Privacy Policy

Effective 5 May 2026 · Last updated 5 May 2026

MO6 is operated by Fifth Innovation Oy, a Finnish company headquartered in Helsinki. We try to keep this site honest about what data it collects and what we do with it. The short version: this website sets no cookies, uses no advertising or tracking pixels, and only collects personal data when you choose to fill in the contact form.

1. Who we are

The data controller for personal data collected on mosix.co is:

Fifth Innovation Oy
Bulevardi 19 A8, 00120 Helsinki, Finland
Business ID (Y-tunnus): 2860817-3
Email: info@mosix.co

"We", "us", "our", and "MO6" in this policy refer to Fifth Innovation Oy operating the MO6 brand.

2. What data we collect, and why

Contact form

When you submit the form on the contact page to request samples or get in touch, we collect what you enter: first name, last name, email address, and optionally phone number, product of interest, and a free-text message. We use this data solely to respond to your inquiry and (if relevant) to ship samples or follow up about your project.

Legal basis: Article 6(1)(b) GDPR — necessary to take steps at your request prior to entering into a contract — and Article 6(1)(f) — our legitimate interest in responding to commercial inquiries.

Server logs

Our hosting provider (Cloudflare) automatically records technical request data: IP address, user agent string, requested URL, response status, and timestamp. We do not use these logs to identify or profile individual visitors; we use them only for security, abuse prevention, and debugging.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in keeping the site secure and operational.

Cookieless web analytics

We use Cloudflare Web Analytics, a privacy-preserving analytics service that does not set cookies, does not use device fingerprinting, and does not create individual visitor profiles. It records aggregated, anonymized statistics: page views, top pages, top referrers, country-level traffic, device and browser categories, and Web Vitals performance metrics.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in understanding aggregate site usage. Because the service is cookieless and does not process personal data in a way that requires consent under the ePrivacy Directive, no cookie banner is presented.

Bot protection

The contact form is protected by Cloudflare Turnstile, which evaluates browser characteristics to determine whether the request is from a human or an automated bot. Turnstile does not set cookies and does not collect personal data beyond the IP address and browser metadata needed to make a real-time risk decision.

Legal basis: Article 6(1)(f) GDPR — legitimate interest in preventing abuse of the form.

3. Cookies and similar technologies

This website does not set any cookies. No first-party cookies, no third-party cookies, no localStorage, no sessionStorage, no advertising or social-media tracking pixels. You can verify this in your browser's developer tools.

4. Who processes your data on our behalf

We use the following service providers (sub-processors) to operate the website and respond to inquiries. Each is bound by a data processing agreement and may only process data on our instructions.

Cloudflare, Inc.

Hosting, content delivery, DNS, Web Analytics, and Turnstile bot protection. Headquarters in the United States; EU edge processing for visitors in the EU. Adheres to the EU–US Data Privacy Framework and provides Standard Contractual Clauses where applicable.

Resend (Resend, Inc.)

Transactional email delivery: when you submit the contact form, the message is delivered through Resend's API to our inbox. We have selected Resend's EU region so the message contents are processed in the European Union.

Google LLC (Google Workspace)

Our info@mosix.co inbox runs on Google Workspace. Once an email arrives, it is stored in Google's infrastructure and routed to the relevant team members. Google Workspace adheres to the EU–US Data Privacy Framework and offers Standard Contractual Clauses.

We do not sell, rent, or trade your personal data to third parties for marketing.

5. International data transfers

Some of the providers above are headquartered outside the European Economic Area (EEA), principally in the United States. Where data is transferred outside the EEA, the transfer is protected by one or more of: (a) the EU–US Data Privacy Framework adequacy decision, (b) European Commission Standard Contractual Clauses, and (c) supplementary technical measures such as encryption in transit and at rest.

6. How long we keep your data

Contact form submissions: retained in our inbox for up to 24 months from your last interaction with us, after which they are deleted unless we have an ongoing business relationship that requires keeping them longer (e.g., a quote, a sample shipment, or an order).
Server logs: retained by Cloudflare for approximately 30 days, then automatically purged.
Web Analytics data: aggregated, anonymized — retained by Cloudflare for the duration of the analytics service, with no personal-data tail.

7. Your rights under GDPR

As a data subject, you have the following rights regarding your personal data, exercisable free of charge once per request:

Right of access (Art. 15): a copy of the personal data we hold about you.
Right to rectification (Art. 16): correct inaccurate or incomplete data.
Right to erasure (Art. 17): "right to be forgotten" — request deletion.
Right to restriction of processing (Art. 18): pause processing pending verification.
Right to data portability (Art. 20): receive your data in a structured, machine-readable format.
Right to object (Art. 21): object to processing based on legitimate interest.
Right to withdraw consent (Art. 7(3)): where processing is based on consent, withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, email info@mosix.co from the address you used (or whose data is at issue), with the subject line beginning "Privacy:". We will respond within one calendar month. We may need to verify your identity before processing the request.

8. Right to lodge a complaint

If you believe our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The competent authority for Finland is:

Office of the Data Protection Ombudsman (Tietosuojavaltuutetun toimisto)
Lintulahdenkuja 4, 00530 Helsinki, Finland
Postal address: PO Box 800, 00531 Helsinki
Website: tietosuoja.fi

9. Security

We use HTTPS for all connections to mosix.co, including form submissions. Subprocessor providers maintain industry-standard security controls (encryption at rest, access controls, audit logging). No internet-connected system is perfectly secure; we will notify affected data subjects and the Office of the Data Protection Ombudsman as required by Articles 33–34 GDPR in the event of a data breach involving your personal data.

10. Children

mosix.co is a B2B/B2C interior-design site not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to this policy

We may update this policy as our practices evolve or to reflect legal changes. The "Last updated" date at the top reflects the most recent revision. Material changes will be announced on the site itself before taking effect.

12. Contact us about privacy

For any privacy-related question, request, or complaint, email info@mosix.co.

This privacy notice is provided in English. In case of inconsistency between language versions, the English version prevails. See also our Terms of Use.