Updated 24. May 2018
Processor of personal data
Medkit Finland Oy
Haaransuontie 6 90240 Oulu, Finland
Person responsible for matters regarding privacy and data protection
Jukka Marjoniemi, jukka.marjoniemi(at)medkit.fi or;
Medkit Finland Oy / Jukka Marjoniemi
90240 Oulu, Finland
Special categories of the personal data concerned
We collect personal data primarily directly from the registered persons themselves as a part of use of our services. Furthermore, the personal data may be collected and updated from third party sources which are publicly available. These sources may include registers held by governmental agencies (such as population register) and registers held by authorities, company registration offices, enforcement authorities and from credit rating registers. Updating personal data from third party sources is performed manually.
The personal data concerned can be categorized as follows:
- Private customer basic information: customer ID, first name and surname, mailing address, telephone number, e-mail address
- Corporate customer representative information: customer ID, first name and surname, title, company name, mailing address, telephone number, e-mail address
- Information related to legal obligations: taxation country and foreign tax registration number
- Customer history (for example contacts, orders, feedback, information related to billing and the debt collection)
- Technical information and online behaviour: internet protocol address, cookies sent to the users' browser, device information
- Marketing and promotion: marketing efforts targeted to the registered person, marketing consents and withdrawals.
- Information available on public sources: registers held by government or authorities, credit rating registers
- Interests and profiling
Purpose of processing personal data
We collect, handle and store information for the following purposes:
- Fulfilment of customership and customer communication: The main purpose of processing personal information is to send quotations and deliver the required service or product.
- Fulfilment of requirements and obligations stated in laws and regulations: bookkeeping regulations, reporting to authorities
- Marketing, product and customer analysis: Personal data is also processed in context analysis. The purpose is to develop business, systems and marketing processes and thus to improve our services or our selection. Analysis may also include profiling. (More information below)
- Marketing based on consent: We can send marketing messages to private customers and corporate customer representatives who have given an explicit consent. Both can withdraw the consent anytime.
Transferring personal data
In order to provide our services, we share parts of the personal data to our cooperation partners. This is done due to technical and logistical demands and to provide payment solutions. The third parties process personal data only to provide the services in collaboration with us.
Transfer of information outside EU or EEA
We may use service providers who have access to your personal data from outside EU/EEA area, such as from the United States. We ensure the proper and legal transfer of personal data complying with the current legislation.
We transfer the personal data outside EU/EEA only when the following conditions apply:
- The European Commission has decided that in the country where the data is transferred to has a sufficient level of data protection or;
- We have carried out the proper protective measures for transfer by using regular phrases regarding data privacy protection accepted by the European Commission. You have a right to get the copy of the regular phrases in question by contacting us or;
- You have given your specific consent to the transfer of your personal data outside EU/EEA or;
- The transfer is based on a legal arrangement, such as for the Privacy Shield arrangement when data is transferred to the United States.
Time of processing of personal data
The system containing personal data is only accessible for our employees and partners who have a justified right to process the personal data. Every user has their own username and password for the system. The information is stored in databases which are protected by firewall, passwords and other technical methods.
The databases and their back-up copies are located on locked premises and information is accessible only by certain persons named in advance. We estimate the necessity of storing personal data considering the current legislation. In addition to this, we take moderate actions to ensure that we do not retain any incompatible, faulty or aged personal data from the registered users. We correct or delete all this kind of information immediately.
Privacy rights of the registered person
As a data subject you have certain rights to the personal data MedKit Finland possesses:
A. The right to request access to the personal data MedKit Finland possesses
B. The right to request the correction of faulty or incomplete information. If the personal data is faulty or incomplete you have the right to have the data rectified if the current legislation does not restrict it.
C) The right to request the erasure of the personal data.
You have the right to request the erasure of personal data if any of the following apply:
- You withdraw the given consent to process personal data and there is no other justified reason to retain it.
- You object to the processing and there is no justified reason for continuing the processing.
- You object to the processing for direct marketing
- Processing is against the law.
- The personal data belongs to an underaged person
- Due to the current legislation we have an obligation to retain your personal data after the termination of customership in certain cases.
D) The right to restrict processing of your personal data.
If you consider that purposes of the processing of your personal data are not legal or justified, you have a right to restrict the processing of the data. We can only store your data and not use it for any purposes until we have secured and ensured that the purposes of the data processing are justified.
E) The right to object to the processing of your personal data for direct marketing and profiling.
F) The right to request your personal data in portable format.
You have the right to request the data we have registered from you in machine-readable format.
This right applies to personal data processed automatically and in context of fulfilling a contract.
If you want to use your right listed above, the requests are assessed and handled individually.
Please note that we may continue processing and storing your data if it is necessary to comply with the current legal obligations. We can also ask you for more information or ensure your identity before continuing to handle your request.
Contact Medkit Finland or the data protection authority
You can contact us as follows:
Jukka Marjoniemi, [email protected]
Subject: Request concerning data privacy
Medkit Finland Oy / Jukka Marjoniemi
Haaransuontie 6 90240 Oulu, Finland
We react to the requests as soon as possible but within 1 month at the latest. You have the right to complain to the privacy authority if you consider that we have not processed your personal data according to the current data privacy legislation.
Request for a copy or removal of your personal data
You can request a copy or removal of your personal data here.