Description of the file

1. Registrar

HKL Helsinki City Transport Public Utility
Toinen linja 7 A
FI-00530 Helsinki
PO Box 1400, FI-00099 City of Helsinki
+358 9 310 34980

2. Contact person for matters relating to the file

Project Engineer Samuli Mäkinen
HKL Helsinki City Transport Public Utility
Infrastructure and Rolling Stock
Eurantie 5–7, 4th floor, 00550 Helsinki
PO Box 1400
FI-00099 City of Helsinki
Mobile: +358 40 532 3594
Tel. +350 9 310 34980

3. Name of the file

Helsinki City Bike System User Register

4. Purpose of the processing of personal data

Personal data is processed in order to manage customer relationships (Personal Data Act, Section 8).
The data stored in the City Bike System Customer Register is user for managing customer relations and for service provision. A customer's personal data is used to identify the customer in cases of problems, to contact the customer to deliver messages related to the operation of the system, and to display user information for the users themselves on the service website, where the users can also edit their information. In addition, the data is used to comptile statistics about the system. Individual users will not be identifiable in the statistics.
Card payments are made safely with a secure payment form via the Stripe Payments Europe Ltd payment service. KL, HSL, Smoove and Ciybike Finland Oy do not have access to the card information and payment card information is not stored in our system as such. The only card information stored are the part of the payment card number provided by the payment service, the expiry date of the card and the name of the company that issued the card. This information is used to show the user which card they have linked to the city bike system. We are only authorized to charge the user the fees for the selected pass set out in the terms of use.

Other use:

The data is used for the purposes of direct marketing in accordance with Section 19 of the Personal Data Act, in accordance with the express consent of the customer.

5. Data content of the file

The City Bike System Customer Registers contains the following data on to the users (customers) of the city bike system.

Customer data

Data provided upon registration

  • Name
  • Address
  • Date of birth
  • The start and end dates of pass paid for
  • Email address
  • Telephone number
  • Username
  • PIN code
  • Language
  • Post code or home country
  • Status, is the user currently active
  • Travel Card number, if the user has linked a Travel Card to the system
  • The part of the payment card number provided by the payment service, the expiry date of the card and the name of the company that issued the card. This information is used to show the user which card they have linked to the city bike system; the full payment card number is not stored in the register.
  • Possible express consent to direct marketing


  • Actual use: start and end location, time, the city bike used and the distance cycled
  • Payment transactions
  • Information about any potential uncharged fees.

Prohibition of use

A user can be banned from using the service in accordance with the Terms of Use.

6. Regular sources of datas

The customer register data is obtained from the customer during registration.
Data on the actual use is collected as the user uses the service.

7. Regular disclosure of data

Data on the user's transactions are transferred from Smoove's system to, where the user can view their own information.

8. Data transfers outside the EU or EEA

No data transfers outside the EU or EEA.

9. Protection of the file

A Manual data
No manual data
B Computer-processed data

User rights and their management

Access to the customer register requires a personal username and a password. The administrators of Smoove’s system have the right to view all data stored in the system. The managers and customer service staff of Citybike Finland have the right to view all data, excluding PIN codes. The administrator of has the right to view the same information the users themselves can view, but no one at HSL has the right to change any of the information.

User rights are granted on the basis of duties,  which determine whether they are able only to view the information, change customer information, view PIN codes and create payments related to the use of the service in breach of the Terms of Use.

Data protection and ensuring data usability

The customer register is stored in firewall-protected server center and as a backup on a backup server.