Kiri

William Osei-Appiah

Auto Mechanico OU

Staadioni tn 4-28

10132

Tallinn – Estonia

Estonia Transport Administration

Valge 4

11413

Tallinn – Estonia

Subject: Data Exchange Platform (hereinafter AVP) service for Auto Mechanico OU

Dear Sir/Madam

I am writing to you on behalf of Auto Mechanico OU, a pioneering Automotive Tech startup focused on

enhancing mobility and providing after-sales service support through a Saas platform. As an innovative

company in the automotive sector, we are dedicated to offering comprehensive post-purchase services

including toolings, integrations insight for the maintenance, repairs and technical assistance tailores for

each vehicle needs.

To achieve our objective and deliver high-quality service, we require access to data from the traffic

register. We believe that our usgae of this data aligns with legitimate interests under Section 184 of the

traffic Act, specifically for improving vehicle safety, ensuring regulatory compliance and enhancing

motorist satisfaction.

Data Requested:

• Basic Data of Vehicle Information*

• Technical Data of the Vehicle*

• Technical Inspection Data*

• Access-Restricted Data*

Need for Data:

Our operations hinge on accurate and up-to-date vehicle information to:

• Identify and verify vehicle for providing bespoke after-sale services support

• Access technical specification necessary for maintenance and repair tasks

• Track, analyse and potentially augment vehicle inspection histories to offer preventative

maintenance reminders.

• Provide motorist details to maintain and update service records.

Compliance and legitimate Interest:

We assure you that all received data will be used solely for the purposes stated, in full compliance with

the relevant legislation, and will be safeguarded appropriately. Attached to this letter is our detailed

description of the legitimate interest.

Application Submission:

We hereby submit a digital application for AVP service, specifying our data needs and choosing Package

2 to accommodate our anticipated data request volumes.

We are committed to paying the necessary state fees and adhering to the regulations set forth by the

Transport Board. Please find attached our company registry code, authorized personnel details, and the

confirmation to use the data as per the formulated goals.

IP Address: Auto Mechanico OU IP address: 35.178.229.29

We look forward to your positive decision and are ready to provide any additional information or

documentation you may require.

Yours faithfully,

William Osei-Appiah

Founder/Director

[email protected]

+37253753269 / +44 7960 164892

Attachments:

1. Detailed Legitimate Interest Description

2. Use Cases and Scenarios

Overview of Details legitimate interest:

This page refers to the type of data being requested, the use cases as well as scenarios, the control

mechanism we have in place to secure store, transmit such data and which stakeholder within the

platform this is made visible to.

1. Basic Data of the Vehicle

Use Cases: This data is used to confirm vehicle identity and provide personalized service offers.

Scenarios: Before starting service, a motorist makes a request and confirm vehicle information,

service provider verifies the vehicle’s brand, model, and trim before issuing a quotation.

Personalized offers such as a discount on a particular model’s service are created.

Control Mechanisms: Data encryption, secure access protocols, role-based access controls

(RBAC), and logged access, alerts and audit trails are implemented to protect data.

Visibility: Motorists and service providers have visibility to confirm service eligibility and

personalization.

2. Technical Data of the Vehicle

Use Cases: This data helps in maintenance and repair planning.

Scenarios: Ensuring the correct parts are ordered for a repair, providing accurate repair

specifications.

Control Mechanisms: Encrypted transmission channels (e.g., TLS), authentication and

authorization protocols protect this data.

Visibility: Service providers need access to provide accurate services.

3. Technical Inspection Data

Use Cases: This dataset is used for compliance and safety checks.

Scenarios: Service providers check last inspection reports to per request from motorist to

address any issues.

Control Mechanisms: Access is restricted based on job roles.

Visibility: Motorists and service providers need this data for compliance inspections.

4. Selectable Access-Restricted Data

Use Cases: Vital for vehicle identity verification.

Examples: Verifying VIN and registration numbers for accurate vehicle description, record

keeping, performing legitimate service applications.

Control Mechanisms: authentication, data masking for non-essential visibility, compliance with

data protection regulations.

Visibility: Service providers access this data to verify the vehicle’s identity and the legitimate

owner.

Outputs Use Cases Scenarios Control Mechanism

Visibility

Basic Data of Vehicle

Identification & Verification, Personalised

Service Offerings

Identification: Confirming vehicle identity before service.

Data encryption and secure access protocols.

Motorists & Service

Providers

Verification: Checking the vehicles brand, model and trim

Role-based access controls (RBAC)

Service Offers: Offering of services that are tailored by the request from motorist

Logged access, alerts and audit trails

Technical Data of the

Vehicle

Maintenance & Repairs

Planning

Part Matching: Ensuring correct parts and accessories

Encrypted transmission channels Service

Providers Repair Specifications: Providing correct repair specifications.

Authentication and authorisation protocols

Technical Inspection

Data Safety Checks

Inspection Report: Accessing latest inspection reports to address Any identified issues

Restricted access based on job request

Motorist

Selectable Access-

Restricted Data

Vehicle Identity verification

Vehicle Identification: Verifying VIN and registration number for accurate description of vehicle, records keeping and service application

Authentication, Data masking for non essential visibility.

Service Providers

Details of Output and their sub data

1. Basic Data of Vehicle

a. Brand

b. Commercial name

c. Modification

d. Type approval number

e. Type approval extension

f. Type

g. Variant

h. Version

i. Category

j. Color

k. Multicolor

l. First registration date

m. Date of registration in Estonia

n. Country of origin

o. Class

p. Body name

q. Body type

r. Base factory

s. Time of next inspection

2. Technical Data of the Vehicle a. Length

b. Width

c. Height

d. Doors

e. Seats

f. Seats next to the driver

g. Standing positions

h. Tires on the axles item

i. Engine model

j. Engine type

k. Fuel type

l. Gearbox type

m. Notes

3. Technical Inspection a. Date and time of the last inspection

b. Type of inspection

c. Decision

d. Malfunctions (detailed)

e. Third-party odometer reading (Inspection points, regular and repair shops)

4. Selectable Access-Restricted Data a. Registration number

b. VIN code

References:

• Output refers to the categories of available data

• Use Cases refers to what the data will be used for

• Scenarios refers to a typical example of a use case

• Control Mechanism refers to how the data exchanges will be securely access, cached and

transmitted* Not all inform will be made available for viewing as some are meant for logical

processes.

• Visibility refers to the stakeholders that may view part of the data request. Motorist and

Automotive service providers such Auto repair shops, Tyre & Wheel shops, Glass fitment shops,

Parts & Accessory Shops, Paint & Body repair shops.

William Osei-Appiah

Auto Mechanico OU

Staadioni tn 4-28

10132

Tallinn – Estonia

Estonia Transport Administration

Valge 4

11413

Tallinn – Estonia

Subject: Data Exchange Platform (hereinafter AVP) service for Auto Mechanico OU

Dear Sir/Madam

I am writing to you on behalf of Auto Mechanico OU, a pioneering Automotive Tech startup focused on

enhancing mobility and providing after-sales service support through a Saas platform. As an innovative

company in the automotive sector, we are dedicated to offering comprehensive post-purchase services

including toolings, integrations insight for the maintenance, repairs and technical assistance tailores for

each vehicle needs.

To achieve our objective and deliver high-quality service, we require access to data from the traffic

register. We believe that our usgae of this data aligns with legitimate interests under Section 184 of the

traffic Act, specifically for improving vehicle safety, ensuring regulatory compliance and enhancing

motorist satisfaction.

Data Requested:

• Basic Data of Vehicle Information*

• Technical Data of the Vehicle*

• Technical Inspection Data*

• Access-Restricted Data*

Need for Data:

Our operations hinge on accurate and up-to-date vehicle information to:

• Identify and verify vehicle for providing bespoke after-sale services support

• Access technical specification necessary for maintenance and repair tasks

• Track, analyse and potentially augment vehicle inspection histories to offer preventative

maintenance reminders.

• Provide motorist details to maintain and update service records.

Compliance and legitimate Interest:

We assure you that all received data will be used solely for the purposes stated, in full compliance with

the relevant legislation, and will be safeguarded appropriately. Attached to this letter is our detailed

description of the legitimate interest.

Application Submission:

We hereby submit a digital application for AVP service, specifying our data needs and choosing Package

2 to accommodate our anticipated data request volumes.

We are committed to paying the necessary state fees and adhering to the regulations set forth by the

Transport Board. Please find attached our company registry code, authorized personnel details, and the

confirmation to use the data as per the formulated goals.

IP Address: Auto Mechanico OU IP address: 35.178.229.29

We look forward to your positive decision and are ready to provide any additional information or

documentation you may require.

Yours faithfully,

William Osei-Appiah

Founder/Director

[email protected]

+37253753269 / +44 7960 164892

Attachments:

1. Detailed Legitimate Interest Description

2. Use Cases and Scenarios

Overview of Details legitimate interest:

This page refers to the type of data being requested, the use cases as well as scenarios, the control

mechanism we have in place to secure store, transmit such data and which stakeholder within the

platform this is made visible to.

1. Basic Data of the Vehicle

Use Cases: This data is used to confirm vehicle identity and provide personalized service offers.

Scenarios: Before starting service, a motorist makes a request and confirm vehicle information,

service provider verifies the vehicle’s brand, model, and trim before issuing a quotation.

Personalized offers such as a discount on a particular model’s service are created.

Control Mechanisms: Data encryption, secure access protocols, role-based access controls

(RBAC), and logged access, alerts and audit trails are implemented to protect data.

Visibility: Motorists and service providers have visibility to confirm service eligibility and

personalization.

2. Technical Data of the Vehicle

Use Cases: This data helps in maintenance and repair planning.

Scenarios: Ensuring the correct parts are ordered for a repair, providing accurate repair

specifications.

Control Mechanisms: Encrypted transmission channels (e.g., TLS), authentication and

authorization protocols protect this data.

Visibility: Service providers need access to provide accurate services.

3. Technical Inspection Data

Use Cases: This dataset is used for compliance and safety checks.

Scenarios: Service providers check last inspection reports to per request from motorist to

address any issues.

Control Mechanisms: Access is restricted based on job roles.

Visibility: Motorists and service providers need this data for compliance inspections.

4. Selectable Access-Restricted Data

Use Cases: Vital for vehicle identity verification.

Examples: Verifying VIN and registration numbers for accurate vehicle description, record

keeping, performing legitimate service applications.

Control Mechanisms: authentication, data masking for non-essential visibility, compliance with

data protection regulations.

Visibility: Service providers access this data to verify the vehicle’s identity and the legitimate

owner.

Outputs Use Cases Scenarios Control Mechanism

Visibility

Basic Data of Vehicle

Identification & Verification, Personalised

Service Offerings

Identification: Confirming vehicle identity before service.

Data encryption and secure access protocols.

Motorists & Service

Providers

Verification: Checking the vehicles brand, model and trim

Role-based access controls (RBAC)

Service Offers: Offering of services that are tailored by the request from motorist

Logged access, alerts and audit trails

Technical Data of the

Vehicle

Maintenance & Repairs

Planning

Part Matching: Ensuring correct parts and accessories

Encrypted transmission channels Service

Providers Repair Specifications: Providing correct repair specifications.

Authentication and authorisation protocols

Technical Inspection

Data Safety Checks

Inspection Report: Accessing latest inspection reports to address Any identified issues

Restricted access based on job request

Motorist

Selectable Access-

Restricted Data

Vehicle Identity verification

Vehicle Identification: Verifying VIN and registration number for accurate description of vehicle, records keeping and service application

Authentication, Data masking for non essential visibility.

Service Providers

Details of Output and their sub data

1. Basic Data of Vehicle

a. Brand

b. Commercial name

c. Modification

d. Type approval number

e. Type approval extension

f. Type

g. Variant

h. Version

i. Category

j. Color

k. Multicolor

l. First registration date

m. Date of registration in Estonia

n. Country of origin

o. Class

p. Body name

q. Body type

r. Base factory

s. Time of next inspection

2. Technical Data of the Vehicle a. Length

b. Width

c. Height

d. Doors

e. Seats

f. Seats next to the driver

g. Standing positions

h. Tires on the axles item

i. Engine model

j. Engine type

k. Fuel type

l. Gearbox type

m. Notes

3. Technical Inspection a. Date and time of the last inspection

b. Type of inspection

c. Decision

d. Malfunctions (detailed)

e. Third-party odometer reading (Inspection points, regular and repair shops)

4. Selectable Access-Restricted Data a. Registration number

b. VIN code

References:

• Output refers to the categories of available data

• Use Cases refers to what the data will be used for

• Scenarios refers to a typical example of a use case

• Control Mechanism refers to how the data exchanges will be securely access, cached and

transmitted* Not all inform will be made available for viewing as some are meant for logical

processes.

• Visibility refers to the stakeholders that may view part of the data request. Motorist and

Automotive service providers such Auto repair shops, Tyre & Wheel shops, Glass fitment shops,

Parts & Accessory Shops, Paint & Body repair shops.