About Maria 01
Startup Maria Oy (2760866-5) (“Maria 01”, “we”, “us”) operates the www.maria.io website (the “Webpage”), where Maria 01 provides office space for startups and event hosting premises (collectively the “Services”) at Lapinlahdenkatu 16, 00180, Helsinki.
Startup Maria Oy respects your privacy and is dedicated to protecting the privacy of persons using the Services. Under the General Data Protection Regulation (2016/679), Maria 01 is liable for the processing of personal data as a controller. “Personal data” refers to any information relating to a natural person (“data subject”) that can identify the natural person directly or indirectly, e.g. name and address but also additionally possible location data or IP addresses.
Controller and contact information
Purposes and legal basis for processing Personal Data
We process only such Personal data that is relevant and necessary for the purpose it has been collected or obtained for, and we process the Personal data in compliance with laws and regulations.
Personal data set out below will be processed for the following purposes:
Provision of the Services
We use Personal data to provide the Services and the maintenance of the Services, customer relationship management and customer support. The processing of Personal data for these purposes is based on the necessity for the fulfillment of our agreement with you and our legitimate interest to provide you with a customized experience that is tailored to your preferences.
You may subscribe to our marketing email. When Personal data is used for sending you our electronic marketing, such communications will be based on your consent (opt-in) which you can withdraw at any time. However, Maria 01 can send direct marketing regarding services similar to the one you have acquired from us by using the electronic contact information you have provided. You also have the right to object to this kind of marketing, and it is possible to do it in advance (opt-out) as well.
Tracking and automated decision-making including profiling
Personal data is processed for preventing, detecting, and remediating potentially prohibited or illegal activities. Additionally, Personal data is also processed in order to protect data and property. Personal data can be used for investigating possible security incidents, crimes or damages. Processing related to security and safety is based on a statutory obligation or Maria 01’s legitimate interest such as protection of our property. This includes our right to check video surveillance footage of Maria 01 campus for any suspected breach of conduct or vandalism of the property.
We also process Personal data to comply and fulfil our legal duties and obligations. Thus, the processing is based on statutory obligation.
For processing activities that are based on a legitimate interest, we have carefully balanced such legitimate interest with your right to privacy and concluded that our interest outweighs your rights and freedom, and it is likely that it would be acceptable to you for us to process your Personal data this way.
How to give consent
When Personal data is used for sending you our electronic marketing or we use your photo from our events in our external communication, the processing will be based on your consent (opt-in). Furthermore, when we collect your Personal data, you can give your consent for processing your Personal data for certain purposes.
Withdrawal of consent
You have the right to withdraw your consent at any time regarding further processing of your Personal data. The consent can be withdrawn by contacting the organization by email firstname.lastname@example.org or by using an unsubscribe link in our marketing emails. We will comply with such a request unless there is other legitimate ground to process the Personal data.
Personal Data processed and data sources
The following Personal data from the data subjects will be processed:
Data regarding tenancy
- Contact information (name, telephone number(s), email address)
- Company Legal information
- Communication data
- Access data
- Parking Permit
- PIN-code for doors
- Visitor data
- Video surveillance
- Dietary Needs
- Contact information
Marketing and communication
- Contact information
- Photo and video
- Role and title
- Contact information
- Dietary preferences
Electronic identification data:
- Internet Protocol (IP) address and general location based on IP-address
- Username and user ID
- Type of the device
- Credit/debit card details
- Bank account number
We do not collect or process any special categories of Personal data such as racial or ethnic origin or political opinions.
The Personal data is collected from the following sources:
- Information you provide us when signing up to use the Services
- Automatically collected information when you use our products and services
- Information from third parties
When your company is already in the HubSpot database, we will update your data by using data from HubSpot.
Retention of Personal Data
Personal data and retention periods are listed below:
|Retention period or criteria used to determine the period
|Data regarding tenancy
|– 2 years after the end of the tenancy agreement
– tenancy applications two months after receiving the application
– video surveillance data
|– two years after the last payment transaction
|Marketing and communication
|– until person has opted out
|– two years after consultation
|– one year after the event
|– two years after the contract has ended
Disclosures, transfers and recipients of Personal Data
We may share Personal Data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business. In exceptional cases, Personal data may be disclosed to third parties if required under any applicable law or regulation or an order by competent authorities, and to investigate possible infringing use of the services as well as to guarantee the safety of the services.
Transfers outside eu/eea
Protection of Personal Data
We commit to follow the security provisions of applicable data protection regulations, as well as to process Personal Data in compliance with good processing practices. We have taken adequate technical and organizational measures to protect Personal Data. We store the Personal data with limited access rights and secure IT environments. The IT environments are protected with firewalls and other adequate security techniques, and advanced monitoring is done 24/7. Our personnel and processors that process Personal Data are obliged to keep Personal Data strictly confidential. Access to Personal Data is only granted to the employees that need it to perform their work tasks. The employees have personal IDs and passwords. In the case of any data breach, we will inform the authorities and users/data subjects of the data breach according to applicable information security and data protection regulation(s).
Rights of the Data subjects and supervisory authority
The data subjects have the rights set out in the applicable data protection legislation
Right of access and right of inspection
You have the right to obtain confirmation from us as to whether or not Personal data concerning you is being processed. You have the right to inspect and view data concerning you and, upon a request, the right to obtain the data in a written or electronic form.
Right to rectification and right to erasure (right to be forgotten)
You have the right to demand the rectification of inaccurate Personal data concerning you and to have incomplete Personal data completed. You also have the right to require us to delete your Personal data. We also delete, correct and complete incorrect, unnecessary, incomplete or outdated data on our own initiative when we notice such data.
Right to data portability and to object and restrict processing
You have the right to receive the Personal data that you have provided to us in a structured, commonly used and machine-readable format and, if desired, transmit your data to another controller. You have the right to request the restriction of processing of your Personal data in accordance with the conditions set out in the data protection legislation. We will also restrict the processing of your Personal data if we cannot correct or delete incorrect data, or if there is any uncertainty related to request to erase your data. You have the right to object to the processing of your Personal data for certain purposes. For example, you may object to your Personal data being used for marketing purposes.
Right to withdraw consent
If the processing of your Personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. You can deny any direct marketing and withdraw your consent regarding electronic direct marketing by following the instructions received in connection with the marketing communication (e.g., in the marketing email or sms).
How to exercise the rights of the data subjects
After receiving all the required information for your request (including confirmation of identity), we will start the processing of your request. We will do our best effort to process your request within a period of one (1) month. We may reject requests that are unreasonably repetitive, excessive, or manifestly unfounded.
Right to lodge a complaint with the supervisory authority
In case you consider our processing activities of your Personal Data to be inconsistent with the general data protection regulation (GDPR) (EU) 2016/679, you have the right to complain with a data protection supervisory authority.
Version number 1.0
Change description –
Date 26 Jan 2022
Terms and conditions
Please read these Terms and Conditions (“Terms”, “Terms and Conditions”) carefully before using the www.maria.io website operated by Startup Maria Oy. Your access to and use of the Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Service. By accessing or using the Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Service.
If you wish to become a member you can send us a membership application. You will be asked to supply certain information regarding your company. Your application will only be processed if the application information submitted contains all the information needed. Your application can be either accepted or rejected according to our requirements. We reserve all the rights to accept or decline an application. The information you provide is confidential and only seen by Maria 01 staff.
If you wish to host your event at Maria 01 you are required to fill out the form on the website with detailed information of your event. We reserve the right to decide upon our interest to grant you the booking. The information you provide is confidential and only seen by Maria 01 staff.
The Newsletter Subscription section is meant for those wanting to receive monthly updates about Maria 01. You must provide your first name, email and the group you belong to. You can unsubscribe and request your data to be deleted at any time.
Links to other websites
Our Service may contain links to third-party web sites or services that are not owned or controlled by Startup Maria Oy. Startup Maria Oy has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or services. You further acknowledge and agree that Startup Maria Oy shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or services available on or through any such web sites or services.
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 30 (change this) days’ notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
If you have any questions about these Terms, please contact us. Our email is email@example.com