Controller
Oy Medfiles Ltd
Volttikatu 5, 70700 Kuopio
Persons responsible for the filing system
Sales and marketing coordinator
Purpose and grounds for processing personal data
Purpose for processing personal data:
- Marketing for companies
- Handling of client relations
- Implementation of service agreements
Personal data is processed based on the client relationship or consent given in connection with submitting a contact form.
Personal data source
Personal data is collected
- in connection with making and executing service agreements
- in connection with contact requests.
Data content of the filing system
Company’s contact person’s
Name
Title
Work contact information
Data subject group
Partner; Client
Personal data storage information
Outdated data is erased at least once every two years or upon request of the data subject.
Format and location of the data Format
Format: Electronic
Location: M-files system
Access to personal data
Entire personnel of the company
Disclosure / transfer of data
Data is not disclosed outside the company. Data can be transferred within the company in EU or EEA countries.
Practices on assessment and maintenance
Data is updated on an ongoing basis when new or updated data is available.
Nevertheless, the data is checked at least every two years.
Technical means of protection / data security
Manual data material is transferred immediately into an electronic format. The filing system data is secured technically with the M-Files filing-system-specific definitions for right of access (ACL = Access Control List). This practice prevents unauthorised use of the filing system and ensures that the filing system is usable for the parties defined in the privacy policy.
Data subject rights
- right to obtain access to personal data
- right to rectify data
- right to erase data
- right to restrict processing
- right to withdraw his or her consent and to object to the processing of personal data insofar as the processing has been based on the consent given
The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this data protection regulation.