Controller
Oy Medfiles Ltd
Volttikatu 5, 70700 Kuopio
Persons responsible for the filing system
Marketing Assistant
Purpose and grounds for processing personal data
Purpose for processing personal data:
- Marketing for companies
- Handling of client relations
- Implementation of service agreements
Grounds for processing is a legitimate interest (there is a relevant and appropriate relationship between the data subject and the controller.
Personal data source
Data subject
Data content of the filing system
Company’s contact person’s
Name
Title
Work contact information
Data subject group
Partner; Client
Personal data storage information
Storage period: 0
Beginning of the storage period: Receipt of the data
Specification to personal data storage information
Outdated data is erased at least once every two years or upon request of the data subject.
Format and location of the data Format
Format: Electronic
Location: M-files system
Access to personal data
Entire personnel of the company
Disclosure / transfer of data
Data is not disclosed outside the company. Data can be transferred within the company in EU or EEA countries.
Practices on assessment and maintenance
Data is updated on an ongoing basis when new or updated data is available.
Nevertheless, the data is checked at least every two years.
Technical means of protection / data security
Manual data material is transferred immediately into an electronic format. The filing system data is secured technically with the M-Files filing-system-specific definitions for right of access (ACL = Access Control List). This practice prevents unauthorised use of the filing system and ensures that the filing system is usable for the parties defined in the privacy policy.
Data subject rights
- right to obtain access to personal data
- right to rectify data
- right to erase data
- right to restrict processing
The data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this data protection regulation.