PRIVACY NOTICE

This privacy notice explains how Biohealth Europe Oy (3451696-1) processes personal data, what personal data the company collects, for what purposes the data is used, to whom the data may be disclosed, and how the data subject can influence the processing. This privacy notice complies with the EU General Data Protection Regulation (GDPR).

We reserve the right to make changes and updates to this privacy notice.

1. Contact Information

Controller
Biohealth Europe Oy (3451696-1)

Contact person or Data Protection Officer
Sean Bergeheim
info@biohealth.fi

2. Processing of Personal Data and Purpose

2.1. Legal Basis for Processing

We always process your personal data lawfully, fairly, and transparently. We collect and process your data only if we have a legal basis for doing so.

The processing of personal data is based on statutory obligations. We collect and use your data only if:

• you have given us consent to use the data for a specific purpose;

• it is necessary for the performance of a contract to which you are a party, or for taking certain steps at your request prior to entering into a contract;

• it is required to fulfill a legitimate interest (not overridden by your data protection rights), such as investigating misuse, statistical and research purposes, or protecting our legal rights or interests;

• it is necessary to comply with legal obligations;

• it is necessary to protect life, health, or against a threat such as injury.

3. Purpose and Legal Basis of Processing

3.1. We collect and process personal data for the following purposes:

• Recruitment

• Employment relationships

• Customer relationships

• Customer service

• Customer communications

• Maintenance of customer and partner relationships

• Contractual relationships

• Marketing purposes

• Targeted marketing to customers and potential customers

• Research

• Statistics

• Reservations and orders of products and/or services

• Provision, maintenance, development, and quality assurance of services/products

• Ensuring security and preventing and investigating misuse

• Risk management and prevention of misuse

• Compliance with statutory obligations

• Business planning and product development

• Usage monitoring

• Processing of product warranty information

3.2. Personal data is collected from:

• The individual or company itself, who discloses the data

3.3. The company processes the following data:

• Personal or company details

• Contact information

• Billing or payment details

• Customer relationship information

• Contract details

• Product and order information

• Customer feedback

• Communications and correspondence

• Complaints

• Marketing consents

• Data relating to online behavior

4. Regular Disclosure and Transfer of Data

4.1.

We observe due care in storing and processing data and ensure data security with firewalls, passwords, and various generally accepted technical methods. Manually maintained materials are stored in locked premises with restricted access. Data storage and processing take place via service providers known to be secure.

4.2.

We do not, as a rule, disclose or transfer data to third parties unless separate consent has been given. Exceptions may include obligations arising from legislation or authorities. Data may also be disclosed based on a contractual relationship with a service provider or subcontractor who may process the data to provide the service. In such cases, lawful processing of personal data is ensured through agreements and, where necessary, confidentiality agreements.

4.3.

We do not transfer your data outside the EU or EEA.

5. Storage of Personal Data

5.1.

Personal data is stored until the customer requests its deletion. After the retention period, data is deleted or anonymized within 3 months. Data may also be deleted upon the customer’s request after the end of the relationship. We reserve the right to notify separately of a shorter or longer retention period.

5.2.

Personal data may be used for profiling if there is a legal basis for it. We do not use personal data for automated decision-making.

6. Rights of the Data Subject

6.1. Right of Access

The data subject has the right to obtain and review their own data.

6.2. Right to Rectification and Erasure

The data subject has the right to request the correction of inaccurate or incorrect data and to request the deletion of their data.

6.3. Right to Accuracy

The controller actively ensures that inaccurate, unnecessary, incomplete, or outdated personal data is deleted, corrected, or supplemented as necessary for the purpose of processing.

6.4. Right to Data Portability

The data subject has the right to request the transfer of their data to another controller.

6.5. Right to Object

The data subject has the right to object to the use of their data for certain purposes, such as direct marketing.

6.6. Right to Withdraw Consent

If the processing of personal data is based on consent, the data subject has the right to withdraw consent at any time. This does not affect the lawfulness of processing carried out prior to the withdrawal.

6.7. Right to Lodge a Complaint

The data subject has the right to lodge a complaint with a supervisory authority if they consider that their personal data is being processed in violation of the GDPR or national data protection laws and regulations.

6.8. Handling of Requests

All requests concerning the rights of data subjects must be made electronically and addressed to the Data Protection Officer. The identity of the requester will be verified before any data is disclosed. Requests will be handled within a reasonable time and as promptly as possible. If a request cannot be fulfilled, the data subject will be informed in writing.