Biohit Oyj, business ID 07035820, Laippatie 1, 00880 Helsinki.
Daniela Söderström, Data Protection Officer.
Data protection law determines how and when companies may collect and process personal data.
The legal bases on which we rely are the following:
- Consent: we may collect and process your information when you give consent
- Contractual obligations: we may collect and process your information to fulfill your contractual obligations
- Compliance with the law: the law may require us to collect and process your information
- Legitimate interest: we may collect and process your information in a manner that is considered reasonable and part of our business. This does not materially affect rights, freedoms or interests.
Purpose and basis of the data processing
Personal data means information that can be used to identify or contact a person.
In principle, we only collect personal information that is necessary. The primary basis for the processing of personal data is the customer relationship between Biohit’s customer and Biohit, the customer’s consent, the order given by the customer or other material connection.
Personal data may be processed for the following purposes:
- Information collected for the planning, development, management, monitoring, quality assurance, processing of feedback, inquiries and incidents is based on a legitimate interest or law.
- Customer relationship analysis, grouping and reporting, managing, implementing, developing and monitoring customer service and related communications and marketing. Collecting and processing customer feedback and satisfaction data and conducting market research and opinion polls. In these cases, it is based on either consent, agreement or a legitimate interest.
- The information collected and used for invoicing and collection is based on an agreement between the customer and the company.
- Processing of information related to the recruitment process. The processing of personal data of jobseekers is primarily based on the execution of the contract, the consent of the data subject or the legitimate interest of the controller.
When you register through Biohit’s website, we may ask you for contact information. We may use such information to support customer communications such as product and service marketing, market research, data comparison, segmentation and analysis, as well as to identify technical issues. Please note that some additional information may require registration. You can decide whether to provide this information. If you do not provide, you may not have access to all information or services.
Personal information you provide
It is our policy to collect only the personal information needed to enable us to handle your requests. We collect personal information including your name, email address, organisation and telephone number when you request information via one of our contact forms. We also collect your personal data when you email BIOHIT with an enquiry or request.
Personal information provided to third parties
The following information, among others, can be stored in the registration:
- Contact information such as name, ID, customer number, gender, language, address, phone number, email address.
- Information on the use and purchase of services, as well as marketing and communications implementation information in various transaction channels, such as online services.
- Content produced by the registrant, such as customer feedback, as well as additional information provided by the registrant, such as customer wishes, satisfaction information, interests, hobby information or other similar information.
- Any insurance, occupational health services and contract, memberships and similar information regarding the registrant.
- Other customer-related information, such as information about the use of the website that can be connected to the customer, such as the user’s IP address, time of visit, pages visited, type of browser used, web address from which the user came to the website, computer, mobile device, operating system and server, which the user has come to the website.
- Necessary information related to the use of identification and authentication tools and services.
The information we collect depends on the communication channel as well as the customer’s prohibitions, restrictions, consents and other choices. Such information may include name, e-mail, phone number, computer and browser specifications, service usage information, and information obtained from third parties (such as some service providers). On some websites we use services (such as Giosg) that facilitate customer communication and support marketing and sales.
Regular transfers and transfers of data outside the EU or the EEA
The information will be disclosed to Biohit’s Group companies for the purposes described in this report, Biohit’s direct marketing register and possibly other Biohit Group’s personal registers, however always in accordance with data protection legislation and within the limits set by it.
We may provide information related to the invoicing of services to our partners for the purpose of invoicing.
Customer data will not be disclosed outside of Biohit or parties involved in the production, development or maintenance of services and communications acting on Biohit’s behalf for purposes other than those mentioned above, except in accordance with the agreement, separate consent and / or specific regulations.
Customer data may be transferred outside the European Union (EU) or the European Economic Area (EEA), including the United States, in accordance with and within the limits set by data protection law. An example of such a transfer is the customer relationship management system (“Salesforce”) that we use.
If personal data is processed outside the EU or the EEA, we will ensure that the customer’s personal data is processed in accordance with this privacy statement. Data transferred outside the European Economic Area is protected by European Commission adequacy decisions or appropriate contractual arrangements, either by signing European Commission model contract clauses with the recipient or by ensuring that the recipient has an EU-US Privacy Shield certification.
Data retention periods
Personal data shall be kept only for as long as is necessary for the purpose for which they were collected. In principle, we delete customer data as soon as we consider the customer relationship to have ended. We may also collect information, the retention periods of which are determined by law or separate agreements.
Biohit protects personal data with physical, technical and administrative safeguards. These include electronic monitoring systems, firewalls, malware monitoring and control, data encryption, backups and restricted access, confidentiality and staff privacy training. Personal data may only be processed by those persons whose work requires it. IT systems are constantly monitored.
Rights regarding personal data
According to the Data Protection Regulation, persons whose personal data are processed have the right to:
- receive information about the processing of their personal data
- gain access to information
- correct information
- delete data and become forgotten
- restrict data processing
- transfer data from one system to another
- oppose the processing of data
- not be subject to automatic decision-making including profiling
- withdraw your consent
- lodge a complaint with the supervisory authority
Requests for data subjects’ rights must be confirmed in writing at the office. Requests must be submitted in person. Upon submission / transfer of the request, the identity of the data subject is verified in a reliable manner.
You have the right to access personal information
The data subject has the right to be informed about the processing of personal data and to have access to data concerning him or her.
You have the right to correct the information
The data subject has the right to request the correction of incorrect and incomplete information.
You have the right to delete the data
The data subject has the right to request the deletion of personal data. Removal requests are executed within the limits allowed by law. Regarding health information, the company has a legal obligation to retain the information in accordance with the National Decree on medical records.
You have the right to restrict processing
The data subject has the right to request a restriction on the processing of personal data if the data subject disputes the accuracy of his or her personal data. In this case, the processing of personal data is limited for the duration of the investigation.
You have the right to receive a copy of your personal information
You may request a copy of your personal information and other additional information in our possession. In most cases, we will provide you with a copy free of charge, but if your request is considered excessive or repetitive, you may be charged a reasonable administrative fee. We will provide a copy within one month of receiving your request. You must prove your identity before submitting requests.
You have the right to transfer data from one system to another
The data subject has the right to request the transfer of data from one system to another if the data are provided by the data subject himself and the processing of personal data is based on consent or agreement. Regarding patient data, the right of transfer does not apply.
You have the right to withdraw your consent
Where the processing of personal data is based on consent, the person may withdraw his or her consent at any time. Consent can be revoked by contacting us (see “Contact Information”).
You have the right to lodge a complaint with the supervisory authority
The data subject has the right to lodge a complaint with the supervisory authority if the person considers that the processing of personal data has violated data protection legislation.
We reserve the right to update this privacy statement as necessary. Therefore, you should check this leaflet to make sure you know the latest applicable version.
Email: info (at) Biohit.fi