Sök
Get a bike

en

Support
Search icon
Search button icon

Vapaus Privacy policy about camera surveillance

Updated 22.9.2025

This Privacy Statement explains how we process personal data obtained from camera surveillance. Camera surveillance is carried out at the Vapaus Office.

1. Contact details

Company/Controller:
Vapaus Bikes Finland Oy
Business ID: 2879502-8

Contact for data protection matters:
Vapaus Bikes Finland Oy's Data Protection Officer Kasper Hannula
Vilhovuorenkatu 11 C, 00500 Helsinki, Finland
kasper@vapaus.io

‍The Data Protection Ombudsman monitors compliance with the provisions on personal data.
Office of the Data Protection Ombudsman
p. 029 566 6777
tietosuoja@om.fi

2. Personal data processed and data sources

The company's offices and business premises are equipped with surveillance equipment. Camera surveillance is used to capture and record images and personal data of persons moving within the area covered by the camera surveillance. Information about camera surveillance in the area is displayed on stickers

We process personal data to fulfill Vapaus Bikes Finland Oy's legal obligations and rights and for compelling purposes, to ensure the legal protection and safety of employees, partners, to protect the data and property of the employer, employees and customers and to prevent and investigate criminal offenses.

Personal data is also processed to investigate cases of misuse, to deal with false alarms and to individualize and identify persons on the premises. The data may also be used to assist with installation and maintenance work.

3. To whom do we disclose your personal data?

To the extent permitted and required by law, information may be disclosed to supervisor, external contacts and public authorities (e.g. the police).

Personal data may be transferred to subcontractors acting on behalf of Vapaus, who process such data for us pursuant to the assignment. Subcontractors may not use personal data for any purpose other than to provide the agreed service to Vapaus. Where we use subcontractors, we will take appropriate steps to ensure that the processing is carried out in accordance with the Privacy Policy and the Privacy Statement.

As a general rule, data will not be transferred outside the EU or the European Economic Area. In the event that data would be transferred outside the EU or EEA, we will ensure that the transfers are carried out in accordance with the legal requirements by means of agreements based on standard contractual clauses on data protection approved by the European Commission or otherwise.

4. Retention period

Vapaus will not retain personal data for longer than the maximum period permitted by law and only for as long as necessary for the purposes set out in this Privacy Statement. The retention period depends on the nature of the data and the purpose of the processing.

In principle, video recordings will be stored for approximately one month. If the recording is needed for the purposes described above or for a longer period for other reasons, such as claims handling, dispute resolution or suspected criminal offences, it will be stored for as long as such an identified need so requires.

5. Your rights

Right of access:
As a Customer and/or User, you have the right to access and obtain information about the personal data we process about you. Customers and Users have the possibility to access certain Customer and User Data through their user account. You have the right to request a copy of your personal data from us.

Right to withdraw consent:
Where processing is based on consent given by the User, the User may withdraw consent at any time. Withdrawal of consent may limit the User's ability to use the Service. Withdrawal of consent does not affect the legitimacy of the processing of personal data that we processed prior to the withdrawal.

Right to rectification:
As a Customer and/or User, you have the right to require us to correct or complete any inaccurate or outdated personal data we hold by contacting us. Customers and/or Users may correct or update some of their personal data relating to them through their user account.

Right to erasure:
As a Customer and/or User, you may request us to delete your personal data from our systems. We will comply with your request if we have no legitimate reason not to erase your data. 

Right to object:
As a Customer and/or User, you may object to the processing of your personal data where the data is processed for purposes other than to provide our Service or to comply with our legal obligations. However, objecting may limit your ability to use our Service.

The right to restrict the processing of your data:
As a Customer and/or User, you may request us to restrict the processing of your personal data, for example, where your request for erasure, rectification or objection is pending and/or where we do not have legitimate grounds to process your data. However, this may limit your ability to use our Service.

Right to data portability:
As a Customer and/or User, you have the right to receive your personal data from us in a structured and commonly used format and the right to independently transfer the data to a third party.

The right not to be subject to automated decision-making:
We do not make decisions based solely on automated processing that would affect a Customer’s and/or User 's rights or obligations in a material way. Any personal data processing processes will be developed in such a way that they do not involve decisions of legal or contractual significance without human involvement. If we subsequently decide to use automated decision-making, we will inform you of this separately and ensure that you still have the right to request a review and human assessment if a decision is based partly or wholly on automated processing.

Exercise of rights:
The above-mentioned rights may be exercised by sending a letter or email to the  above-mentioned addresses containing the following information: full name,  address, email address and telephone number. We may request additional  information necessary to prove the identity of the Customer and/or User. We  may reject requests that are unreasonably repetitive, excessive or manifestly  unfounded or for any other legal reason.

6. Information security 

We use administrative, organisational, technical and physical safeguards to  protect the personal data we collect and process. The measures we use include data encryption, pseudonymisation, firewalls, secure facilities and systems  protected by limited access rights. Our security measures are designed to  maintain an appropriate level of data confidentiality, integrity, availability,  resilience and recoverability. We regularly test our Service, systems and other  hardware for vulnerabilities. In addition, we restrict access to records by individuals so that only authorized individuals with a legitimate reason can view records. This ensures that recordings are treated confidentially and only when necessary.

If, despite our security measures, a data breach occurs that is likely to have an  adverse effect on the privacy of Customers and/or Users, we will notify the  relevant Customers and/or Users and other affected parties as required by  applicable law and, where required by applicable data protection legislation, the  authorities as soon as possible. The notification to the Office of the Data  Protection Ombudsman will be made at the latest within 72 hours of the  discovery of the breach, as required by law, where the breach may pose a risk to  the rights or freedoms of natural persons.

7. Amendments 

Vapaus has right to amend this Privacy Statement. The current Privacy Statement is dated 22.9.2025. Vapaus recommends that employees review the contents of the Privacy Statement regularly and from time to time. An up-to-date version of the Privacy Statement is available on the website.