1. DESCRIPTION OF FILE
Description of file as referred to EU GDPR and local data protection law (EU 2016/679)
2. CONTROLLER
Semel Oy
Business ID 0113821-2
Valimotie 21, 00380 Helsinki
Tel. +358 20 7429 400
3. NAME OF DATA FILE
User database of ContactMobilePhone service.
4. PURPOSE OF PROCESSING USER DATA
User data is processed solely to operate and provide the functionalities of the ContactMobilePhone service. This includes enabling secure login, ensuring proper functioning of the application, displaying the vehicle’s location, and supporting communication and operational features required for the use of the service.
The application does not process personal data that identifies the user. Any identifiable information related to the user is maintained separately by the party responsible for issuing the login credentials and is not stored or processed within this application.
5. PURPOSE OF USE OF THE PERSONAL DATA FILE
The data contained in the user data file is processed solely for the purposes of operating, maintaining, and improving the application. This includes ensuring secure authentication, enabling access to the service, managing user sessions, providing required application functionality, monitoring system performance, and compiling technical statistics for service development.
The application does not process or store personal data that identifies the user. Any identifiable information related to the user is maintained separately by the party responsible for issuing the login credentials and is not stored or processed within this application.
6. DATA CONTAINED IN THE USER DATA FILE
The user data file contains only the information necessary for the operation, security, and monitoring of the application. The application does not store or process personal information that identifies the user. Any identifiable details related to the user are maintained separately by the party responsible for issuing the login credentials and are not stored or processed within this application. The login credentials used in the application are numeric or otherwise non-personal identifiers that do not allow identification of the user as an individual through this application.
The categories of data processed within the user data file include:
- Device information: basic technical details about the device used to run the application (such as device name, model, and operating system/UI version).
- Service registration information: data required to validate and activate access to the service.
- User identifiers: numeric or non-personal IDs required for authentication and internal system linkage.
- Authorization and restriction information: data related to permissions, access rights, and security controls within the service.
- Event and usage analytics: technical logs, in-app activity data, and event information used to maintain service reliability, troubleshoot issues, and improve functionality.
- Location data (GPS): real-time mobile device location data required for providing the service. GPS data is used solely to determine the location of the vehicle, support routing and operational features, and display the vehicle’s position within the system’s map interface.
- Security identification information (if applicable): non-personal identifiers required for access to premium features or services requiring elevated security.
The information collected is limited to what is necessary for operating the application and ensuring reliable and secure service functionality.
7. REGULAR SOURCES OF USER DATA
User data is obtained from the login credentials provided to the user for accessing the application, as well as from the user’s device, from which the application collects technical information, usage data, and GPS location data necessary for operating the service. The application does not retrieve personal data from external registers such as the Population Register or marketing prohibition registers. The application does not process personal details identifying the user; any such information is maintained separately by the party responsible for assigning the login credentials.
8. DISCLOSURE OF INFORMATION
Semel may disclose user data only within the limits permitted and required by applicable legislation. User data may be processed by Semel’s subcontractors or service providers to the extent necessary for operating the application, providing technical support, or ensuring the functionality and security of the service. Such processing may involve storing data in systems operated by subcontractors or processing data through technical interfaces.
User data will not be transferred outside the European Union or the European Economic Area unless this is necessary for the technical implementation of the service. In such cases, Semel will ensure that the transfer is carried out in compliance with applicable data protection legislation and that an adequate level of data protection is maintained.
The application does not collect or process user email addresses or other personal details suitable for publication, and therefore no user information is published or used in any directory or catalogue services.
9. PROTECTION OF DATA FILE
As a general rule, right of access to the data file requires a user ID granted by the administrator of the customer database. The administrator in such a case also defines the level of access rights granted to the users. A personal password is required for logging in to the application. The use of the data as well as the logins are controlled.
The data is collected to the shared databases of the service. These databases are protected by firewalls, passwords, and other technical means. The databases are located on locked and guarded premises. Only predefined persons have access to the information.
Everyone on Semel premises is required to have an ID card visible and entry is forbidden without an appropriate access control card.
10. RIGHT OF INSPECTION AND ERASURE
In accordance with EU GDPR, the users have the right to check what information has been stored on them in the personal data file. You also have the right to request that inaccurate or incomplete personal data be corrected. The customer can check this free of charge once a year. The request for checking the data must be submitted in a personally signed document or a similarly certified document. You may also request that your personal data be erased.