Merima Ltd (0678168-8)
Tatti 10
00760 Helsinki
Minna Mäkiranta-Blyth
tietosuoja@merima.fi
Camera surveillance register
2025-03-03
Legitimate Interest
Legal bases of processing data: the legitimate interest of the data controller.
Data is processed as required to investigate possible security anomalies at the premises of the data controller and, in the case of criminal cases, by the necessary authorities.
The purpose of processing has to do with general safety, such as the investigation and prevention of criminal activity, vandalism, and other types of misconduct on premises owned or monitored by the data controller.
The individuals defined by the controller are legitimate on the basis of their duties or position on the processing of personal data on camera surveillance (eg recordings for viewing and listening to records), as well as administrative services personell, and possibly individual persons related to solving current matter.
In addition, the employer also has the right to use the registry for the protection of privacy in accordance with Article 17 § 2 of Section 1-3 of the Law on Privacy (759/2004) to conclude the establishment of an employment relationship to the establishment of an employment relationship, disruption or harassment of harassment or harassment in the Act on Equality between Women and Men (609/1986) in order to identify and demonstrate the harassment and inappropriate behavior referred to in the Occupational Safety Authority (738/2002), as well as to identify the risk or threat of occupational safety or other occupational safety.
The data controller’s legitimate interest for processing collected and used personal data is based on the Data Controller's and it's employee's security needs and the freedom to engage in commercial activity.
The controller's own personnel. Information is not regularly disclosed anywhere without a legitimate criterion (the law on the protection of privacy in working life 759/2004). Information is transferred to the police only in special situations through the criminal reporting procedure in cases where there has been or suspected of an offense or in case of damage if necessary for the insurance company.
Information may also be disclosed to identify and recover the accident at work, harassment or other inappropriate behavior to the supervisor's leadership of the controller's organization.
The register contains the following personal data of the following image material from any of the persons moving in the domain of the data controllers property in the domain of the data controllers property:
1) The appearance of a person and the characteristics of the person
2) Exact time and location of movement on property or in the area of surveillance.
The register saves information always when a person is moving in the camera monitoring area as camera control works with motion detection. The recording camera control is indicated by labeling. The cameras are placed in the entrances, general premises, paths and yard areas owned / managed by the controller owned / managed by the controller, and for particular control need for certain functional reasons due to particularly vulnerable objects.
As a regular source of information, there are surveillance cameras whose registers describe the registry information, which are the image material transmitted by the cameras of the recording control system.
Data collected from surveillance cameras is stored for a necessary period if it contains information relevant to ongoing investigations, with a maximum storage time of 90 days.
Once the investigation is completed, the data is kept for as long as needed for legal procedures. After this period, the data will be removed.
If the retention period involves a notification of damage or any other offense, the recording is kept for the time required to determine the crime. The data controller removes stored personal information when there is no longer any legal basis for its handling and regularly evaluates the need for data retention in accordance with internal code of conduct.
Data in the filing system will not be disclosed to third parties unless disclosure is required for upholding security.
If criminal activity is suspected, data may be disclosed to the police.
Personal data will not be transferred outside the European Union unless necessary for ensuring the technical implementation of the company’s or its partners’ activities.
Electronically processed data contained within the filing system are protected with firewalls, passwords and other necessary data security measures in accordance with current methods in the field.
Only identifiable individuals employed by the data controller or companies acting on behalf of or under commission by the data controller who have signed confidentiality agreements have access to data stored in the filing system by means of unique access permissions.
The results of data processing are not used for profiling or other related purposes.
The data subject has the right to inspect what information about them has been stored in the filing system. The request for data access should be sent to the responsible person of the register. The request must be made in writing and it must be signed by the data subject. A request for data access can also be made in person at the data controller’s place of business. In order to gain access to the data, the data subject should provide information on the place and time of when the recording would have taken place as accurately as possible. The data subject should attach a photo of themselves with the request for data access.
The data subject has the right to transfer their personal data from one system to another. Request of transfer can be sent to the contact person of the filing system.
Taking into account the purposes of processing, any data stored in the filing system that is inaccurate, unnecessary, incomplete, or outdated must be erased or rectified.
The written and signed request for rectification should be sent to the company’s customer service or the personal data filing system’s administrator.
The request should specify what information should be rectified and on what grounds. Rectification shall be carried out without delay.
Notification of rectification will be sent to the party who provided the inaccurate data or to whom the data were disclosed.
If a request for rectification is denied, the responsible person of the filing system will provide a written document stating the grounds for the denial of the request for rectification. The data subject concerned may then pass the matter alongto the Data Protection Ombudsman.
If you consider that an infringement of the General Data Protection Regulation has occurred in the processing of your personal data, you have the right to lodge a complaint with a supervisory authority.
The complaint can also be lodged in a member state where you are a permanent resident or where you are employed.
Contact information for the Finnish national supervisory authority: Office of the Data Protection Ombudsman PL 800, Lintulahdenkuja 4, 00530 Helsinki tel. +358 29 566 6700 tietosuoja@om.fi www.tietosuoja.fi/en/
Right to restrict processing
The data subject has the right to request that the processing of their personal data is restricted for example if data stored in the filing system is erroneous. Requests should be sent to the responsible person of the filing system.
Right to object
The data subject has the right to request for personal data pertaining to them, and the data subject has the right to request for the rectification or erasure of said data. Request can be sent to the contact person of the filing system.
If you are acting as the contact person of a company or organisation, your data cannot be erased during this time.
The data subject has the right to prohibit the disclosure of processing of personal data for the purposes of direct marketing or other marketing, the right to demand the anonymization of data where applicable, as well as the right to be completely forgotten.