KatuParkki Privacy Policy

This Privacy Policy explains how KatuParkki Technologies Oy (“KatuParkki”, “we”, “us”) processes personal data when you use the Service.

1. Data controller and contact details

Controller: KatuParkki Technologies Oy
Business ID (Y-tunnus): 3549503-1
Address: Antinkatu 3 D, 7. krs, 00100 Helsinki, Finland
Contact (privacy requests and questions): support@katuparkki.fi

2. Definitions

• Personal data: information relating to an identified or identifiable natural person.
• Parking operator: the municipality, private operator, landowner, or enforcement party responsible for the parking location’s rules and enforcement.
• ANPR / Camera Parking: Automatic Number Plate Recognition systems that may detect vehicle entry/exit and license plate numbers at certain sites.

3. What personal data we process

3.1 Data you provide to us

• Account and contact data: phone number (used for one-time passcodes), and (if you provide it) email address and name.
• Vehicle data: license plate number and country code; settings related to Camera Parking enablement.
• Support and communications: messages you send to support, and related correspondence.

3.2 Data we generate or observe when you use the Service

• Parking and transaction data: parking sessions, selected zone/location identifiers, start/stop times, permits (if applicable), receipts, and billing information.
• Payment method metadata: payment method identifiers/tokens and related status (we do not store full card numbers, CVV, or complete card data).
• Device and technical data: device type and OS, app version, IP address, identifiers such as device ID and push notification token, logs necessary for operating and securing the Service.
• Diagnostic and usage data: information about how the Service is used (for example screens viewed, navigation events, taps/clicks, and error events). We may also use tools that create limited diagnostic recordings of in-app activity (often called “session replay”) to troubleshoot technical issues and evaluate reliability. We configure such tools to reduce the collection of personal data (for example by masking certain inputs) and we do not intend to collect sensitive information such as passwords or payment card details through these recordings.

3.3 Location data

The app may request foreground location permission to show nearby parking options and help you choose the correct zone. We do not require background location tracking for core app use.

3.4 Data we receive from third parties

• Parking operator / ANPR events: entry/exit events, zone/site identifiers, and license plate reads from camera/garage systems at participating sites.
• Payment status signals from payment providers (for example confirmation that a payment method was saved or a charge succeeded/failed).

4. Why we process your data (purposes and legal bases)

We process personal data for the following purposes and legal bases under GDPR Article 6:

• Provide the Service and fulfill our contract with you (Art. 6(1)(b)): account creation/login via OTP; managing vehicles; starting/stopping sessions; generating receipts; customer support.
• Process payments and billing (Art. 6(1)(b)): enabling payment method setup, charging for parking/permits, handling refunds where applicable.
• Comply with legal obligations (Art. 6(1)(c)): accounting, tax, and other mandatory recordkeeping.
• Ensure security, prevent abuse and fraud, and protect the Service (Art. 6(1)(f)): security logging, rate limiting, device verification/attestation, and fraud detection. This may include automated protective measures such as temporarily blocking suspicious devices or requests.
• Operate and improve the Service (Art. 6(1)(f)): reliability monitoring, debugging, and technical diagnostics (including analysis of error reports and, where used, diagnostic recordings/session replay).

If we rely on consent (Art. 6(1)(a)) for any optional processing (for example certain marketing communications where required), you can withdraw your consent at any time.

5. Recipients of personal data (who we share data with)

We do not sell personal data. We share personal data only when necessary to provide the Service, comply with law, or protect our rights.

5.1 Parking operators and enforcement parties (independent controllers)

Parking operators and enforcement parties typically process data as independent data controllers for their own purposes (such as validating that parking was paid and enforcing parking rules). We may share or exchange information needed to validate parking, such as license plate number, zone/site identifier, and session start/stop times.

5.2 Payment providers

Payments are processed by third-party payment processing service providers. These providers process payment data under their own terms and privacy notices. KatuParkki receives only the payment metadata needed to operate the Service (for example payment method tokens and status).

5.3 Service providers (processors)

We use trusted third-party service providers to help us operate the Service. These include providers of:

• Cloud hosting and storage services
• SMS and push notification delivery services
• Service monitoring and analytics tools (including tools that may process diagnostic usage data and limited diagnostic recordings to help us troubleshoot technical issues)
• Payment processing services

We may update our service providers over time. We ensure appropriate contractual safeguards for processors where required.

5.4 Authorities and legal recipients

We may disclose information to competent authorities where required by law, or to establish, exercise, or defend legal claims.

6. International transfers

Some service providers may process personal data outside the EU/EEA. Where applicable, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) and supplementary measures as needed.

7. Data retention

We keep personal data only as long as necessary for the purposes described above, unless a longer retention period is required by law (for example accounting obligations) or to handle disputes.

Typical retention periods:

• Account data: retained while your account is active; deleted or anonymized after account deletion unless retention is required for legal obligations or disputes.
• Parking history, receipts, invoices, and accounting records: retained for the period required by applicable accounting/tax laws (typically several years).
• Support communications: retained for a limited period to handle your request and follow-ups, unless a longer period is needed due to a dispute or legal claim.
• Security logs and anti-abuse signals (e.g., IP addresses, device identifiers, attestation verdict summaries): retained for a limited period necessary for security and fraud prevention.
• Technical diagnostics data (e.g., error reports, performance metrics, and diagnostic recordings/session replay where used): retained for a limited period (typically days or weeks) to investigate issues and improve reliability.
• Push notification tokens: retained until you revoke permission, the token expires, or your account is deleted.

8. Your rights

Under GDPR and Finnish data protection laws, you have the right to:

• access your personal data
• rectify inaccurate data
• request deletion of your data (subject to legal obligations)
• restrict processing
• data portability (where applicable)
• object to processing based on legitimate interests
• withdraw consent where processing is based on consent

To exercise your rights, contact us at support@katuparkki.fi. We may ask you to verify your identity before acting on your request.

You also have the right to lodge a complaint with the Finnish supervisory authority:
Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto): tietosuoja.fi

9. Security

We use appropriate technical and organizational measures to protect personal data, including access controls, monitoring, and encryption in transit where applicable. No method of transmission or storage is 100% secure, but we work continuously to protect the Service.

10. Children

The Service is not intended for children under 18. We do not knowingly collect personal data from children.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be made available in the Service and/or on our website, along with an updated “Last updated” date.

Contact Us

For privacy-related inquiries, contact us at: