BCB MEDICAL DATA PROTECTION DECLARATION
Last updated on March 23rd, 2022.
1. Data Controller
BCB Medical (Business ID 1839834-4 )
Ruukinkatu 2-4, 20540 Turku, Finland
+358 (0)20 7299 820
2. Contact Person in Data Protection Matters
+358 (0)20 7299 834
3. Name of the Register
BCB Medical’s customer and marketing register
4. Purpose of Processing Personal Data
The purposes of processing personal data are contacting customers, maintaining customer relations and marketing. Personal data is processed for the following purposes in particular:
- Marketing communications such as electronic communications; the website, newsletter, etc.
- Improving customer service, research related to service development, and customer relationship management.
- Analysis and statistics (e.g. Google Analytics)
- Organizing events
No automated individual decisions are made.
5. Legal Basis for Data Processing
Customer data is processed for the performance of a contract with the customer and on the basis of a legitimate interest created by the customer relationship. In addition, personal data is processed for marketing purposes on the basis of data subject’s consent and legitimate interest. In case we would like to use customer’s data as a reference in our websites, we always ask for the customer’s consent.
6. Data Contents of the Register
We store the following data given by the customer: first names, surname, contact details such as telephone number and e-mail address, the company/organization to which the person belongs and his/her position in the company or title, as well as other information to improve the provision of the service. In addition, we record information on diets and accessibility when registering for events.
8. Regular Data Sources
The information stored in the register is obtained from the customer through, for example, messages sent via web forms, e-mail, telephone, social media platforms, contracts, customer meetings and other situations where the customer discloses his/her information.
Information on contact persons of businesses and other organizations may also be collected from public sources such as websites, directory services and other businesses.
9. Regular Disclosure of Data and Transfer of Data Outside EU or EEA
Data is not regularly disclosed to other parties.
Customer data may be transferred outside the EU or EEA when this is necessary to provide the service. If personal data is transferred outside the EU or EEA, we will take into account the requirements of the data protection legislation and the effects of the transfer of the data on the rights and freedoms of the data subject and will take the necessary precautions to carry out the transfer. Data will not be transferred to the United States without the express consent of the data subjects.
10. Data Protection Principles
Personal data is processed with due care and the data processed by the information systems are adequately protected. When personal data is stored on internet servers, the physical and digital security of the servers is adequately ensured. The data controller ensures that stored data, server access rights and other information critical to the security of personal data are treated confidentially and only by employees who need the data in the performance of their duties.
11. Storage of Data
We will store personal data for as long as is necessary to maintain the customer relationship or until the data subject withdraws his/her consent for marketing or prohibits marketing directed at him/her.
12. Rights of the Data Subject
Every data subject has the right to review their personal data stored in the register and to request the correction of any inaccurate information or the completion of incomplete information.
In addition, data subject has the right to request the deletion of his/her personal data from the register (“right to be forgotten”). Data subjects also have the right to restrict the processing of personal data if the data subject considers that the processed personal data is inaccurate, the processing is against the law or if the data subject has objected to the processing of personal data. The data subject also has the right to file a complaint with the Data Protection Ombudsman regarding the controller’s processing of the personal data collected.
In order for the data subject to exercise the above-mentioned rights, the data subject shall contact the data controller using the following contact information: support(at)bcbmedical.com. If necessary, the controller may ask the person requesting the information to prove his/her identity. The controller shall respond to the customer’s request without undue delay and in any case within one month of receipt of the request.