Privacy Policy – Wolt Partner Campaign

Your privacy is important to us 🔒

Updated: [5.3.2026]

1. Data Controller

Company: ParkMan Oy ("ParkMan", "we")

Address: Pasilanraitio 5, 00240 Helsinki, Finland

Business ID: 3548206-2

Email: info@parkman.io

2. Introduction

ParkMan is committed to protecting your privacy and complying with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR). This Privacy Policy describes how we collect, process, and protect your personal data when you use the ParkMan application, our websites, or our other services (the "Services").

3. Purposes and Legal Basis for Processing Personal Data

We collect and process personal data only to the extent necessary to provide our Services. The processing is primarily based on the performance of a contract (use of the service), our legitimate interest (e.g., service development and marketing), or a legal obligation (e.g., accounting).

We process data for the following purposes:

  • Service delivery: User identification, locating parking spaces, starting and ending parking sessions, and processing payments.
  • Customer relationship management: Customer communication, notifications, and support.
  • Parking enforcement: Forwarding necessary information to parking attendants and operators to verify parking rights.
  • Billing, credit evaluation, and debt collection: Payment processing, creditworthiness assessment (if necessary), and debt collection measures.
  • Product development and analytics: Compiling statistics on service usage, technical testing, and improving the user experience.
  • Marketing: Service-related communication, offering benefits, and targeted advertising (including on third-party platforms) based on the use of the Service.

4. Processed Personal Data

We may collect the following types of data directly from you or automatically in connection with your use of the Service:

  • Contact details: Name, email address, phone number, address details.
  • Identification details:
    • Business ID: Identification data for corporate customers (e.g., Finnish Business ID / Danish CVR).
    • National Identification Number: We collect a personal identity code (e.g., Finnish henkilötunnus or Danish CPR number) only when it is strictly necessary for the unambiguous identification of the data subject, for example, in connection with credit control, billing, or debt collection (in accordance with applicable national laws, e.g., Section 29 of the Finnish Data Protection Act and Section 11 of the Danish Data Protection Act).
  • Account details: Username, password (stored securely), profile picture (optional).
  • Vehicle details: License plate numbers and vehicle characteristics.
  • Payment details: Payment card details (stored by a PCI DSS-certified payment processor) and payment method.
  • Transaction details: Location, duration, price, and time of parking sessions.
  • Device details: Device ID, device model, operating system version, IP address.
  • Location details: The device's GPS location when using the service (to search for and locate parking areas).
  • Behavioral data: Server logs, viewed screens, clicks, and application settings.
  • Corporate users: The name, role, and contact details of the contact person.

5. Data Disclosures and Recipient Categories

We do not sell your data. We disclose data to third parties only in the following cases to provide the service:

  • Parking operators and enforcers: The license plate number and parking transaction details are disclosed to the local parking provider or municipal parking enforcement to verify parking rights. These entities act as independent data controllers for their own registers.
  • Service providers (data processors): We use trusted partners for e.g., payment processing, hosting services, customer service systems, analytics, and debt collection. Data Processing Agreements (DPA) have been signed with all processors.
  • Authorities: We disclose information to authorities (e.g., the police) if required by law or a binding authority order.

6. Data Transfers Outside the EU/EEA

We aim to process personal data primarily within the European Union (EU) or the European Economic Area (EEA).

However, the provision of the Service may require transferring data outside the EU/EEA, for example, when using technology or cloud service partners based in the United States. In such cases, we ensure an adequate level of data protection through the following mechanisms:

  • EU–US Data Privacy Framework (DPF): We transfer data to the United States primarily to organizations certified under the DPF framework, which guarantees an adequate level of data protection in accordance with the EU Commission's adequacy decision.
  • Standard Contractual Clauses (SCC): If the destination country does not have an adequate level of data protection recognized by the EU Commission, or if the recipient is not part of the DPF framework, we use standard contractual clauses approved by the EU Commission alongside necessary supplementary technical safeguards.

7. Cookies and Tracking Technologies

We use cookies and similar technologies (such as device identifiers) on our website and in our app to ensure functionality, analyze usage, and target marketing.

  • Strictly necessary cookies: Enable the basic functions of the service.
  • Analytics cookies: Help us understand visitor numbers and usage patterns (e.g., third-party analytics services).
  • Marketing cookies: Enable the display of targeted advertising in the networks of our partners (e.g., social media platforms and search engines) based on your visits.

You can manage your cookie preferences through your browser or device settings.

8. Data Retention Periods

As a general rule, we retain personal data for as long as the customer relationship is active.

  • After the customer relationship ends: We may retain data for a limited period (up to 2 years) to fulfill contractual obligations, handle potential claims, or at the request of parking operators.
  • Statutory obligations: Accounting materials are retained for the period required by the applicable Accounting Act (typically 5–6 years from the end of the financial year).

Once the legal basis for retention expires, the data will be deleted or anonymized so that it can no longer be linked to an individual.

9. Principles of Register Security

The data is stored in electronic systems protected by appropriate technical and organizational measures (e.g., firewalls, encryption, access control). Access to personal data is restricted solely to those ParkMan employees and partners who need the information to perform their job duties.

10. Data Subject Rights

You have the following rights under the GDPR:

  • Right of access: The right to obtain confirmation as to whether your data is being processed and a copy of the processed data.
  • Right to rectification: The right to request the correction of inaccurate or incomplete data.
  • Right to erasure: The right to request the deletion of your data ("right to be forgotten"), unless we have a legal obligation to retain it.
  • Right to object: The right to object to the use of your data for direct marketing.
  • Right to data portability: The right to receive the data you have provided to us in a machine-readable format.
  • Right to restriction of processing: The right to request the restriction of processing in certain situations.

You can exercise your rights by contacting our customer service or by managing your account directly in the app.

11. Changes to the Privacy Policy

We continuously develop our Service and may therefore update this Privacy Policy. We will notify you of significant changes within the Service or via email. We recommend reviewing this policy regularly.

12. Right to Lodge a Complaint with a Supervisory Authority

If you believe that the processing of your personal data violates applicable data protection laws, you have the right to lodge a complaint with a supervisory authority.

In Finland:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)

  • Visiting address: Lintulahdenkuja 4, 00530 Helsinki, Finland
  • Email: tietosuoja@om.fi
  • Website: www.tietosuoja.fi

In Denmark:

Danish Data Protection Agency (Datatilsynet)

  • Address: Carl Jacobsens Vej 35, 2500 Valby, Denmark
  • Email: dt@datatilsynet.dk
  • Website: www.datatilsynet.dk

B. EMPLOYER AS DATA CONTROLLER

This section applies to situations where you use ParkMan as a benefit provided by your employer.

If your employer has agreed to act as the data controller for business parking:

This Privacy Policy applies to the extent that ParkMan acts as an independent data controller (e.g., the technical operation of the app, user account, device details, log details, and application settings).

Regarding the data required for billing and reporting business parking sessions, your employer is the data controller, and ParkMan acts as a data processor on behalf of the employer. In these cases, you will receive more detailed information about the processing of your personal data directly from your employer.