap.fi
tel. +358 45 129 0402

3. Name of the register

CAP-Group Oy’s customer register

4. Content of the register

With regard to customers, we mainly process the following personal data types:

  • Personal data, including name and personal identity number
  • Contact information, including telephone number and email address
  • With regard to corporate customers, corporate information, such as business ID and contact details
  • Training and examination information, including learning profiles based on the use of services and answers to questionnaires
  • Invoicing information
  • Direct marketing permissions and prohibitions
  • Contact messages and feedback
  • Other information collected with consent from the data subject

With regard to potential customers, we mainly process the following personal data types:

  • Contact information, including name, telephone number and email address
  • With regard to corporate customers, corporate information, such as business ID and contact details

In addition, we automatically collect information on the use of the services with server logs and cookies.

We process personal data to fulfil the contract between CAP-Group Oy and the data subject, market our products and services to our existing and potential customers, develop our business operations and to meet our legal obligations as described in more detail below:

  • Realisation of services: We use personal data for the purposes of service production, invoicing and debt collection, and communications with data subjects. Our service production also involves sending questionnaires to data subjects and analysing the use of services (such as the driving simulator used in tuition and other software) in order to customise instruction. Personal data is processed for the purpose of fulfilling the contract on services.
  • Marketing: We use information related to names and contact details to market our products and services. With regard to our customers, we may customise our marketing on the basis of the information collected on the use of services. We may disclose data to our collaboration partners selected for marketing operations. In such cases, the processing is based on consent from the data subject or a legitimate interest. Data subjects may prohibit marketing or revoke marketing permission at any time.
  • Product development and reporting: We use personal data to develop our services even further. For example, customer feedback provides us with information on how to improve our services. Processing for these purposes is based on our legitimate interest.
  • Prevention and investigation of misconduct: Occasionally, we have to use personal data to prevent and investigate misconducts. For example, we can use automatically collected log data to monitor and investigate the actions of an information system user and permissibility of information use in line with our legitimate interest.
  • Obligations pursuant to law: Pursuant to Finland’s Accounting Act, we store correspondence related to receipts and business transactions for six years from the end of the calendar year during which the accounting period ends.

In addition, we store documents related to tuition, training and examinations as long as the information can be used for obtaining a driving licence or professional competence. For example in these situations, data processing is based on meeting a legal obligation.

6. Regular sources of information

Data is primarily collected from the data subject in conjunction with ordering or using the services.

7. Storage of data

We store personal data as long as is required for the realisation of the aforementioned purposes pursuant to applicable legislation. For example information related to tuition and examinations is stored in line with the provisions of law.

After this, we delete selected information and process name and contact information and some user profile-related information for marketing purposes unless the data subject objects to marketing messages. If a data subject prohibits marketing and no other grounds for data processing exists, we store information on the prohibition and contact details to ensure compliance with the prohibition. A data subject may also request the erasure of data relating to him or her.

We aim to ensure that the personal data in our possession remains accurate and up to date by deleting unnecessary data and by updating outdated data. Data subjects may also influence storage time by means described below.

8. Cookies

We use cookies on our websites. A cookie is a small piece of data sent from a website and stored on the user’s computer. Cookies are used to identify users who visit the website frequently, facilitate login and enable the creation of a visitor profile by analysing how and when our website is used, including information such as from which page the visitor came to our website, when the visitor browsed our website and what pages, the browser, the screen resolution, operating system and system version used by the visitor and the visitor’s IP address. This information helps us to develop the content of our website and user experience and to target advertising and marketing messages. Cookies do not harm the visitor’s computer or files.

We utilise cookies in a way that enables us to offer customised information and services. In addition, we use cookies to produce targeted advertising and marketing messages.
First party cookies are those set by the website displayed in the address window. In addition to first party cookies, our website uses third party cookies by our measurement and monitoring service providers, advertising technology suppliers and social media.

We use Google Analytics to analyse the use of our website. Google Analytics uses cookies to help the online service to analyse how users use the service. Cookies collect information on how you use the online service (including your IP address). Information collected by the cookies is sent to and stored on Google’s servers, which may be located outside the EU. Google uses this information to analyse how the website is used, create reports to website operators on traffic on the website and to offer other services related to the traffic on the website and browsing behaviour. Google may also disclose this information to third parties if so required by law or to third parties that process data on behalf of Google. Google does not link your IP address to any other information it manages. By using our website you accept that Google processes data relating to you in the manner described above and for the aforementioned purposes.

Users may block cookies from their browser settings or influence processing by other means described herein.

9. Disclosure and transfer of data outside the EU or the EEA

We may disclose personal data for the following purposes:

  • Disclosure of data required by law or regulations issued by authorities: We may disclose personal data as required by competent authorities on the basis of applicable legislation. Information is disclosed for example to Finnish Transport Safety Agency (Trafi) or to Ajovarma Oy, which produces official services for Trafi on the basis of the Driving Licence Act and the Act on the Professional Qualifications of Truck and Bus Drivers.
  • Consent: With consent from the data subject, we may disclose data to third parties, such as the subject’s employer and insurance company.
  • Group: Other companies belonging to the group may process the data.
  • Corporate reorganisations: If we sell, merge or otherwise reorganise our business operations, personal data may be disclosed to buyers and their advisors.
  • Direct marketing and opinion and market surveys: We may disclose personal data for the purposes of direct marketing and opinion and market surveys, unless the data subject has specifically prohibited this.
  • Debt collection and legal claims: We may disclose personal data to third parties for the purposes of fulfilling a contract, collecting debts, investigating misconducts, or for preparing, submitting or defending a legal claim.

We make use of subcontractors in our service production. We sign an agreement with our subcontractors to ensure that the data is processed in line with applicable legislation and this privacy policy. As a rule, the data is not transferred outside the European Union or European Economic Area.

10. Principles of data protection

The data is stored in CAP-Group Oy’s information system that is protected by various means and actively maintained. The system is protected with firewalls and by other technical means. The register data stored in the system may only be accessed by selected CAP-Group Oy’s employees who are the only ones with the right to use the data. The data contained in the register is stored on locked and monitored premises.

11. Data subjects’ rights

Data subjects may influence data processing by several means:

  • Inspection, rectification and erasure of data: Data subjects have the right to inspect the data pertaining to them. At the request of the data subject, erroneous, incomplete or outdated information is rectified, completed or deleted. However, the data is not deleted if it is required for fulfilling legal obligations or preparing, submitting or defending a legal claim or for fulfilling the contract between the data subject and the data controller.
  • Transfer of data: Data subjects may request transfer of their data that is being processed automatically on the basis of consent or agreement by contacting the contact person specified in section 2.
  • Right to restrict and object to processing: Data subjects may prohibit direct marketing at any time. Data subjects may also object to data processing based on a legitimate interest on grounds relating to their personal situation.  For example in such a case, processing is restricted while the objection is pending. Processing may also be restricted when the data subject claims the data pertaining to him or her is not accurate. In this case processing is restricted while the data is inspected to ensure its accuracy.
  • Revoking consent: Data subjects may revoke their consent at any time by contacting the contact person specified in section 2.
  • Right to complain: Data subjects have the right to lodge a complaint with authorities if they believe that their data has been processed in a manner that violates the provisions of the applicable legislation on privacy.

Users may influence data processing related to information collected automatically with cookies by the following means:

  • Private browsing: With the private browsing function, the user may browse the website without cookies being used to collect information on the pages visited.
  • Creating a new cookie profile: By deleting cookies at regular intervals, users may change their identifier and reset their profile.
  • Blocking cookies: Users may block cookies from the browser settings. Blocking cookies may interfere with the functioning of our services.
  • Blocking Google Analytics: Users may prevent Google Analytics from using data relating to them by downloading a separate browser add-on that blocks Google Analytics. This add-on stops Google Analytics’ JavaScript (ga.js, analytics.js and dc.js) running on the website from sharing the website’s visitor information with Google Analytics.

Search for anything