Privacy Policy
The data controller is required under the General Data Protection Regulation (GDPR) to provide clear information to data subjects. This policy fulfills the information obligation.
1. Data controller
Moody Monday Oy
Contact information:
Hämeentie 92
00550 Helsinki
For matters related to the register, contact:
Moody Monday Oy
Hämeentie 92
00550 Helsinki
info@moodymonday.fi
2. Data subjects
The register contains customer information and potential customer information for Moody Monday Oy.
3. Purpose of Processing Personal Data
Basis for maintaining the register:
Personal data is processed based on the registered individual’s customer relationship.
Personal data is processed based on consent.
Purpose of data processing and use of the register:
Personal data is processed only for predefined purposes, which are as follows:
Management of the customer relationship
Use, monitoring, and communication related to services
4. Personal Data Stored in the Register
The customer register includes the following data:
Contact Information
name
address
email
phone number
Customer Information
details of purchased products/services
(bank) account details
Usage information
operating system and browser details
IP-address
Cookies
5. Rights of Data Subject
The data subject has the following rights. Requests regarding these rights should be made to: info@moodymonday.fi
Right of Access
The data subject may review the personal data stored about them.
Right to rectification
The data subject may request corrections to inaccurate or incomplete personal data.
Right to Object
The data subject may object to the processing of personal data if they believe the data has been processed unlawfully.
Right to Restrict Direct Marketing
The data subject has the right to prohibit the use of their data to direct marketing.
Right to Erasure
The data subject has the right to request the erasure of their data if processing is unnecessary. Requests will be processed, and either the data will be deleted or a justified reason for its retention will be provided.
Note: The data controller may have a legal or other obligation to retain certain data. For instance, the Accounting Act (Chapter 2, 10 §) requires retention of financial records for 10 years, and such data cannot be deleted until the statutory retention period expires.
Right to Withdraw Consent
If personal data processing is based solely on consent (and not a customer relationship or membership), the data subject may withdraw their consent.
The Data Subject may complain about the verdict to the Data Protection Ombudsman
The data subject may request restrictions on the processing of the disputed data until the matter is resolved.
Right to File a Complaint
The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they believe that we are violating applicable data protection laws in our processing of personal data.
Contact details of the Data Protection Ombudsman (in Finnish):
www.tietosuoja.fi/fi/index/yhteystiedot.html
6. Regular Sources of Data
Customer data is regularly obtained:
Directly from the customer upon the establishment of the customer relationship
From the customer during service usage
7. Regular Disclosures of Data
Data is generally not disclosed outside Moody Monday Oy for marketing purposes.
We ensure that all our service providers comply with data protection legislation. Regularly used service providers include:
Deux Oy, deux.fi for sales period management services
8. Duration of Processing
Personal data is generally processed as long as the customer relationship is valid
For the retention period required by the Accounting Act
9. Data processors
The data controller and its employees process personal data. We may also partially outsource personal data processing for third parties. In such cases, we ensure through contractual arrangements that personal data is processed in compliance with applicable data protection laws and appropriately.
10. Transfer of Data Outside the EU
Personal data is not transferred outside the EU or the European Economic Area (EEA).
11. Automated Decision-Making and Profiling
We do not use personal data for automated decision-making or profiling.
Technical Surveillance
1. Controller
Name: Moody Monday Oy
Contact Information:
Saukonpaadenranta 8
00180 Helsinki
Contact Person for Register Matters:
Moody Monday Oy
Saukonpaadenranta 8
00180 Helsinki
info@moodymonday.fi
2. Name of the Register
Moody Monday Oy’s Technical Security Camera Surveillance Register for Business Premises
3. Legal Basis and Purpose for Processing Personal Data
Legal Basis
The legal basis for processing is the legitimate interest of the Controller (General Data Protection Regulation (GDPR), Article 6, section 1 f). Camera surveillance is necessary to protect the Controller’s property and business operations.
Purpose of Processing
Personal data is processed for the following purposes of technical security:
Ensuring and protecting the safety and security of property and personnel.
The prevention and investigation of potential criminal incidents and damages (e.g., theft, vandalism).
Comprehensive verification of surveillance situations, including audio recording, to safeguard the rights of customers and personnel by providing a more accurate account of events in case of disputes or criminal suspicions.
4. Data Content of the Register
The register contains recordings of customers and other individuals moving within Moody Monday Oy's monitored sales premises.
Recordings: Digital image and audio recordings of events within the field of view of the surveillance cameras.
Identification Data: Time and location of the recording.
5. Regular Sources of Information
Data is collected directly from Moody Monday Oy's continuously recording camera surveillance system in the business premises.
6. Regular Disclosures of Data and Transfer Outside the EU/EEA
Recordings are not regularly disclosed to external parties. Recordings may be disclosed:
To authorities for the investigation of crimes and damages (e.g., police, customs, insurance companies based on a statutory obligation or legitimate interest).
Transfer of Data Outside the EU/EEA: Data is not regularly transferred outside the European Union or the European Economic Area.
7. Recording Retention Period
Recordings are retained for a maximum of 30 days from the time of recording.
Exceptions: If a recording is relevant to the investigation of a crime or damage, the recording will be retained as long as necessary for the establishment, exercise, or defence of legal claims, or at the request of the authorities. In such cases, the recording is isolated to separate, protected storage.
8. Principles of Register Protection
Electronically Processed Data (Recordings): Access to the recordings is restricted only to pre-defined authorised individuals (e.g., management, person responsible for security) who have the right to process the data based on their work duties. Access to the system requires personal user IDs and passwords. Recording equipment is located in locked premises, complying with the requirements of technical security.
9. Rights of the Data Subject
The data subject (customer or other recorded person) has the following rights under the GDPR:
Right of Access: Generally, the right to know whether personal data concerning him or her is being processed. This right may be limited if it jeopardizes the purpose of surveillance or the rights and freedoms of others.
Right to Rectification: The right to request the correction of inaccurate data.
Right to Restriction of Processing: The right to request the restriction of processing in certain situations.
Right to Lodge a Complaint with a Supervisory Authority: The data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman if they consider that their personal data has been processed in violation of the EU General Data Protection Regulation.
The data subject may request to exercise these rights by contacting the Controller's contact person (section 1).