Privacy Notice for Customers and Interest Groups
Read also about our Data Security.
1. Data controller
Medaffcon Oy (2273265-9), Tietäjäntie 2, 02130 Espoo
2. Contact person in register-related issues
Managing Director Jarmo Hahl, tel. +358 40 1394001
3. Name of the register
Customer and interest group register of Medaffcon Oy
4. Purpose and basis for processing personal data
The primary bases for processing personal data include the customer relationship between the customer and Medaffcon Oy, the consent of the customer, an assignment from a customer or other appropriate relation such as the implementation of an agreement represented by the customer.
Personal data can be processed for the following purposes:
Managing, implementing, developing and monitoring customer relationships, customer service and related communication and marketing.
Analysis, grouping and reporting of customer relationships as well as other purposes related to developing the integrated customer relationship and the business of Medaffcon Oy.
Collection and processing of customer feedback and satisfaction data.
Implementing market surveys and polls.
Data content of the register
Data such as the following can be saved concerning the data subject:
Name, nickname, national identification number, customer identification number, gender, language, address, phone number, email address and other necessary contact details.
Data on using and purchasing services as well the implementation data concerning marketing and communication in different communication channels, such as in the online service.
Content produced by the data subject him/herself such as customer feedback and additional details provided by the data subject such as wishes related to the customer relationship, satisfaction data, interests or other similar data.
Other data related to the customer relationship, such as data collected on the use of the website that can be connected to the customer, such as the IP address of the user, time of visit, visited pages, browser (e.g. Internet Explorer, Firefox), website from which the user has entered the website and the server from which the user has entered the website.
Necessary data related to the use of identification and authentication tools and services.
Data related to the processing of data, such as storing
6. Storage period of personal data
Medaffcon Oy stores personal data as long as it is necessary for the management of the agreement or customer relationship or due to authority requirements.
7. Regular data sources
Data is primarily received from the following sources:
From the data subject and events related to customer relationship, use of services, communication and contact with the data subject.
Party providing identification, authentication, address, update, credit information or
8. Regular disclosure of data and transfer of data outside the European Union or European Economic area
Data is disclosed to the group company of Medaffcon Oy for the purposes described in Section 4 of this Privacy Notice and to other personal registers of Medaffcon Oy, however always in compliance with and within the limits of data protection legislation.
To the selected cooperation partners of Medaffcon Oy in accordance with the purpose of use described in this Privacy Notice.
Data is not disclosed outside of such parties of Medaffcon Oy or those acting on behalf of Medaffcon Oy that participate in the production, development or maintenance of services and
Data is not disclosed outside EU or EEA area.
9. Description of the principles on register protection
10. Rights of the data subject related to the processing of personal data
The right of the data subject to receive access to data (right of access)
The data subject is entitled to access the data that is stored on the data subject in the customer register of Medaffcon Oy. The request to access shall be made in accordance with Section 11 of this Privacy Notice. The right of access can be refused based on what is provided in law. In principle, the use of the right of access is cost-free.
The right of the data subject to request rectification, erasure or restriction of processing the data
The data subject may submit a request of rectification of their data in accordance with Section 11 of this Privacy Notice.
The data subject is also entitled to request the data controller to restrict the processing of the personal data of the data subject in a situation when the data subject is waiting for a response from Medaffcon Oy on the request for rectification or erasure of the data of the subject.
The right of the data subject to data portability
For the part of data that the data subject has provided to a controller and that is processed under the consent of assignment of the data subject, the data subject has the right to receive such data, as a rule, in machine-readable format and to transmit it to another controller.
The right of the data subject to lodge a complaint with a supervisory authority
The data subject is entitled to lodge a complaint with the competent supervisory
If personal data is processed with the consent of the data subject, the data subject has the right to withdraw his or her consent by informing Medaffcon Oy in accordance with Section 11 of this Privacy Notice.
The data subject may provide Medaffcon Oy with consents or bans related to direct marketing.
In all issues related to the processing of personal data and the use of one’s rights, the data subject shall contact Medaffcon Oy by email at , Medaffcon Oy office or by post