Harjun Mori

Tarinamme

Yhteystiedot

Privacy Policy

Privacy Policy

Privacy Policy of Mori Creative Oy

Under the General Data Protection Regulation (GDPR), the data controller has an obligation to inform data subjects in a clear manner. This privacy policy fulfills that obligation.

Data Controller

Mori Creative Oy (Business ID: 3619943-7)
Contact details:
tiina@moricreative.fi

Data Subjects

Mori Creative Oy’s:

  1. Customers
  2. Partners
  3. Employees

Registers Maintained by Mori Creative Oy

  1. Customer Register
  2. Partner Register
  3. Employee Register

Legal Basis and Purpose of Processing

Legal basis for maintaining the registers:

  1. Customer relationship; consent of the customer or another relevant connection
  2. Partner relationship; consent, contract, or other relevant connection
  3. Employment relationship; employment contract

Purpose of Processing Personal Data

Personal data is processed only for predefined purposes, which include:

  1. Customer Register:
    • Management and development of customer relationships
    • Customer communication
    • Planning and targeting of marketing
    • Development of customer service
    • Ticket sales for events
    • Development of services and business operations
  2. Partner Register:
    • Management and development of cooperation relationships
    • Communication and invoicing
  3. Employee Register:
    • Management of employment relationships
    • Fulfillment of statutory obligations

Personal data is processed based on consent, legitimate interest, and compliance with legal obligations.

Personal Data Stored in the Registers

Customer Register:

  • Contact details
    • Name
    • Address
    • Email
    • Phone number
  • Payment information (bank/credit card number)
  • Information on purchased products/services
  • Marketing permissions
  • Communication history (e.g. emails), complaints, feedback, etc.

Partner / Supplier Register:

  • Contact details
    • Name
    • Address
    • Email
    • Phone number
  • Title or professional designation
  • Billing information
  • Communication history (e.g. emails), complaints, feedback, etc.

Employees:

  • Contact details
    • Name
    • Address
    • Email
    • Phone number
    • Next of kin
  • Employment-related information, such as:
    • Job title
    • Work and education history
    • Language skills
    • Duration of employment
    • Working time records and absences
  • Payroll-related information:
    • Tax information
    • Bank account details
  • Communication history

Rights of the Data Subject

The data subject has the following rights. Requests related to these rights should be submitted to the contact person mentioned above.

  • Right of access:
    The data subject can check what personal data we have stored.
  • Right to rectification:
    The data subject can request correction of inaccurate or incomplete data.
  • Right to object:
    The data subject can object to the processing of personal data if they believe it is unlawful.
  • Right to prohibit direct marketing:
    The data subject has the right to prohibit the use of their data for direct marketing.
  • Right to erasure:
    The data subject has the right to request deletion of their data if processing is no longer necessary.
    After receiving a deletion request, we will either delete the data or provide a justified reason why it cannot be deleted.

Please note that the data controller may have a legal obligation or other valid reason to retain data. For example, accounting records must be retained for the period specified in the Accounting Act (Chapter 2, Section 10), i.e. 10 years.

  • Withdrawal of consent:
    If processing is based solely on consent (and not, for example, on a customer relationship), the data subject may withdraw their consent.
  • Right to restriction of processing:
    The data subject may request restriction of processing of disputed data until the matter is resolved.
  • Right to lodge a complaint:
    The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they believe that personal data is being processed in violation of applicable data protection legislation.

Contact details of the Data Protection Ombudsman:
www.tietosuoja.fi/fi/index/yhteystiedot.html

Sources of Personal Data

As a rule, personal data is obtained from the companies or individuals themselves, as well as from publicly available internet sources.

Regular Disclosures of Personal Data

Personal data is disclosed to authorities to fulfill legal obligations.

As a rule, data is not disclosed to third parties. If disclosures are made, we ensure that all service providers comply with data protection legislation.

Data Retention Period

  • Personal data is generally processed for as long as the customer or partner relationship is valid and as required by applicable legislation.
  • Employee data is retained in accordance with employment legislation.

Processors of Personal Data

Personal data is processed by the data controller and its employees. Access is limited to employees who need the data for their work and have the right to process it.

Processing may also be partially outsourced to third parties. In such cases, contractual arrangements ensure that personal data is processed in accordance with applicable data protection legislation and appropriately.

Transfers of Data Outside the EU

Data is not transferred outside the EU or EEA.

Data may be stored within the EU/EEA on foreign cloud servers, in compliance with GDPR requirements.

Automated Decision-Making and Profiling

We do not use personal data for automated decision-making or profiling.