Privacy Policy

Medfiles wants to be as open and transparent as possible about our data protection policies. In the policy below, we clarify how your data may be collected, processed, and stored. We provide contact details where you can reach us if you have any questions about how we manage your data and protect your privacy.

Controller
Oy Medfiles Ltd
Volttikatu 5, 70700 Kuopio
+358 20 7446 800

Person responsible for the register
Marketing Expert

Purpose and grounds for processing personal data
Purpose: Marketing for companies, handling of client relations, implementation of service agreement.

Personal data is processed based on the client relationship or consent given in connection with submitting a form, e.g. filling a contact form, subscribing a newsletter or downloading material. The processing of personal data is also based on legitimate interests, which has been evaluated by the balance test.

Personal data source
We receive information mainly from the data subjects.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources, such as websites of companies and communities and social media channels. Data updating of this kind is performed manually, within the limits of the applicable laws and regulations.

Personal data is collected

  • in connection with making and executing offers and service agreements
  • in connection with contact requests
  • in connection with ordering the newsletter or other content
  • in connection with fairs, congresses and partnership meetings
  • in connection with clients’ communication or contact needs

Data content of the filing system
We process the following personal data of our clients or other data subjects, in connection with the customer register:

  • Information of company and company’s contact persons, such as Business ID, address, name, title, role in the company, and contact details of the contact person.
  • Information of the customership and the contract, such as past and current contracts and orders, order history, payment and account information, general correspondence with the client’s contact persons, and other information of the customership (e.g. service area).
  • Other possible information collected with data subject’s consent, such as a role in the company.

Data subject group 
Client; Partner

Personal data storage information
The accuracy of personal information is regularly monitored at the time of contact and obsolete information is corrected or deleted as soon as it becomes available.

Format and location of the data
Format: Electronic
Location: Visma Severa, M-files system, ActiveCampaign and Demio

Access to personal data
Persons whose job description includes marketing or sales work and handling customer contracts and billings.

Disclosure and transfer of data
Data is not disclosed outside the company. Data can be transferred within the company in EU or EEA countries.

Practices on assessment and maintenance
Data is updated on an ongoing basis when new or updated data is available.

Technical means of protection / data security
Manual data material is transferred immediately into an electronic format. The filing system data is secured technically with the M-Files and Visma Severa filing-system-specific definitions for right of access. This practice prevents unauthorised use of the filing system and ensures that the filing system is usable for the parties defined in the privacy policy.

The security and privacy policies of Visma Severa can be found here: https://www.visma.com/trust-centre/privacy/

The security and privacy policies of ActiveCampaign can be found here: Data Protection and Security | ActiveCampaign

The security and privacy policies of Demio can be found here: Demio Security & Privacy | Demio Help Center

Data subject rights
Unless otherwise provided by law, the data subject has

  • the right to obtain information on the processing of personal data
  • the right to obtain access to personal data
  • the right to rectify data
  • the right to erase data
  • the right to restrict processing
  • the right not to be subject to a decision based solely on automated processing
  • the right to withdraw his or her consent and to object to the processing of personal data insofar as the processing has been based on the consent given

The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this data protection regulation.

COOKIES AND SIMILAR TECHNOLOGIES

The website uses cookies. This website uses a consent management solution called CookieHub.

We use the data to develop our services. Visitor tracking allows us to see, for example, how many visitors enter the website, which sources the visitor traffic comes from, and a lot of other useful statistics about the use of the website.

The cookie banner will be displayed at the bottom of the browser window when you first enter the site or if there is no data about your previous selection. It allows you to block or allow all cookies, or select which cookies you allow category specifically. If you want to learn more about the cookies we use, select cookie settings.

If you later want to change your cookie settings, you can do so by clicking on the gear icon in the lower left corner of the browser window. Blocking cookies at a later stage will also remove any cookies you may have previously allowed. Read more about the CookieHub data protection.

Cookie consent register
If you allow cookies, the site will store your consent data in anonymised form on a third-party consent management solution (CookieHub). The storing is based on the legal obligations of the owner of the site (accountability of receiving informed consent).

The collected personal data includes:

  • IP address (anonymised)
  • Cookie settings
  • Date and time
  • URL address
  • Browser name and version and operating system (user agent string)
  • Country

Visitor tracking
The website uses a first-party visitor tracking software installed on our own server and in our own management, and your consent for the use of this software is not required. The visitor tracking service stores anonymised personal data on visitors to our website and their activities on the website. Technically, the visitor tracking works with a program code and server call performed in the browser. Cookies have been disabled.

The collected personal data includes:

  • IP address (anonymised)
  • Information connected to page request
  • Various information about the user’s device and software
  • Various information about the use of the website

The data is collected in the Matomo database of an open-source code visitor tracking software located on our own server.

Third party visitor tracking
The website uses an external, third-party visitor tracking service. The visitor tracking service stores anonymised personal data on visitors to our website and their activities on the website. Technically, visitor tracking works by means of program code performed in the browser, IP addresses and cookies installed in the browser, which identify the page reviews and other actions taken by a particular user on the website.

Personal data collected includes at least:

  • IP address
  • Information connected to page request
  • Various information about the user’s device and software
  • Various information about the use of the website

The data is collected in the register of a third-party Google Analytics visitor tracking service.

Consent for third-party visitor tracking is requested using the cookie consent banner when the user first enters the site. The cookie consent banner can also be used to withdraw any previously granted consent.

Storage period of personal data
CookieHub will store the data for 12 months, after which it will be automatically deleted.

Matomo is set to store personal data from anonymised visitor tracking for 2 years, after which it will be automatically deleted.

According to Google, the anonymised visitor- and event-specific information will be stored in their visitor tracking service for 14 months. The maximum period of validity of conversion tracking cookies is 2 years.