1. Privacy policy

Last updated: November 7, 2025
Effective date: May 1, 2025

his privacy notice describes how and why Uudenmaan Tieapu Oy – Tieapu24 processes your personal data when you visit our website or use our services.

“Personal data” means any information that can identify you as an individual. The use of personal data must comply with applicable data protection legislation. As the data controller, we ensure that we use your personal data in accordance with the law.

2. Data controller

Name of the register: Customer and user register

Register controller: Uudenmaan Tieapu Oy (business ID: 2874016-6)
Postal address: Arkkitehdinkatu 15, 07900 Loviisa

Contact person for the register:

Artour Lazarev, info@tieapu24.fi

3. Purposes and Legal Bases for Processing Personal Data

  • Customer relationship management and provision of services (contract / legitimate interests)
  • Communication and customer service (contract / legitimate interests / consent for marketing)
  • Website analytics and service development (consent)

We comply with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR).

4. What Personal Data We Collect

The data we collect about you depends on the information you provide to us, how you use our services, and the permissions you give us.

4.1 When you order or use our services

Tilaajan tiedot

  • Name
  • Personal iD
  • Address
  • Postal code
  • City/Town
  • Phone number
  • Email

Vehicle details

  • Registration number
  • Brand and model
  • Vehicle location
  • Time of the accident or incident
  • Description of events
  • Vehicle insurance details
4.2 When you visit our website
  • IP address (in anonymised form)
  • Device (computer, mobile phone, or tablet)
  • The pages you visit
  • Browser and version information
  • Device brand
  • Device model
  • Operating system and version
  • Screen size
  • City/Locality.
4.3 When you contact us via the contact form
Name, phone number, email address (optional), and the content of your message

5. Regular Sources of Data

The data stored in the register is obtained from the customer, e.g., from messages sent via web forms, by email, by phone, through the use of our services, from contracts, customer meetings, and other situations in which the customer provides their information. Website usage logs and analytics are collected subject to your consent.

Contact details of representatives of companies and other organisations may also be collected from public sources such as websites, directory services, and other companies.

6. How We Store, Share, and Disclose Data

Personal data is kept confidential. The hardware on which the register is located is protected by a firewall and other necessary technical safeguards. We do not transfer your personal data to third parties without your consent, except in the limited circumstances described below:

We share personal data only to the extent agreed with the customer. For example, we share personal data with an insurance company only when the customer is insured with that company and such sharing is necessary for managing the customer relationship.

Safeguards implemented in connection with the use of Google Analytics relating to data sharing:

  • IP anonymisation has been enabled, so the full IP address is not stored or transferred.
  • User consent is required before collecting cookies or analytics data.
  • Google LLC complies with Standard Contractual Clauses for data transfers.

6.1 Recipients and Disclosures of Data

  • Insurance companies: disclosure only if the customer is insured with the respective company and the disclosure is necessary for managing the customer relationship.

  • Service providers (processors): analytics and advertising (Google). They process data only for the agreed purpose and retain it only for as long as necessary.

  • Authorities: we disclose data when required by law.

  • Corporate transactions: if our company merges or is acquired, data may be transferred to the new owner.

6.2 Sharing of Online Service Data

We require that such third parties use the personal data we transfer to them (see “When you visit our website” above for the data transferred) only for the purpose for which it was transferred, and that they do not retain it longer than necessary to fulfil that purpose.

6.3 Transfers of Data Outside the EU/EEA

Our online service uses Google Analytics to collect and analyse website usage statistics. The website also uses the Google Ads online advertising tool to provide targeted advertisements to users. The provider of Google Analytics and Google Ads, Google LLC, is located in the United States, which means that some of the data collected may be transferred to the United States or other countries outside the EU and EEA. See “When you visit our website” above for the data transferred.

Data transfers are based on the user’s consent, which is requested via the cookie settings. Google is committed to complying with the European Commission’s Standard Contractual Clauses (SCCs)(tietosuoja.fi), which provide protection for data transfers in accordance with data protection legislation.

Please note that the level of data protection in countries outside the EU, such as the United States, may not correspond to the level required by EU data protection legislation, and your data may be accessible to authorities in those countries in accordance with local laws

7. Cookies and Consent Management

  • We will ask for your consent to analytics and advertising cookies before setting them.
  • You can change your consent at any time via the Cookie Settings link (add link here).

8. Data Retention Periods

  • Customer and contract data: for the duration of the contractual relationship and for up to 12 months after its end (for accounting and limitation periods).

  • Contact form submissions: for up to 12 months unless the matter continues.

  • Analytics and cookies: for the lifetime of the cookies and the Google Analytics data retention window (e.g., 14 months), if used.

9. Data Security

We use appropriate technical and organisational security measures, such as access control, encrypted connections, backups, and system monitoring. The register is protected by a firewall and other necessary technical measures. Only authorised personnel have access to personal data.

10. Your Rights

Users of our services have rights concerning their personal data under data protection legislation.

Exercising your rights is free of charge, and we aim to respond to your requests as quickly as possible and no later than within one month. Below is a description of your rights and how you can exercise them:

  • access your personal data

  • rectify or erase it

  • receive a copy of your personal data (data portability)

  • restrict or object to the processing of your data

  • ask us to share (transfer) your personal data to another party

  • withdraw the consent you have given us for processing your data

  • the right to lodge a complaint with the supervisory authority (tietosuoja.fi)

You can withdraw your consent to the collection of analytics data by changing your cookie settings.

You can request more information about data transfers and safeguards by contacting us at info(a)tieapu24.fi.

You can exercise these rights by writing to us at info(a)tieapu24.fi. We will respond to your request no later than one month after receiving it. Please note that if you do not allow us to collect or process the personal data required, or if you withdraw your consent for the purposes for which it is required, you may not be able to use the services for which your data has been requested.