This data protection statement applies to the customer and marketing activity for Suomen Biovoima Oy. The statement describes how Suomen Biovoima processes the personal data of its current and potential customer contacts as well as other users of its services in the customer relation and marketing activities.
Suomen Biovoima commits to comply with the existing Finnish data protection and personal data legislation, including EU General Data Protection Regulation (GDPR), as well as other applicable acts and laws regarding personal data processing. Suomen Biovoima is also committed to process personal data based on the best practices on data management and data processing. The personnel of Suomen Biovoima are obligated to handle all personal data with strictest confidence.
Suomen Biovoima Oy (business ID: 2665724-6)
Kivääritehtaankatu 6 E, 40100 Jyväskylä
Controller can be contacted by e-mail at firstname.lastname@example.org. The contact person for all data protection related matters is the data protection officer Eero Tilsala.
The customer and marketing file of Suomen Biovoima Oy
Suomen Biovoima’s customer and marketing activity aims at providing the best possible service as well as offering interesting content for each data subject. The following data may be stored and protected in this data file. Not all the below-mentioned data are necessarily stored for all the data subjects.
In addition to what has been said above the register may contain notes and other data regarding the data subject needed for good customer relationship management. This may include e.g. data on the data subject’s newsletter subscriptions, past or forthcoming event participations, contact requests or data on services ordered by the data subject, deliveries and invoicing of them. Furthermore, the data file may contain data derived from the use of services such as segmentation to a given user group on the basis of the use of services or interests of the user.
The personal data are used in Suomen Biovoima for:
Personal data is processed based on a consent given by the data subject, the legitimate interests of the controller or to prepare or execute an agreement where the data subject is a party.
The storing of personal data has partly been outsourced to external service providers. The controller guarantees that this kind of outsourcing takes place in accordance with existing Finnish data protection and personal data legislation and that the external service providers will not use the data in this personal data file for their own purposes.
The data included in this data file are collected
The data are stored in the data file only as long as and to the extent necessary and allowed according to legislation in relation with the original or compatible purposes of collecting the personal data. The personal data may be used after the termination of the customer relationship if the legislation in effect so requires.
Additionally, the controller will carry out all reasonable activities to ensure that all personal data which are inaccurate, erroneous or outdated with regard to the original purposes of processing will be rectified or erased without delay.
Suomen Biovoima sets high importance on the confidentiality of its customers and the users of its services. Suomen Biovoima carries out appropriate technical and organisational actions to protect personal data from accidental or illegal loss, disclosure, misuse, modification, deletion or unauthorised access.
Instructions related to the use of this data file are introduced within the organisation and the access rights have been restricted so that only the authorized personnel, who need the data in their work, have access to the data stored in the data file.
Suomen Biovoima ensures that all its data systems and computer equipment are sufficiently protected with appropriate technical methods, including passwords and personal user IDs. Both the backups and deletion of the data files including personal data are carried out securely.
Personal data may not be transferred outside Suomen Biovoima or its subcontractors, who store the data, in a manner enabling the data to be identified, except in the following exceptional circumstances: if required by any ruling of a governmental or regulatory authority, court, or by mandatory law; or if it is otherwise necessary for the purposes of preventing, or investigating, any breach of law, user terms or good practices or to protect the rights of Suomen Biovoima or a third party.
The controller may transfer personal data outside the EU and the ETA due to technical implementation when the controller uses external service providers to store data on the basis of a mutual partnership agreement. These transfers will be carried out securely in accordance with data protection legislation and within the limits set by this legislation.
The data subject has the right to inspect his/her personal data and request to change possible inaccurate, incomplete or outdated data. Any requests to inspect or to modify this data shall be indicated in person, or by a signed letter or similarly verified document to the controller’s person in charge of the data file, so that Suomen Biovoima can confirm that the requestor has the right to make such a request. The requests are handled within one month from the date they were made.
The data subject has at any time the right to withdraw previously given consent for processing his/her data. The data subject can at any time make a complaint to authorities regarding the processing of his/her personal data. The data subject also has the right to request the erasure of his/her personal data from the data file providing that they are no more needed for the purpose they were collected for or that there are no legal obligations in effect concerning the controller regarding the processing or storing them. The data subject can request to restrict the use of his/her personal data or oppose the use of his/her personal data for e.g. direct marketing and relating profiling, too.