Controller

Oy Medfiles Ltd
Volttikatu 5, 70700 Kuopio

Persons responsible for the filing system

Sales and marketing coordinator

Purpose and grounds for processing personal data

Purpose for processing personal data:

  • Marketing for companies
  • Handling of client relations
  • Implementation of service agreements

Personal data is processed based on the client relationship or consent given in connection with submitting a contact form.

Personal data source

Personal data is collected

  • in connection with making and executing service agreements
  • in connection with contact requests.

Data content of the filing system

Company’s contact person’s
Name
Title
Work contact information

Data subject group

Partner; Client

Personal data storage information

Outdated data is erased at least once every two years or upon request of the data subject.

Format and location of the data Format

Format: Electronic
Location: M-files system

Access to personal data

Entire personnel of the company

Disclosure / transfer of data

Data is not disclosed outside the company. Data can be transferred within the company in EU or EEA countries.

Practices on assessment and maintenance

Data is updated on an ongoing basis when new or updated data is available.

Nevertheless, the data is checked at least every two years.

Technical means of protection / data security

Manual data material is transferred immediately into an electronic format. The filing system data is secured technically with the M-Files filing-system-specific definitions for right of access (ACL = Access Control List). This practice prevents unauthorised use of the filing system and ensures that the filing system is usable for the parties defined in the privacy policy.

Data subject rights

  • right to obtain access to personal data
  • right to rectify data
  • right to erase data
  • right to restrict processing
  • right to withdraw his or her consent and to object to the processing of personal data insofar as the processing has been based on the consent given

The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this data protection regulation.

Let’s chat

Contact us