PRIVACY STATEMENT

This privacy statement provides information in accordance with data protection legislation regarding the processing of personal data of Suomen Terveystalo Oy’s customers’ representatives.

Controller

Suomen Terveystalo Oy (hereinafter referred to as “Terveystalo”)
Jaakonkatu 3, 00100 HELSINKI, Finland

Purposes of and legal basis for the processing of personal data

Terveystalo’s customer register includes personal data of the responsible persons, contact persons, owners and other stake holders of Terveystalo’s existing and potential customers.

We process your personal data for the following purposes:

  • Enhancement of contractual obligations, maintenance and support of customer relationship, customer service, maintenance of contact information of customer representatives
  • User administration and control
  • Organization of events as part of stake holder activities
  • Collection and processing of customer feedback
  • Setting up a test account for purposes of service testing (Ninchat)
  • Implementation and analysis of market research and other customer surveys
  • Analysis, categorization and reporting of customer relationship and other purposes relating to development of the customership and Terveystalo’s business
  • Organization, development, targeting and monitoring of sales, marketing and communications
  • Securing of quality and safety of operations as well as legal security of parties
  • Prevention and clearance of abuses and issues
  • Compliance with statutory requirements, purposes relating to compliance and risk management (e.g. clearance of contractor liability and credit information, realization of sanction related activities binding on Terveystalo)
  • Anonymization and destruction of personal data in a secure manner
  • Recording of customer inquiries for purposes of verification of service events, securing of service quality, operational development and legal security and safety of the parties involved.

The basis for processing depends on the purposes of processing and the type of the personal data, and can be

  • contract between the person and Terveystalo;
  • consent of the person;
  • legitimate interest of Terveystalo or a third party, or
  • Terveystalo’s statutory obligation (e.g. on the basis of the Act on Contractor’s Investigation Obligation and Liability when Using External Labour 1233/2006 or the Act on Compliance with Certain Obligations of Finland as part of the United Nations and the European Union 659/1967)

Terveystalo will ensure that any processing on the basis of its legitimate interests is proportional to the interests of the data subject and meets the reasonable expectations of the data subject. The processing of personal data can be based on legitimate interests e.g. in the following situations:

  • attendance to customer relationship and maintenance of related personal data
  • customer service and recording of customer communications
  • analysis, categorization and reporting of customer relationship
  • implementation of market research and surveys
  • organization, development, targeting and monitoring of sales, marketing and communications
  • business development
  • securing of quality and safety of operations as well as legal security of the parties
  • ensuring of technical functionality of services
  • user monitoring
  • purposes relating to compliance and risk management
  • prevention and clearance of abuses and issues

What kind of data is collected?

We may process your following personal data:

  • Name and contact information
  • Customer company that you represent, your position, role as well as the department or unit where you work
  • Description of responsibilities within your organization
  • Consents or prohibitions as regards marketing communication
  • Customer feedback, responses to studies and surveys
  • Communications with Terveystalo
  • Invitation and attendance information in events
  • Recordings of service events
  • Information on access rights and user role
  • Data relating to the strong identification service that is used for purposes of log-in

In terms of online and communication analytics, we process the following personal data:

  • Monitoring of online behavior and use of services through e.g. IP-address or cookies. The collected data can include the browsed website, completed forms, type of the device you use, information on the channel used such as application, mobile or Internet browser, version of the browser, session ID, time and duration of the session.
  • Log information on the use of applications and services.
  • Monitoring of communication behavior; collected data can include e.g. information on the opening of an email sent by us, clicking or transfer onto our website through the email.

Storage periods of personal data

Terveystalo only stores personal data that are necessary for Terveystalo’s operation and for the purposes the personal data in question are processed. Terveystalo only stores personal data if it has a legal basis for its processing. Storage period of personal data is determined on the basis of the purpose the personal data in question are processed and/or the personal data in question. Storage period is affected by legal obligations concerning storing of personal data as well as other time limits for different actions (e.g. a period of filing a suit, expiration of time limit for the right to institute criminal proceedings). We typically store your personal data only for as long as you act as the contact person for our customer or another legal grounds for storing of the data exists. Receipts that are part of our accountancy records are stored for the duration of the year when it has been created as well as for six (6) consecutive years. Recordings for service events (such as email correspondence relating to a customer inquiry) are as a rule stored for twelve (12) months following termination of the customer relationship.

Terveystalo erases personal data that have become unnecessary for purposes of their grounds for processing also during the customership, such as personal data relating to conduct of marketing and use of the website. Personal data are anonymised or securely destroyed when they are no longer necessary for the purposes they were processed, when they are outdated or where there is otherwise no basis for their continued processing.

Processing and disclosure of personal data

The processing of personal data can be outsourced to Terveystalo’s group companies and/or external service providers who process the personal data on behalf of Terveystalo.

Personal data are not as a rule disclosed to third parties for purposes of their independent processing activities. Terveystalo discloses personal data to other controllers, such as authorities, where allowed under applicable legislation.

Personal data are not as a rule transferred outside the EU or the EEA. If a transfer takes place it will be conducted by using the European Commission’s standard contractual clauses or some other transfer mechanism permitted by data protection legislation.

Data sources

Terveystalo obtains the personal data is processes primarily from its customer or the data subject him/her or as a result by the data subject’s action. Online behavior is monitored on the basis of activities that take place on Terveystalo’s website.

Personal data can also be obtained from other reliable external sources such as the trade register, services used for purposes of clearing credit or sanction-related information as well as from authorities.

Data subjects’ rights

Right of access
  • Data subjects have the right to know whether personal data concerning him or her are being processed and to access data concerning themselves.
Right to rectification
  • Data subjects have the right to request the rectification of erroneous or incomplete data.
Right to erasure
  • Data subjects have the right to request the erasure of their personal data. Requests for erasure are implemented within the confines permitted by the law.
Right to object or restrict processing
  • The data subject has, in certain situations, the right to object to the processing of their personal data on grounds relating to their particular situation at any time.
  • A data subject has the right to request the restriction of the processing of their personal data if the data subject contests the accuracy of their personal data. In such cases, the processing of the personal data is restricted for the duration of the investigation.
Right to data portability
  • A data subject has the right to request that their data be transmitted from one system to another if the data has been provided by the data subject themselves and if the processing of the personal data is based on consent or an agreement.
Right not to be subject to an automated decision-making
  • The data subject has the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning them or similarly significantly affects them. However, there are exceptions to this prohibition.
Withdrawal of consent
  • Where the processing of personal data is based on consent, the data subject can withdraw their consent at any time. The consent can be withdrawn by contacting Terveystalo’s customer service at info@ninchat.com.
Right to lodge a complaint with a supervisory authority
  • A data subject has the right to lodge a complaint with the supervisory authority (Data Protection Ombudsman in Finland) if the data subject is of the opinion that the processing of personal data has infringed data protection legislation. Instructions for lodging a complaint can be found on the Data Protection Ombudsman’s website: www.tietosuoja.fi/en. A complaint can also be filed in the member state where the data subject has permanent residence or occupation.

Requests pertaining to the rights of data subjects can be directed at info@ninchat.com.

Protection of personal data

Terveystalo applies the appropriate physical, technical, and administrative protection measures to protect data from misuse. These measures include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to staff participating in personal data processing and risk management related to the planning, implementation, and maintenance of our services. Terveystalo chooses its subcontractors carefully and uses agreements and other arrangements to ensure that they process data in compliance with the law and good data protection practices.

Contact information

Terveystalo’s data protection officer email tietosuoja@terveystalo.com

Terveystalo’s Data Protection Officer
Jaakonkatu 3
00100 HELSINKI, FINLAND