This is the privacy notice of YES-EU Oy in accordance with the EU General Data Protection Regulation (EU) 2016/679 concerning the processing of personal data in connection with video surveillance.

This notice describes how YES-EU Oy processes personal data of individuals subject to video surveillance (“data subjects”).

YES-EU Oy operates in the import, sales, installation, and maintenance of electric buses, commercial vehicles, and related electrification equipment.

Prepared: 10 May 2023. Last updated: 25 June 2026.

1. Controller

YES-EU Oy
Business ID: FI31985228
Perintötie 8, 01510 Vantaa
Phone: +358 44 493 2020

2. Contact details for data protection matters

Contact: Tietosuoja@YES-EU.com

3. Purpose of processing and legal basis

The controller processes personal data in connection with video surveillance for the following purposes:

– Protection of property and prevention of misuse
– Ensuring the safety of premises and outdoor areas
– Prevention and investigation of crimes, damages, and accidents
– Supporting and improving occupational safety
– Safeguarding the legal protection of personnel, customers, and other parties in cases of damage or disputes

Recordings may be used for these purposes, for example in investigating incidents, occupational accidents, or liability matters.

The legal basis for processing is the legitimate interest of the controller (Art. 6(1)(f)).

4. Legitimate interest of the controller

The controller has a lawful and legitimate interest in protecting its property, ensuring the safety of its premises, and preventing and investigating damages, crimes, and accidents.

Video surveillance is also necessary to ensure occupational safety and to safeguard the legal rights of personnel and other data subjects in situations where events need to be objectively clarified.

Processing is limited to areas covered by video surveillance. Surveillance is not directed at areas where privacy is particularly protected (such as social facilities). Recordings are reviewed only when justified.

Data subjects have a reasonable expectation of video surveillance in premises, workshop environments, and outdoor areas.

In the overall assessment, the legitimate interest of the controller does not override the rights and freedoms of the data subjects.

5. Categories of personal data

The personal data processed includes:

– Images and video recordings captured by surveillance cameras
– Time and location data related to the recordings

Recordings may contain images of individuals as well as their movements and activities within monitored areas.

6. Sources of personal data

Personal data is collected from the video surveillance system consisting of recording cameras located in YES-EU Oy premises and nearby areas.

7. Disclosure and transfer of data

Personal data may be disclosed within the limits permitted by law:

– To authorities for investigation of criminal or accident situations
– To insurance companies for handling damage claims

Data is not regularly disclosed to other parties.

As a rule, data is not transferred outside the EU/EEA. Any transfers are carried out using appropriate safeguards required by applicable legislation (e.g. European Commission standard contractual clauses).

8. Principles of data protection

Personal data is processed with appropriate care and security:

– Recordings are stored in a local, secure system
– Storage equipment is located in locked premises
– Access to the system is restricted to authorized persons
– Recordings are handled confidentially and only to the extent necessary for work duties

Recordings are not monitored continuously; they are reviewed only when justified, such as in exceptional situations.

9. Retention periods

Recordings are generally stored for a maximum of three months, after which they are automatically deleted.

Recordings may be retained longer if necessary:

– To comply with a request from authorities
– To investigate criminal, damage, or accident situations
– To establish, present, or defend legal claims

The necessity of retention periods is assessed regularly.

10. Data subject rights

The data subject has the following rights:

– Right to be informed and access personal data
– Right to request rectification or erasure where applicable
– Right to request restriction of processing
– Right to object to processing based on legitimate interest
– Right to lodge a complaint with the supervisory authority

Requests for access must be sufficiently specified (e.g. time and location) and submitted in writing to the contact e-mail address in section 2.

We will respond to requests within one month in principle. Additional information may be requested to verify identity.