Privacy policy

Note: toggle the language switch in the upper right corner (desktop) or under the menu (mobile) to change Privacy Policy language to Finnish. 

CONSUMER CUSTOMERS’ CUSTOMER REGISTERS OF NOVALCO OY CONTRAL CLINICS

Description of file in accordance with section 10 of the Personal Data Act (523/99) Date of preparation: 13 May 2018

Controller

Name: Novalco Oy Contral Clinics
Business ID: 1749729-5
Address: c/o Lääkäriasema Vita, Mikonkatu 7 , 00100 HELSINKI
Telephone: +358 (0)9 228800 (switchboard)

Contact person in matters concerning the register

Name: Jukka Keski-Pukkila (CEO)
Address: c/o Vita Clinic, Mikonkatu 7, 00100 Helsinki
Email: jukka.keskipukkila@contral.com

Name of the register

Consumer customers’ customer register of Contral Clinics

Purpose of the processing of personal data (purpose of the register)

Personal data in the register may be processed for the following purposes: Control and management of customer relationships, provision of services, invoicing, supervision of payments, collection of payments, marketing, development of customer relationships and business operations as well as other comparable purposes. Personal data is handled in conjuction with contacting the company, booking appointments and other similar tasks related to customer service and service providing. Patient records are stored in separate systems. Due to the technical nature of modern data processing, part of the data can be stored in Novalco Oy Contral Clinics’s subcontractors’ or partners’ systems.

Register data content

The register may contain the following data:

  • contact details, such as name, address, telephone number and email address
  • basic data, such as date of birth/personal identity number
  • data concerning the customer relationship, such as the customer/agreement number, data on services ordered by the customer, invoicing and payment data, data related to collection, customer feedback, contacts, and data on suspension or cancellation of service
  • permissions and prohibitions of direct marketing
  • any other additional data provided by customers themselves and other data collected with customers’ consent

Regular sources of information

Data is mainly collected from the data subjects themselves by telephone, via the Internet, by email or in other comparable ways. Data may also be collected from the controller’s own information systems when the data subject uses the services.

Regular disclosure of data

The data is only used for the management of customer relationships, and it is not regularly disclosed further. Individual pieces of data may be disclosed to collection agencies for collection measures concerning unpaid invoices. Data may be disclosed to authorities when legislation requires it, however bound within legal borders.

Transfer of data outside the EU or EEA

Data is not transferred outside the European Union or the European Economic Area, unless it is necessary for the technical maintenance of the register. In such cases, the controller sees to the sufficient level of privacy protection as required by the law (i.e. when storing data in the United States, we make sure that our subcontractors and partners comply with the Privacy Shield –act).

Right of access and rectification of data

Data subjects have the right to check what data on them is entered in the register. The request for access shall be delivered in writing and signed to the person responsible for register matters. The request of access may also be presented personally at the place of business of the controller at the aforementioned address. Should there be errors in the saved data, the data subject has the right to demand that erroneous data is rectified by contacting the person responsible for register matters.

Right to prohibit processing

Data subjects have the right to prohibit the use of their data for purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls. The prohibition may be requested from the person responsible for register matters.

Principles of register protection

The data in the register is saved in an electronic system protected by firewalls and other technical measures. Only those persons in the employ of Contral Clinics have access to the system who participate in the processing of data in their duties. Each employee using the register has a personal username and password for the system. Server equipment is stored on secured premises.

 

BUSINESS AND COMMUNITY CUSTOMERS’ CUSTOMER REGISTER OF NOVALCO OY CONTRAL CLINICS

Description of file in accordance with section 10 of the Personal Data Act (523/99) Date of preparation: 13th of May 2018.

Controller

Name: Novalco Oy Contral Clinics
Business ID: 1749729-5
Address: c/o Lääkäriasema Vita, Mikonkatu 7 , 00100 HELSINKI
Telephone: +358 (0)9 228800 (switchboard)

Contact person in matters concerning the register

Name: Jukka Keski-Pukkila (CEO)
Address: c/o Vita Clinic, Mikonkatu 7, 00100 Helsinki
Email: jukka.keskipukkila@contral.com

Name of register

Contral Clinics business and community customers’ customer management system (CRM and other possible marketing registers) Purpose of the processing of personal data (purpose of the register) Personal data in the register may be processed for the following purposes: control and management of customer relationships, sales and marketing, opinion and market surveys, development of customer relationships and business operations, and other comparable purposes.

Register data content

The register may contain the following data:

  • a company’s contact person’s details, such as name, e-mail address, mobile or telephone number, title and position within the company, contact history
  • data concerning the customer and business relationship, such as previous contacts, quote, order and contract details, customer feedback, marketing orders (publications and press releases), customer survey results
  • permissions and prohibitions of direct marketing
  • online browsing data
  • any other additional data provided by customers themselves and other data collected with customers’ consent

Regular sources of information

Data is collected from registered persons themselves, the controller’s employees (e.g. business cards, meeting minutes), public sources of information, commercial registers and the controller’s own information systems.

Regular disclosure of data

Data can be disclosed and moved to Contral Clinics subsidiaries in different countries and their databases.The data is only used for the management of customer relationships, and it is not regularly disclosed further. Individual pieces of data may be disclosed to collection agencies for collection measures concerning unpaid invoices. Data may be disclosed to authorities when legislation requires it, however bound within legal borders.

Transfer of data outside the EU or EEA

Data is not transferred outside the European Union or the European Economic Area, unless it is necessary for the technical maintenance of the register. In such cases, the controller sees to the sufficient level of privacy protection as required by the law (i.e. when storing data in the United States, we make sure that our subcontractors and partners comply with the Privacy Shield –act).

Right of access and rectification of data

Data subjects have the right to check what data on them is entered in the register. The request for access shall be delivered in writing and signed to the person responsible for register matters. The request of access may also be presented personally at the place of business of the controller at the aforementioned address. Should there be errors in the saved data, the data subject has the right to demand that erroneous data is rectified by contacting the person responsible for register matters.

Right to prohibit processing

Data subjects have the right to prohibit the use of their data for purposes of direct advertising, distance selling, other direct marketing, market research and opinion polls. The prohibition may be requested from the person responsible for register matters.

Principles of register protection

The only persons with access to the CRM system and files containing personal data are those in the employ of Contral Clinics who participate in the processing of data as part of their duties. Each employee using the register has a personal username and password for the system. The register is located on the Contral Clinics’s service provider’s servers. These servers have been secured with the necessary technical and organisational measures.

Back to home page