Deliveries 6 days a week
Early in the morning, 5 a.m. to 9 a.m.
Service for corporate customers →

Camera surveillance register

EU General Data Protection Regulation (2016/679)

1. Data controller

Name: Lehtipiste Oy

Address: Koivuvaarankuja 2,
01640 Vantaa

Other contact details:
+358 800 94 020

2. Contact person for register matters

Title: Sales Director

Address: Koivuvaarankuja 2,
01640 Vantaa

Other contact details (phone during office hours, email): 
info@pakettipiste.fi
tietosuoja@lehtipiste.fi

3. Processing of personal data

Lehtipiste Oy processes personal data in accordance with the EU General Data Protection Regulation and other legislation. We process personal data within the limits permitted by law to ensure occupational safety and to secure property. We process personal data only to the extent necessary to fulfill the purposes defined for the personal data register.

The personal data we collect and process is obtained via installed cameras.

4. Basis and purpose of processing personal data

The basis for processing personal data in accordance with Article 6 of the EU General Data Protection Regulation is processing based on law and contract.

The information stored in the camera surveillance register is primarily used for lawful purposes (Act on the Protection of Privacy in Working Life (759/2004) § 16).

The purposes of using the data in the camera surveillance register are:

  • Ensuring the safety of people working and doing business in the premises.
  • Ensuring the interests and rights of employees.
  • Securing property belonging to the data controller.

The collected and processed personal data will not be subject to a decision based solely on automated processing, such as profiling. Camera surveillance is informed about by signs on site.

5. Name of the register

Camera surveillance register

6. Data content of the register

Personal data:

  • Image recordings generated in connection with recording camera surveillance.

7. Regular sources of information

Pakettipiste obtains personal data via installed cameras.

8. Regular disclosure of information

Information is primarily not disclosed further. Based on a statutory requirement from an authority, the information can be disclosed.

9. Transfers of data out of EU or EEA

Data is not transferred or processed outside the EU or EEA.

10. Register protection principles

We use necessary technical and organizational data security measures to protect personal data against unauthorized access, disclosure, destruction, or other unauthorized processing.

The service and data are protected by appropriate technical (e.g., using a firewall, access control, securing physical equipment facilities, secured connections and access rights, as well as through active monitoring of the aforementioned) and administrative measures. Administrative data security measures include data security, data protection, and risk management policies, as well as personnel guidelines and operational processes drawn up based on them.

The data can only be accessed by persons whose job description includes its use. These measures implement the comprehensive data security of the register as well as the confidentiality, integrity, and availability of personal data. Employees who process or view the data are bound by a duty of confidentiality and non-disclosure.

11. Retention period of personal data

Personal data is retained for as long as necessary to fulfill the purposes defined in section 4 in accordance with the legislation in force at the time. The recording of personal data is primarily retained for 14 days.

12. Right of access to and rectification of personal data

In accordance with Article 15 of the EU General Data Protection Regulation, the customer has the right to access what information concerning them has been stored in the register. A request for access can be made by contacting Pakettipiste via the GDPR form found at Privacy Policy | Lehtipiste.

13. Other rights of the data subject related to the processing of personal data

A. Right to erasure (EU General Data Protection Regulation Article 17): The customer has the right to request the erasure of their personal data from the register at any time.

B. Right to restriction of processing (EU General Data Protection Regulation Article 18): The customer has the right to restriction of data processing if the data is inaccurate, the processing is unlawful, the data controller does not need the personal data in question for the purposes of processing, or the customer has objected to the processing of personal data related to profiling.

C. Right to data portability (EU General Data Protection Regulation Article 20): The customer has the right to receive the personal data concerning them, which they have provided to the data controller, in a structured, commonly used and machine-readable format, and the right to transmit those data to another data controller.

D. Right to withdraw consent (EU General Data Protection Regulation Article 7): The customer has the right to withdraw their consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

E. Right to lodge a complaint with a supervisory authority (EU General Data Protection Regulation Article 77): The customer has the right to lodge a complaint with a supervisory authority if they consider that the processing of personal data relating to them infringes the EU General Data Protection Regulation, without prejudice to any other administrative or judicial remedy.


A request related to these rights can be made by contacting Pakettipiste via the GDPR form found at Privacy Policy | Lehtipiste.

14. Updating the Privacy Policy

As our business develops, we reserve the right to change this privacy policy based on actual need (a significant business change). Updates may also be based on changes in legislation.