EU General Data Protection Regulation 2016/679

1. Controller

Oy Medix Biochemica Ab (“Medix Biochemica”)
Business ID: 1463153-2
Address: Klovinpellontie 1-3, 02180 Espoo
Tel: +358 9 547 680
Email: medix@medixbiochemica.com

2. Contact In Matters Related to the Register

HubSpot Inc.

European HQ
1 Sir John Rogerson's Quay
Dublin 2
IRELAND

3. Register Name

Medix Biochemica's customer and marketing register

4. Purpose and Basis for Processing Personal Data

Medix Biochemica's customer and marketing register contains personal data of customer companies' contact persons (“data subject”). Personal data can be collected and used

  • for the creation, managing and maintenance of a customer relationship
  • for providing customer services
  • for example, for procedures related to ordering, delivering and invoicing of products and services
  • for developing and planning business operations
  • for example, customer feedback, customer satisfaction
  • for communication and marketing of products, services and operations
  • for example, for direct marketing (posting, e-mail marketing)
  • for analysing and reporting data
  • for example, for website analytics

Personal data is collected and processed on the following basis:

  • Contractual right
  • contractual customers
  • Consent of the data subject
  • forms on the website (e.g. newsletter subscription form, contact form), website cookies, separately requested marketing consent
  • Medix Biochemica's legitimate interest
  • customers and cooperation partners who are considered to have shown interest in the operation/products

Activities related to a customer relationship and customer service cannot be performed without the submitted personal data. It is possible to opt out of website cookies. Medix Biochemica will not publish the collected data to third parties for marketing purposes.

Processing tasks can be outsourced to external service providers in compliance and within the limits of the General Data Protection Regulation, however, solely for the purposes of Medix Biochemica.

5. Data Content of the Register

The customer and marketing register contains personal data of Medix Biochemica's customer companies' contact persons, which can be:

  • Contact information
  • data subject's name, phone numbers, email addresses, title or profession
  • Data related to online communication
  • browsing and search data, cookie data, such as IP address, visited pages, browser type, server, web address, network ID

The register does not contain sensitive personal data.

6. Regular data Sources

The information concerning the data subject is received from the person himself/herself (e.g. email, business card, contact forms) or with the help of cookies or other similar technologies.

7. Regular Disclosure And Transfer of data Outside The European Union or the European Economic Area

Personal data is not disclosed or transferred outside the European Union or the European Economic Area.

The register can be processed in outsourced systems such as customer relationship management systems, Enterprise Resource Planning system, network tool software and content management systems.

8. A Description of the Principles of the Register's Protection

The data can only be accessed by persons whose work duties give them the right to process the data stored in the register.

Manual material

The material is not stored manually.

Electronically stored data

The data is stored in protected information systems, which can be accessed only with a correct user ID and a password and only by sales and marketing persons who have grounds for accessing the data:

  • Customer relationship management systems
  • Enterprise Resource Planning system
  • Content management systems
  • Google tool software

9. Retention Time of Personal Data

Personal data is retained as long as it is necessary for the business of Medix Biochemica, however, no longer than 25 years. The data will be removed from the systems manually

10. Profiling And Automatic Decision-Makin

Profiling

Profiling is not carried out based on this register.

Automatic decision-making

No automatic decisions are made based on the data in this register.

11. Rights Of The Data Subject Related To The Processing of Personal Data

a. The data subject's right to access the data (right to inspection)

The data subject has the right to inspect his or her own data in the register in compliance with section 12. Applying the right to inspection is principally free of charge.

b. The data subject's right to request rectification, deletion or limited processing of data

The data subject must request the rectification, deletion or supplementing of erroneous, deficient or obsolete data on their own initiative when it is possible. The measures must be taken without undue delay when the data subject has himself or herself detected or received information about the error.

To the extent the data subject is not able to rectify or delete the data himself or herself, the rectification and/or deletion request is made in accordance with section 12 of the privacy policy.

The data subject also has the right to ask the controller to restrict the processing of his or her data, for example, in a situation when the data subject is waiting for a response from Medix Biochemica to a request to rectify or delete his or her data.

c. Data subject's right to object to the processing of his or her data and direct marketing (opt-out right)

The data subject has the right to object, on grounds relating to his or her particular situation, to profiling concerning him or her and other processing, which Medix Biochemica targets on the data subject's personal data, to the extent the customer relationship between Medix Biochemica and the data subject serves as grounds for data processing.

The data subject can present his or her claim concerning the objection in compliance with section 12 of this privacy policy. In connection with the claim, the data subject must itemise the specific situation based on which she or he objects to the processing. Medix Biochemica may refuse from fulfilling the request concerning objection on the grounds provided in the law.

The data subject may provide Medix Biochemica with consent and prohibition concerning direct marketing per channel.

d. Data subject's right to transfer data from one system to another

The data subject has the right to receive the data he or she has supplied to Medix Biochemica and transfer the said data to another controller. The data is delivered to the data subject primarily in a machine-readable format.

e. Data subject's right to lodge a complaint with a supervisory authority

The data subject has a right to lodge a complaint with the competent supervisory authority if the controller has not complied with the applicable data privacy regulation.

f. Data subject's other rights

Right to be forgotten:

The data subject has the right to request that all personal data concerning him or her, stored at Medix Biochemica, be deleted when the customer relationship ends and/or there no longer is grounds for processing personal data.

Withdrawal of consent:

The data subject has the right to withdraw the consent she or he gave for personal data processing at any time. Withdrawal of consent has no impact on the legality of processing carried out prior to the withdrawal.

Request to delete personal data or withdrawal of consent is made by notifying Medix Biochemica in compliance with section 12 of this privacy policy

Right to receive a notification of a data security breach:

The customer and marketing register does not contain personal data related to privacy, but the data subject has the right to receive a notification of a data security breach without undue delay if this is expected to cause a high risk to the data subject's rights, primarily related to data security and privacy.

A notification of a data breach can be made either directly to the data subject or by using public means of communication if a direct notification is not implementable in the given situation with a reasonable effort or would cause a significant delay in the notification. In a direct notification, any contact information the person has given to Medix Biochemica can be used.

Right to be informed of the processing of personal data for another purpose

The data subject has the right to be informed in advance if the data provided by the data subject to the register is going to be processed for a purpose other than described in this privacy policy. This has no impact on the data subject's rights. The rights and other relevant additional data are explained to the data subject in connection with a communication related to such a situation.

12. Contacts

Medix Biochemica implements requests related to using one's rights within one month from receiving the request. If a request is exceptionally extensive or causes a significant amount of additional work, based on the data protection regulation, Medix Biochemica has an option for two months' additional time to fulfil the request. In such a situation, Medix Biochemica will contact the requestor within one month from receiving the request.

If a request presented by a user is unfounded or unreasonable, such as frequent requests to inspect one's own data, based on the data protection regulation, Medix Biochemica has an option to refuse the request.

Using one's own rights is primarily free of charge, but in case of repeated requests, Medix Biochemica may expect reasonable compensation for expenses.

Upon need, Medix Biochemica may ask the user to specify their request in writing, and the identity of the data subject can be verified when needed prior to starting other actions.

The user can send inquiries related to the register and privacy statement and possible inquiries related to the targeting of advertising to the address:

Oy Medix Biochemica Ab
Klovinpellontie 1-3
02180 Espoo
Tel. +358 9 547 680
Email: medix@medixbiochemica.com

***

Created 22 May 2018
Last updated 08 September 2021