Privacy Policy

The data controller is required under the General Data Protection Regulation (GDPR) to provide clear information to data subjects. This policy fulfills the information obligation.

1. Data controller

Moody Monday Oy

Contact information:
Hämeentie 92
00550 Helsinki

For matters related to the register, contact:

Moody Monday Oy
Hämeentie 92
00550 Helsinki
info@moodymonday.fi

2.  Data subjects

The register contains customer information and potential customer information for Moody Monday Oy.

3. Purpose of Processing Personal Data

Basis for maintaining the register: 

  • Personal data is processed based on the registered individual’s customer relationship. 

  • Personal data is processed based on consent.

Purpose of data processing and use of the register:

Personal data is processed only for predefined purposes, which are as follows:

  • Management of the customer relationship

  • Use, monitoring, and communication related to services

4. Personal Data Stored in the Register

The customer register includes the following data:

Contact Information

  • name

  • address

  • email

  • phone number


Customer Information

  • details of purchased products/services

  • (bank) account details

Usage information

  • operating system and browser details

  • IP-address

  • Cookies

 

5. Rights of Data Subject

The data subject has the following rights. Requests regarding these rights should be made to: info@moodymonday.fi

Right of Access 

The data subject may review the personal data stored about them.

Right to rectification

The data subject may request corrections to inaccurate or incomplete personal data.

Right to Object

The data subject may object to the processing of personal data if they believe the data has been processed unlawfully. 

Right to Restrict Direct Marketing

The data subject has the right to prohibit the use of their data to direct marketing.

Right to Erasure

The data subject has the right to request the erasure of their data if processing is unnecessary. Requests will be processed, and either the data will be deleted or a justified reason for its retention will be provided.

Note: The data controller may have a legal or other obligation to retain certain data. For instance, the Accounting Act (Chapter 2, 10 §) requires retention of financial records for 10 years, and such data cannot be deleted until the statutory retention period expires.

Right to Withdraw Consent

If personal data processing is based solely on consent (and not a customer relationship or membership), the data subject may withdraw their consent.

The Data Subject may complain about the verdict to the Data Protection Ombudsman

The data subject may request restrictions on the processing of the disputed data until the matter is resolved.

Right to File a Complaint

The data subject has the right to lodge a complaint with the Data Protection Ombudsman if they believe that we are violating applicable data protection laws in our processing of personal data.

Contact details of the Data Protection Ombudsman (in Finnish):
www.tietosuoja.fi/fi/index/yhteystiedot.html

6. Regular Sources of Data

Customer data is regularly obtained:

  • Directly from the customer upon the establishment of the customer relationship

  • From the customer during service usage

7. Regular Disclosures of Data

Data is generally not disclosed outside Moody Monday Oy for marketing purposes.  

We ensure that all our service providers comply with data protection legislation. Regularly used service providers include:

  • Deux Oy, deux.fi for sales period management services

8. Duration of Processing

  • Personal data is generally processed as long as the customer relationship is valid

  • For the retention period required by the Accounting Act

9. Data processors

The data controller and its employees process personal data. We may also partially outsource personal data processing for third parties. In such cases, we ensure through contractual arrangements that personal data is processed in compliance with applicable data protection laws and appropriately.

10. Transfer of Data Outside the EU

Personal data is not transferred outside the EU or the European Economic Area (EEA).

11. Automated Decision-Making and Profiling

We do not use personal data for automated decision-making or profiling.