Data Protection Notice for the Medikumppani Oy Client Register
Date: 3 August 2021
1. DATA CONTROLLER
Business ID: 1595673-4
Hämeenkatu 30 C 32
20700 Turku, Finland
2. REGISTER CONTACT PERSON
telephone +358 400 325815
3. REGISTER NAME
Medikumppani Oy Client Register
4. PURPOSE AND BASIS OF THE REGISTER
Personal data are processed for management and development of client relationships and other relevant contacts, marketing, business planning and development, as well as for Medikumppani Oy’s other legitimate interest. Such purposes may include, for example, conducting opinion polls and market research, processing and collecting client feedback and client satisfaction data, grouping client relationships, reporting, and analysing data. Personal data may also be processed for the purposes of customer profiling described in section 11 of this privacy notice.
The main reason for processing personal data is the relationship between Medikumppani Oy and its clients. Other reasons include a client commission, client consent or other legitimate reason.
Medikumppani Oy does not outsource personal data processing to companies in the same group. Medikumppani Oy may outsource personal data processing to third-party service providers according to and within the limits of applicable data protection legislation.
5. REGISTER’S DATA CONTENT AND PERSONAL DATA GROUPS
The groups of persons whose data may be processed are clients using Medikumppani Oy’s services, clients who participated in an event organised by Medikumppani Oy, and clients who have contacted the company.
The data related to the mentioned groups will be processed only for the register’s necessary intended use. The personal data provided by a client or other person who has signed up for or participated in a Medikumppani Oy event, or who has otherwise provided personal data to Medikumppani Oy may include the following information: basic information, such as name, postal address, telephone number(s), email address(es), account number, invoicing address, invoicing contact and other invoicing-related information, client relationship and other business-related information, feedback, complaints and other client- and business-related communications, and website visits.
6. RETENTION PERIOD OF PERSONAL DATA
Medikumppani Oy stores personal data in its client register until the business relationship between Medikumppani Oy and the client has ended, and there is no other legal basis for retaining the data.
7. REGULAR SOURCES OF DATA
Personal data are collected in connection with various events (client meetings, etc.), through Medikumppani Oy’s digital service channels or otherwise directly from the data subjects themselves.
8. PERSONAL DATA RECIPIENTS AND REGULAR TRANSFERS
Medikumppani Oy does not disclose personal data to third parties other than the companies in the same group and to authorities for legal reasons in accordance with data protection legislation and the limits set by it.
Personal data may be transferred or disclosed to parties involved in the production, development or maintenance of Medikumppani Oy’s services and communications, or to a party operating on its behalf, for example in a server environment. In this case, however, personal data are in fact used only by Medikumppani Oy’s employees (e.g. when compiling newsletters).
9. DATA TRANSFER OUTSIDE THE EUROPEAN UNION (EU) OR THE EUROPEAN ECONOMIC AREA (EEA)
As a rule, personal data are not transferred outside the EU or EEA, but it may be possible, for example, when Medikumppani Oy uses subcontractors to process the data. Personal data are not disclosed to parties other than those involved in the production, development and maintenance of the services and communications of the contractual partners providing Medikumppani Oy’s services, except on the basis of an agreement or other consent. Transfers are always made in accordance with data protection legislation and the limitations thereof.
Data are also disclosed to authorities for legal reasons, such as in the investigation and prevention of misconduct.
If we use non-EU services, we will only use Privacy Shield certified service providers who are committed to complying with the EU General Data Protection Regulation by signing a Privacy Shield agreement (including Google Analytics).
10. REGISTER PROTECTION PRINCIPLES
Medikumppani Oy has taken appropriate technical and organisational measures to protect personal data from accidental or unlawful loss, disclosure, misuse, alteration, destruction, or unauthorized access.
Medikumppani Oy stores personal data in printed and digital form. Any printed material is kept in a locked room, which can only be accessed by persons who have been specifically authorised to do so. Digital material can be accessed only with a personal username and password of an authorized employee or partner. There are different levels of access and each user is given sufficient, but limited access, depending on the task. Unauthorised access to personnel registers is also prevented with firewalls and other technical protection. Information on employee health is kept separate from other personal data. All register users are bound by confidentiality. Backup copies of the register are made regularly, and the data can be restored if necessary.
Medikumppani Oy may engage in profiling while processing personal data in the client register. The purpose of profiling is to be able to target client communications better.
12. DATA SUBJECTS’ RIGHT TO OBJECT TO PERSONAL DATA PROCESSING AND DIRECT MARKETING (RIGHT TO OBJECT)
Data subjects have the right to object to Medikumppani Oy’s profiling and other processing measures on grounds related to their particular situation insofar as the data processing is based on the client relationship with Medikumppani Oy. Data subjects must specify in their objection the data which is not to be used. However, Medikumppani Oy may reject the objection due to legal reasons.
Data subjects may present their objection as stated in section 14 of this privacy notice, whereby the data subject will no longer receive client communications. Data subjects may consent to or object to Medikumppani Oy’s client communications separately for each communication channel.
13. DATA SUBJECTS’ OTHER PERSONAL DATA PROCESSING RIGHTS
13.1. Right of access
Apart from the exceptions laid down in the Personal Data Act, data subjects are entitled to access and check their personal data stored in the Medikumppani Oy Client Register. They must make their request for access in accordance with section 14 of this privacy notice. The right of access may be denied due to legislative reasons. As a rule, right of access is free of charge.
13.2. Rectifying and erasing data or restricting processing
If a data subject notices or is informed about an error in the register, (s)he must, without undue delay and on his/her own initiative, rectify, erase, or supplement the incorrect information in the register.
Data subjects should make a request for rectification to Medikumppani Oy according to section 14 of this privacy notice.
Data subjects have the right to restrict the data controller from processing personal data, for example when waiting for a response to a request for rectification or erasure of their data.
13.3. Data subjects’ right to data portability and right to lodge a complaint with the supervisory authority
Insofar as the data subject has personally provided Medikumppani Oy with personal data, which are processed in the client register with the data subject’s consent, the data subject has the right to obtain such information, primarily in electronic format, and the right to transfer this information to another register.
If the data controller has not complied with the applicable data protection regulations, the data subject has the right to lodge a complaint with the competent supervisory authority.
13.5. Other rights
If personal data are processed based on the data subject’s consent, the data subject has the right to withdraw his or her consent by notifying Medikumppani Oy in accordance with section 14 of this privacy notice.
Data subjects should contact Medikumppani Oy in all personal data processing matters and in exercising their personal data rights by post to the following address: Medikumppani Oy / Henkilörekisterit, Hämeenkatu 30 C 32, 20700 Turku, Finland. If necessary, Medikumppani Oy may ask the data subject to provide further details about a request in writing. Medikumppani Oy may request verification of the data subject’s identity, as needed, before other measures are taken.