Harjun Mori

Our Story

Contact Information

Privacy Policy

Privacy Policy

Privacy Policy of Mori Creative Oy

Under the General Data Protection Regulation (GDPR), the data controller is required to provide clear information to data subjects. This privacy policy fulfills that requirement.

Data Controller

Mori Creative Oy (Business ID: 3619943-7)
Contact details:
tiina@moricreative.fi

Data Subjects

Mori Creative, Inc.:

  1. Customers
  2. Partners
  3. Employees

Registers Maintained by Mori Creative Oy

  1. Customer Registry
  2. Partner Registry
  3. Employee Directory

Legal Basis and Purpose of Processing

Legal basis for maintaining the registers:

  1. Customer relationship; consent of the customer or another relevant connection
  2. Partner relationship; consent, contract, or other relevant connection
  3. Employment relationship; employment contract

Purpose of Processing Personal Data

Personal data is processed only for specific purposes, which include:

  1. Customer Registry:
    • Management and Development of Customer Relationships
    • Customer communication
    • Marketing planning and targeting
    • Development of Customer Service
    • Ticket sales for events
    • Development of services and business operations
  2. Partner Registry:
    • Management and Development of Cooperative Relationships
    • Communication and Billing
  3. Employee Register:
    • Management of Employment Relationships
    • Compliance with legal obligations

Personal data is processed on the basis of consent, legitimate interest, and compliance with legal obligations.

Personal Data Stored in the Registers

Customer Registry:

  • Contact information
    • Name
    • Address
    • Email
    • Phone number
  • Payment information (bank account number/credit card number)
  • Information about purchased products/services
  • Marketing permissions
  • Communication history (e.g., emails), complaints, feedback, etc.

Partner / Supplier Registry:

  • Contact information
    • Name
    • Address
    • Email
    • Phone number
  • Title or professional designation
  • Billing information
  • Communication history (e.g., emails), complaints, feedback, etc.

Employees:

  • Contact information
    • Name
    • Address
    • Email
    • Phone number
    • Next of kin
  • Employment-related information, such as:
    • Job title
    • Work and Education History
    • Language skills
    • Length of employment
    • Working time records and absences
  • Payroll-related information:
    • Tax information
    • Bank account information
  • Communication history

Rights of the Data Subject

The data subject has the following rights. Requests regarding these rights should be submitted to the contact person listed above.

  • Right of access:
    The data subject can check what personal data we have stored.
  • Right to rectification:
    The data subject may request the correction of inaccurate or incomplete data.
  • Right to object:
    The data subject may object to the processing of personal data if they believe it is unlawful.
  • Right to object to direct marketing:
    The data subject has the right to object to the use of their data for direct marketing.
  • Right to erasure:
    The data subject has the right to request the deletion of their data if processing is no longer necessary.
    After receiving a deletion request, we will either delete the data or provide a justified reason why it cannot be deleted.

Please note that the data controller may have a legal obligation or other valid reason to retain data. For example, accounting records must be retained for the period specified in the Accounting Act (Chapter 2, Section 10), i.e., 10 years.

  • Withdrawal of consent:
    If processing is based solely on consent (and not, for example, on a customer relationship), the data subject may withdraw their consent.
  • Right to restriction of processing:
    The data subject may request that the processing of disputed data be restricted until the matter is resolved.
  • Right to lodge a complaint:
    The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they believe that personal data is being processed in violation of applicable data protection laws.

Contact details for the Data Protection Ombudsman:
www.tietosuoja.fi/fi/index/yhteystiedot.html

Sources of Personal Data

As a rule, personal data is obtained from the companies or individuals themselves, as well as from publicly available online sources.

Regular Disclosure of Personal Data

Personal data is disclosed to authorities to comply with legal obligations.

As a general rule, data is not disclosed to third parties. If data is disclosed, we ensure that all service providers comply with data protection laws.

Data Retention Period

  • Personal data is generally processed for as long as the customer or partner relationship remains in effect and as required by applicable law.
  • Employee data is retained in accordance with employment laws.

Processors of Personal Data

Personal data is processed by the data controller and its employees. Access is limited to employees who need the data for their work and are authorized to process it.

Processing may also be partially outsourced to third parties. In such cases, contractual arrangements ensure that personal data is processed in accordance with applicable data protection laws and in an appropriate manner.

Transfers of Data Outside the EU

Data is not transferred outside the EU or the EEA.

Data may be stored on cloud servers located outside the EU/EEA, in compliance with GDPR requirements.

Automated Decision-Making and Profiling

We do not use personal data for automated decision-making or profiling.