Privacy Notice for Customers and Interest Groups

Read also about our Data Security.

 

1. Data controller

Medaffcon Oy (2273265-9), Tietäjäntie 2, 02130 Espoo

 

2. Contact person in register-related issues

Managing Director Jarmo Hahl, tel. +358 40 1394001

 

3. Name of the register

Customer and interest group register of Medaffcon Oy

 

4. Purpose and basis for processing personal data

The primary bases for processing personal data include the customer relationship between the customer and Medaffcon Oy, the consent of the customer, an assignment from a customer or other appropriate relation such as the implementation of an agreement represented by the customer.

Personal data can be processed for the following purposes:

Managing, implementing, developing and monitoring customer relationships, customer service and related communication and marketing.

Analysis, grouping and reporting of customer relationships as well as other purposes related to developing the integrated customer relationship and the business of Medaffcon Oy.

Collection and processing of customer feedback and satisfaction data.

Implementing market surveys and polls.

 

5. Data content of the register

Data such as the following can be saved concerning the data subject:

Name, nickname, national identification number, customer identification number, gender, language, address, phone number, email address and other necessary contact details.

Data on using and purchasing services as well the implementation data concerning marketing and communication in different communication channels, such as in the online service.

Content produced by the data subject him/herself such as customer feedback and additional details provided by the data subject such as wishes related to the customer relationship, satisfaction data, interests or other similar data.

Other data related to the customer relationship, such as data collected on the use of the website that can be connected to the customer, such as the IP address of the user, time of visit, visited pages, browser (e.g. Internet Explorer, Firefox), website from which the user has entered the website and the server from which the user has entered the website.

Necessary data related to the use of identification and authentication tools and services.

Data related to the processing of data, such as storing date and data source.

 

6. Storage period of personal data

Medaffcon Oy stores personal data as long as it is necessary for the management of the agreement or customer relationship or due to authority requirements.

 

7. Regular data sources

Data is primarily received from the following sources:

From the data subject and events related to customer relationship, use of services, communication and contact with the data subject.

Party providing identification, authentication, address, update, credit information or other corresponding service.

 

8. Regular disclosure of data and transfer of data outside the European Union or European Economic area

Data is disclosed to the group company of Medaffcon Oy for the purposes described in Section 4 of this Privacy Notice and to other personal registers of Medaffcon Oy, however always in compliance with and within the limits of data protection legislation.

To the selected cooperation partners of Medaffcon Oy in accordance with the purpose of use described in this Privacy Notice.

Data is not disclosed outside of such parties of Medaffcon Oy or those acting on behalf of Medaffcon Oy that participate in the production, development or maintenance of services and communication, unless based on an agreement, specific consent and/or specific provisions.

Data is not disclosed outside EU or EEA area.

 

9. Description of the principles on register protection

Eventual manual material is stored in locked premises that can only be accessed by people with specific entitlement. Access to the digital material is only granted for an entitled employee, practitioner or cooperation partner with a personal id and password. There are different levels of access rights and each user is provided with as limited access right as possible that are sufficient for fulfilling a task.

 

10. Rights of the data subject related to the processing of personal data

The right of the data subject to receive access to data (right of access)

The data subject is entitled to access the data that is stored on the data subject in the customer register of Medaffcon Oy. The request to access shall be made in accordance with Section 11 of this Privacy Notice. The right of access can be refused based on what is provided in law. In principle, the use of the right of access is cost-free.

The right of the data subject to request rectification, erasure or restriction of processing the data

The data subject may submit a request of rectification of their data in accordance with Section 11 of this Privacy Notice.

The data subject is also entitled to request the data controller to restrict the processing of the personal data of the data subject in a situation when the data subject is waiting for a response from Medaffcon Oy on the request for rectification or erasure of the data of the subject.

The right of the data subject to data portability

For the part of data that the data subject has provided to a controller and that is processed under the consent of assignment of the data subject, the data subject has the right to receive such data, as a rule, in machine-readable format and to transmit it to another controller.

The right of the data subject to lodge a complaint with a supervisory authority

The data subject is entitled to lodge a complaint with the competent supervisory authority, if the data controller has not complied with the applicable Data Protection Regulation in their activities.

Other rights

If personal data is processed with the consent of the data subject, the data subject has the right to withdraw his or her consent by informing Medaffcon Oy in accordance with Section 11 of this Privacy Notice.

The data subject may provide Medaffcon Oy with consents or bans related to direct marketing.

 

11. Contacts

In all issues related to the processing of personal data and the use of one’s rights, the data subject shall contact Medaffcon Oy by email at , Medaffcon Oy office or by post at: Medaffcon Oy, Managing Director Jarmo Hahl, Tietäjäntie 2, 02130 Espoo. If necessary, Medaffcon Oy may ask the data subject to specify the request in writing and the identity of the data subject can be authenticated if needed before taking other measures.