Visitor at Innoflame premises

Home / Data Protection at Innoflame / Visitor at Innoflame premises

Data protection in general

Data protection in Innoflame Oy’s operations:

  • Our customers’ privacy is very important to our business. We are committed to protecting the privacy of personal data and processing it appropriately and with a high standard of quality in all processing situations. We regularly work on both data protection and information security and enhance our operations to improve on these areas and entities.
  • The privacy statements are available to everyone on our website and, if necessary, we will send the information to the data subject upon request. The data protection documentation may be updated if necessary, and we will announce changes on the website. The privacy statement shows the date when it was last updated.
  • We actively follow the data protection practices in our field and ensure a high standard of data protection competence among our personnel. Competences are considered according to each person’s role – if a person’s job requires them to process significant amounts of personal data, they must have a high level of competence.

Processing personal data:

  • We have analysed the processing of personal data and the related processes in our operations. We have prepared an internal description of processing activities within the organisation. For data processing based on a legitimate interest, we have prepared a balance test to ensure that the legitimate interest is appropriate. We take a risk-based approach to processing personal data, and we regularly assess the threats and risks of processing personal data. We have conducted impact assessments if we have identified a high risk to the data subject due to the processing.
  • We do not process or retain personal data unnecessarily, and we erase all unnecessary data. Only a limited number of personnel process personal data, and the data can only be accessed by personnel whose job description requires them to process it. We use roles to limit the processing of personal data in different systems. This means that we only use the personal data that is necessary at the given time.
  • We process personal data in accordance with data protection principles, which we employ on a practical level in our operations. We have trained our personnel to act in accordance with the principles.

Information security

  • In addition to the processes related to processing personal data, we have paid attention to technical solutions to ensure that we only use secure technologies.
  • We require all our subcontractors and contractual partners to meet our quality requirements.
  • We ensure that firewall and antivirus solutions are up to date on all of our devices
  • We have implemented multi-factor login.
  • Our personnel are trained, and we use reliable, up-to-date systems and equipment.
  • We engage in continuous research and development work to ensure that information security is up to date.

Innoflame Oy’s role

  • Innoflame can act as both a controller and a processor of personal data.

CCTV on our premises

We use CCTV to protect our property and safeguard the lives and health of people on the premises. CCTV operates in real time and is recorded.

We use CCTV to collect and store image data of identifiable persons on Innoflame Oy’s premises and in the immediate vicinity (e.g. outdoor stairs). We do not perform automatic facial recognition, we do not use biometric data, and we do not identify the persons in the recordings. However, people can be identified when viewing a recording or real-time image.

The basics of CCTV comply with the General Data Protection Regulation, and Innoflame Oy, in its role as a controller, has assessed the necessity of CCTV and the processing of personal data resulting from it. CCTV is performed on the basis of a legitimate interest, and a balancing test has been carried out.

The records are processed systematically, and their processing is restricted to those who actually need it. The situations in which the recordings are processed are specified separately. The recordings have a life cycle (approximately 30 days), after which the new recording is automatically saved over the old one.

Innoflame Oy will not disclose, publish or distribute video recordings to third parties, except in connection with criminal investigations. CCTV recordings are not used for direct marketing or other marketing under any circumstances.

CCTV follows the same data protection practices and principles as for the processing of other personal data.

Data protection requirements are taken into account in their entirety, both in terms of technical implementations and organisational measures, throughout the entire life cycle.

CONTROLLER:
Innoflame Oy (business ID: 1055712-8)
Kornetintie 3
00380 Helsinki, Finland
Tel: +358 20 7433 601

Contact address for data protection matters: tietosuoja@innoflame.fi

Data subject’s rights

The data subject is entitled to obtain information on the processing of personal data generated in connection with CCTV and to access the data.

In some cases, the right to data access is subject to restrictions:

1. Harmful influence on the rights of others as per GDPR Article 15(4)

2. Controller cannot identify the data subject as per GDPR Article 11(2)

3. Unreasonable requests under this Article

If a data subject makes manifestly groundless or unreasonable requests (e.g. several requests from the same data subject within a short period or requests clearly made for the purpose of causing loss), on a case-by-case basis:
– a reasonable fee may be charged, or
– the controller may deny the request under the General Data Protection Regulation

The data subject has the right to have the data erased, and the data subject may exercise their right to object to data processing on the basis of their particular personal circumstances.

Innoflame Oy may need to apply the restrictions in these situations, too. Innoflame Oy’s CCTV places great emphasis on ensuring the safety of individuals and the legal protection of users of the premises, and the recordings are needed to prepare, present and defend legal actions. For this reason, the recordings cannot be erased, and data subject cannot object to them. 

Modifying the recordings is not possible, so individuals cannot be anonymised (e.g. by blurring faces) in them.

Each request sent by the data subject will be processed on a case-by-case basis and answered within one month of the request. If, for some reason, a request cannot be processed within that time, the data subject will be notified immediately. You can exercise your rights by filling in the subject access request on our website.

When submitting a request, the data subject must report a time window, with an accuracy of three hours, during which the data subject entered the area of CCTV coverage.

If, despite all attempts, the data subject cannot be identified, the data subject will be notified in connection with the request. In such a case, the data subject will be informed of the area covered by CCTV, the inspection of cameras in use, and about Innoflame Oy’s CCTV in general. The property has signs announcing the use of CCTV, and further details are available in the information in