Privacy Policy

  1. Data Controller The data controller as defined in the General Data Protection Regulation (EU) 2016/679 (“GDPR”) is HL CHARTER Oy.
    HL CHARTER Oy (2458816-0) c/o Helsinki Limo Niittytie 21, 01300 Vantaa
  2. Collection of Personal Data This Privacy Statement concerns the collection and processing of personal data. Personal data refers to information that can be directly or indirectly linked to an individual. Information referring to a person representing or acting on behalf of a company, such as a CEO, is also considered personal data. Information about a company that does not in any way refer to a natural person is not considered personal data. We may collect personal data in various ways. Primarily, we receive information directly from you when you contact us. Information may also be collected when you use our services. Additionally, we may derive information about you based on the personal data we hold. Your personal data may also be obtained from public sources, such as the commercial register. We may combine information about you obtained from public sources and various business interactions, for example, during the provision of our services. You are not obligated to provide us with your personal data, but refusal may have various consequences depending on the situation. In some cases, for example, we may not be able to provide our services or act according to your request.
  3. Categories of Personal Data We process various categories of personal data depending on the situation. The type and extent of personal data are always limited to the information necessary for the specific processing purpose. We collect and process personal data belonging to the following categories:
    • Basic information, such as name, contact details (postal address, phone number, and email address), and possibly title and the relationship to the company you represent.
    • Information related to the customer relationship, such as service and order details, contract information, payment information, or invoicing details.
    • Information required by legislation for customer identification, such as identification information, basic information about the customer, their representative, responsible person, and beneficial owner, information about the political influence and its basis or information on sanctions lists.
    • Your communications and related information, such as service requests, correspondence, and information about the exercise of individual rights.
    • Service-related information, such as user IDs, passwords, and identification information generated during the provision of the service, e.g., usage and login information, and information about how you use our website or services.
    • Technical information about browsing our website, such as login information, language, device ID, device type and operating system, application settings, and other information collected through cookies and similar technologies.
    • Other information specifically defined on a case-by-case basis based on your given consent, for example, [xx].
  4. Purpose and Legal Basis for Processing Personal Data We collect, process, and use only the personal data necessary for our business, efficient customer service, and relevant commercial activities. We process personal data only for legitimate and clearly defined purposes, and we do not process data in a manner incompatible with these purposes. We generally process personal data explicitly and freely based on your consent, where you give permission to process your personal data for one or more specified purposes. For example, we process your personal data based on consent when you order the chauffeur services we offer. Furthermore, we process personal data to fulfill or enter into a contract with you or the company you represent and to manage the customer relationship. We may process personal data to fulfill legal obligations, such as those related to accounting, or to comply with requests from authorities (e.g., tax authorities) in accordance with the law. Personal data may also be processed to fulfill our legitimate interests or those of a third party if your fundamental rights do not conflict with such interest. For example, we may process personal data to improve our operations and services, carry out cost-effective and meaningful business activities, or prepare internal reports for business management. In such cases, the processing of personal data is based on our legitimate interest in ensuring the efficiency of our operations and the competitiveness of the services offered, as well as obtaining necessary information to understand our customers and manage our business.
  5. Sharing of Information and Disclosure of Personal Data Personal data may be disclosed and transferred to the subsidiaries of the data controller, service providers, partners, or authorities within the framework of applicable legislation and for the purposes described in this Privacy Statement. The sharing of personal data is based on our legitimate interest in conducting and developing our business and managing customer relationships effectively. When a third party processes personal data on our behalf, we ensure through contractual arrangements that personal data is always processed securely and in accordance with data protection legislation and best practices in data processing. We may disclose personal data to third parties in the following cases:
    • To the extent required or permitted by law, for example, to fulfill a request from a competent authority or in connection with legal proceedings.
    • When our service providers process personal data on our behalf and in accordance with our instructions. We determine the processing of your personal data in such cases.
    • When we are involved in a merger, corporate reorganization, or sale of business or part thereof.
    • When we deem it necessary to enforce or protect our rights, such as responding to legal claims, protecting your or others’ safety, investigating misconduct, or responding to requests from authorities.
    • When you have given consent for the disclosure of your information. In such cases, information is disclosed in accordance with your consent.
  6. Transfer of Personal Data Outside the EU or EEA We do not transfer personal data outside the European Union (EU) or the European Economic Area (EEA).
  7. Retention of Personal Data Personal data is retained only for as long as necessary for the purpose of processing, including the fulfillment of legal, accounting, or reporting requirements, as described in this Privacy Statement. Retention periods may vary depending on the categories to which the data belongs. Several factors are considered in determining these times, such as the nature and confidentiality of the data and the processing purpose. For example, information related to service orders is retained for the six (6) years required by the Accounting Act (1336/1997). Personal data processed based on a contract relationship with you or the company you represent is generally retained for the duration of the contract or the time necessary for the provision of services. After the customer relationship or service provision ends, personal data is retained to the extent necessary to safeguard our legitimate interests, for example, to respond to compensation claims or lawsuits in accordance with the statute of limitations. Personal data processed based on legitimate interests is processed for as long as there are grounds for such processing. If you object to such processing, the data will be deleted after confirming the justification for your request. If personal data is processed to fulfill legal obligations, it is retained in accordance with legal requirements. The obligation to retain personal data is regulated, for example, in legislation related to accounting and anti-money laundering. The retention period for personal data processed based on consent depends on the processing purpose.
  8. Your Rights Your rights and options regarding personal data depend on the specific situation and the purpose of processing. Right of access – You have the right to receive confirmation of whether your data is being processed and, if so, to receive a copy of the personal data we process about you, along with additional information about the processing we conduct. Right to rectification – You have the right to have inaccurate data corrected and, in some cases, to complete incomplete personal data. Right to object to processing – You have the right to object to the processing of your personal data when it is based on our or a third party’s legitimate interest, if your personal situation overrides such a legitimate interest. We may reject your request if processing is necessary to enforce mandatory and legal rights. Right to data portability – You have the right to data portability, meaning that you may, under certain circumstances, have the right to have your personal data transferred to another data controller in a structured, commonly used, and machine-readable format. Right to be forgotten – You can request us to delete your personal data if there is no valid reason for continuing to process it, for example, if you consider the processing of your personal data unnecessary for the purposes described above or if you want to withdraw your consent. Right to restriction of processing – You have the right, under certain circumstances, to request us to restrict the processing of your personal data, for example, to ensure the accuracy of personal data. Right to give and withdraw consent – If the processing of personal data is based on your consent, you have the right to withdraw your consent at any time. We may need to request certain information from you to confirm your identity and ensure that you are entitled to exercise these rights. You can exercise your rights by sending the aforementioned request to If you believe that the processing of your personal data is not appropriate, you can contact the Data Protection Officer.
  9. Principles of Personal Data Protection We implement appropriate measures (including physical, technical, and administrative measures) to protect personal data from loss, destruction, misuse, unauthorized access, or disclosure. Personal data is processed, for example, in an electronic transport management system that has been found to meet the requirements of the General Data Protection Regulation. We protect personal data, among other things, with firewalls, encryption technologies, secure facility spaces, careful management of user credentials for information systems, and a thorough assessment of our service providers who participate in the processing of personal data on our behalf. Our service providers and their employees process your personal data only in accordance with our instructions and under the obligation of confidentiality. In the event of a data breach, we will notify the data subject as required by applicable law.
  10. Changes to this Privacy Statement We may update this Privacy Statement as needed to describe changes in processing practices. The latest version is available at This Privacy Statement was last updated on 18.12.2023.
  11. Contact If you have any questions about this Privacy Statement, your personal data processed, or if you want to contact the Data Protection Officer, you can send an email to