Privacy Policy

This privacy policy explains how CAAR Oy (hereinafter the “Company”) processes
your personal data in connection with our website, services, and customer relationship.
We comply with the applicable EU General Data Protection Regulation (GDPR) as well as
applicable national legislation.

1. Data Controller

CAAR Oy Business ID: 3574361-3 Address: Vetokuja 2, 01610 Vantaa Email: tietosuoja@caar.fi CAAR Oy is responsible for the processing of your personal data and ensures that such processing is lawful, secure, and transparent.

2. Person Responsible for Data Protection

Our company has a contact person responsible for data protection, whose task is to oversee the processing of personal data and ensure compliance with the GDPR. Contact details: tietosuoja@caar.fi

3. Processing of Personal Data

We process your personal data for the following purposes:
  • Customer relationship management: sales, purchases, test drives, financing, insurance, and additional services. Legal basis: contract and statutory obligations.
  • Marketing and communications: electronic direct marketing, campaigns, customer surveys, and newsletters. Legal basis: consent or legitimate interest.
  • Website and service analytics: monitoring website usage, cookie management, technical optimization, and security. Legal basis: legitimate interest and/or consent for cookies.
  • Security and fraud prevention: monitoring of premises and services, fraud prevention. Legal basis: legitimate interest and statutory obligation.
  • Compliance with laws and authority requirements: accounting, document management, Traficom notifications. Legal basis: statutory obligation.

4. Personal Data Processed

Personal data varies depending on the situation, but may include:
  • Customers and leads: name, address, email, phone number, driver’s license details, vehicle information, company details, financing and insurance information, communications, and customer feedback.
  • Website visitors: IP address, device and browser information, cookies, and anonymized usage data.
  • Service users: messages sent through chat services, WhatsApp communications (only if the customer uses the application), and other information provided by the user.
  • Other persons: employees, drivers, or service providers in situations related to their duties.

5. Retention Period of Personal Data

The retention period of data is determined by the purpose of processing and legal requirements. Examples:
Data Retention Period
Potential customer / lead 6 months
Offers and negotiations 12 months, if no purchase is made
Test drive permits 12 months
Contract customers 10 years
Marketing consents Until consent is withdrawn
Cookie analytics Anonymized data retained continuously, identifiable data max. 24 months

6. Sources of Data

Personal data is obtained from:
  • Customers themselves (forms, email, phone calls, chat, WhatsApp).
  • Public registers and authorities (e.g. Traficom, Population Information System, credit information register).
  • Service providers, such as analytics and marketing partners.
  • Information collected through website tracking tools and cookies.

7. Data Security

We use appropriate organizational and technical measures to protect personal data, such as:
  • Firewalls and encryption
  • Managed access rights and access control
  • Staff training and confidentiality obligations
  • Regular data backups and deletion when necessary
As the data controller, we ensure that access to servers and stored data is handled confidentially.

8. Recipients of Personal Data

Data may be disclosed to:
  • Authorities: Traficom and other authorities as required by law.
  • Financing and insurance companies: with the customer’s consent.
  • Service providers and subcontractors: IT, analytics, marketing, and cloud services, acting only as processors in accordance with contract terms.
  • Business arrangements: sale of the company, merger, or other arrangement, always in compliance with the GDPR.
As a rule, data is not transferred outside the EU/EEA, but if such a transfer takes place, an adequate level of data protection will be ensured, for example by standard contractual clauses or the customer’s consent.

9. Rights of the Data Subject

The data subject has the right to:
  • Inspect and obtain a copy of their personal data
  • Request correction or completion of data
  • Request deletion of data (“right to be forgotten”)
  • Restrict processing or object to direct marketing
  • Transfer data to another controller
  • Withdraw previously given consent at any time
  • Lodge a complaint with the Office of the Data Protection Ombudsman (https://tietosuoja.fi)
  • Requests may be sent by email to tietosuoja@caar.fi or by post to the company address at Vetokuja 2, 01610 Vantaa

10. Cookies and Tracking

The website uses cookies and tracking technologies for analytics, direct marketing, and improving the operation of the site. The user may manage their consent through the cookie policy.

11. Changes to the Privacy Policy

We reserve the right to update this privacy policy due to changes in legislation or operating practices. The current version is always available on our website.