17 February 2020
1. Name of register
Mectalent Medical Services Ltd’s website user register
2. Data controller
Mectalent Medical Services Ltd, Saaristonkatu 22, FI-90100 Oulu, tel. +358 40 828 3210.
3a. Person responsible for register matters (name, email address)
CEO Juha-Pekka Nuutinen, email@example.com
3b. Contact person(s) in matters concerning the register (name, email address)
Data Protection Officer Tuomas Mainio, firstname.lastname@example.org
4. Purpose of processing personal data
Basis for keeping the register:
The register is used to store information about our customers who have provided information on our website. We collect different types of data on the basis of users’ consent to ensure the functionality of our services and manage customer relationships.
The data are automatically collected on the basis of the use of the website and customer contacts. The data are used to improve the user experience on our website as well as customer relationship management.
The register’s purpose of use:
The register is used separately and in conjunction with Mectalent Medical Services Ltd and Cor Group Ltd’s other registers for the management and maintenance of the data subject’s user relationship; Mectalent Medical Services Ltd’s business planning and development; statistical and market research; as well as the advertising, marketing and direct marketing of Mectalent Medical Services Ltd and its customers.
Mectalent Medical Services Ltd as well as the companies belonging to the same Group at a given time shall have the right to use and disclose the data in the Personal Data Register for justifiable purposes of use, on the basis of the data subject’s consent acquired in advance, and in accordance with the Data Protection Act and the General Data Protection Regulation (GDPR). Such purposes of use may include, for instance, direct marketing, telemarketing and market research.
Some cookies are required for the technical operation and use of our website. Such cookies do not collect information about the data subject that could be used for marketing or to remember the websites selected by the user.
Performance indicator cookies:
Our performance indicator cookies collect information on how the data subjects use our website (such as the most used pages or potential error messages). Such cookies do not collect identifiable data of the data subjects; they are anonymous and used solely to improve the functionality of our website.
Websites use Google Analytics, Facebook, Twitter and LinkedIn cookies.
Functional cookies enable our website to remember the choices made by the data subject (such as username, language or region) and provide improved and more personalised features.
Our website includes buttons that make it easier to share contents to other online communication platforms and social media. By using these buttons the data subject may install the selected service’s cookie on the data subject’s device. Such cookies are not controlled by Mectalent Medical Services Ltd. You can find more information about the use of third-party cookies on the website of the third party in question.
Our website may approve the cookies of the services of such third parties. They may include advertisements displayed via Facebook or Google services. Mectalent Medical Services Ltd’s advertisements may be displayed in the services of third parties, such as Facebook, LinkedIn or Google, on the grounds that the user has visited our service.
Our website may include a chat function implemented by a third party. Such cookies are not controlled by Mectalent Medical Services Ltd. You can find more information about the use of third-party cookies on the chat service provider’s website.
THE REGISTER’S DATA CONTENT, DATA SOURCES AND DISCLOSURE OF DATA
5a. Register data contents
The following data may be stored in the register, depending on the purpose of use:
Data provided by the user or personally identifiable data:
- Name, address, phone number, email address, company, organisation, website address, billing information
- Additional information required for contacting the user: description of the service requirement as well as other contact information provided by the customer
- Demographic information, such as professional or educational information, professional or job title
- Information entered in questionnaires or surveys subject to the user’s consent
- Other data collected subject to the user’s consent
User information identified or collected by the services:
- Access or browsing information, advertisements viewed or clicked.
- Landing page, device information (browser, screen resolution, operating system, mobile device model), cookie identifier, IP address, session time and duration, network traffic operator.
- Access is monitored using Google Analytics and Hotjar software (personal data processor). We use these and potential similar future software to analyse the ways our service is used. Both services conform to the EU’s terms and conditions pertaining to the processing of personal data.
- Behavioural data are also anonymously stored in the service publication system (CMS). Recommendations, shares, bookmarks, visited pages.
- The collected data are stored for as long as it is necessary on the basis of the purpose of using the data
5b. Register maintenance systems
6. Regular data sources
Provided by the data subject (by phone, return card, online, email or some other similar method).
Population Information System as well as the telephone operators’ phonebook registers and other similar public and private registers.
The information received from the data subject during the customer relationship when using the services of Mectalent Medical Services Ltd and other Cor Group companies.
7. Regular disclosure of data
The service provider as well as the companies belonging to the same Group at a given time shall have the right to use and disclose the data in the Personal Data Register for justifiable purposes of use, on the basis of the data subject’s consent acquired in advance and in accordance with the Data Protection Act and the General Data Protection Regulation (GDPR). Such purposes of use may include, for instance, direct marketing, telemarketing and market research. By notifying the data controller, the data subject may exercise the right to refuse the disclosure and processing of his/her personal data for direct advertising, telemarketing or direct marketing.
The persons who process the data in the user register are bound by a confidentiality obligation. The data stored in the user register are only revealed or disclosed to third parties on the basis of a legal duty to report, such as by the user’s own request or a legal request by the authorities.
8. Transfer of data outside the EU or EEA
The data reported by the data subjects to Mectalent Medical Services Ltd are not transferred outside the EU or EEA.
The data stored by the cookies of the user data analytics services or social media platforms used on our websites, such as Twitter, Facebook, Google Analytics or LinkedIn, may be stored on these operators’ servers that may be located outside the EU.
PROTECTING THE REGISTER
9. Principles of protecting the register
The data in the user register are stored in databases protected by firewalls, passwords and other technical methods. The databases and their backups are located in a locked and guarded facility with restricted access. The data stored in the databases are only accessed by designated persons with the permissions to access them.
RIGHTS OF THE DATA SUBJECT
10. Right to access and rectification
The data subject has:
- The right to access their data. Pursuant to EU 2016/679, article 15, the data subject has the right to access their personal data.
- Right to request rectification. Pursuant to EU 2016/679, article 16, the data subject has the right to request the rectification of their incorrect personal data stored in a register.
- Right to check the system log information pertaining to their personal data. The log information reveals who has processed the data subject’s data as well as the changes made to the data and the time said changes were made.
- All requests should be made in writing to the Data Protection Officer.
11. Other rights related to the processing of personal data
The data subject has:
- The right to erase data from the system. Pursuant to EU 2016/679, article 17, the data subject has the right to demand that the data controller erase the personal data pertaining to the data subject without undue delay.
- Right to data portability. Pursuant to EU 2016/679, article 20, the data subject has the right to move his/her personal data from one system to another, provided that the processing is based on consent or agreement and it is automatically performed. The data subject also has the right to have his/her data moved directly from the data controller to another data controller, if this is technically feasible.
- Right to lodge a complaint with a supervisory authority. Pursuant to EU 2016/679, article 77, the data subject has the right to lodge a complaint with a supervisory authority at the Data Protection Ombudsman’s office should the data subject deem that their personal data have been processed in breach of the GDPR.
These rights of the data subject are not applicable to statutory systems. Hence, depending on the register, Mectalent Medical Services Ltd may not be legally permitted to move or erase data from its systems. All requests are assessed on a case-by-case basis.
All requests should be made in writing to the Data Protection Officer.