top of page
Privacy Policy
Privacy Policy
This privacy policy explains how Biohealth Europe Oy (3451696-1) processes personal data, what personal data the company collects, the purposes for which the data is used, to whom the data may be disclosed, and how the data subject can influence the processing. This privacy policy complies with the EU General Data Protection Regulation (GDPR). We reserve the right to make changes and updates to this privacy policy.
​
1. Contact Information of the Data Controller
​
Biohealth Europe Oy (3451696-1)
Contact Person: Sean Bergeheim
info@biohealth.fi
​​
2. Processing and Purpose of Personal Data
​
2.1. Legal Basis for Processing Personal Data
We always process your personal data lawfully, fairly, and transparently. We collect and process your data only if we have a legal basis for doing so.
The processing of personal data is based on statutory obligations. We collect and use your data only if:
-
You have given us permission to use the data for a specific purpose;
-
It is necessary for the performance of a contract to which you are a party, or to take certain steps at your request before entering into a contract;
-
It meets a legitimate interest (which does not override your data protection rights), such as investigating misuse, statistical and research work, or protecting our legal rights or interests.
-
It is necessary for compliance with statutory obligations;
-
It is necessary due to a threat to life, health, or injury.
​
3. Purpose and Legal Basis of Processing Personal Data
​
3.1. We collect and process personal data for the following purposes:
-
Recruitment,
-
Employment relationships,
-
Customer relationships,
-
Customer service,
-
Customer communication,
-
Maintenance of customer and partnership relationships,
-
Contractual relationships,
-
Marketing purposes,
-
Targeted marketing to customers and potential customers,
-
Research,
-
Statistics,
-
Reservations and orders of products and/or services,
-
Production, maintenance, development, and quality assurance of services/products,
-
Ensuring security and preventing and investigating misuse,
-
Risk management and prevention of misuse,
-
Compliance with statutory obligations,
-
Business planning and product development,
-
Usage monitoring,
-
Processing of product warranty information.
​
3.2. Personal data is collected:
-
From the individual or company themselves who provide the information.
​
3.3. The company processes the following data:
-
Personal or company information,
-
Contact information,
-
Billing or payment information,
-
Information related to the customer relationship,
-
Contract information,
-
Product and order information,
-
Customer feedback,
-
Inquiries and communications,
-
Complaints,
-
Marketing consents,
-
Information related to online behavior.
​
4. Regular Data Disclosures and Data Transfers
​
4.1. We adhere to careful data storage and processing practices and ensure data security through firewalls, passwords, and various generally accepted technical methods. Manually maintained materials are stored in locked facilities with restricted access to unauthorized individuals. Data storage and processing are conducted through known secure service providers. Data is protected with strictly defined access rights and is processed only for the purpose for which it was collected. All personal data is treated confidentially.
4.2. As a rule, we do not disclose or transfer data to third parties unless explicit consent has been given. Exceptions may include obligations related to legislation or regulatory requirements, which are always examined on a case-by-case basis for legality. An exception may also include data disclosure based on a contractual relationship with a service provider or subcontractor, who may process data to perform the service. In these cases, the appropriate and lawful processing of personal data is ensured through contracts and, if necessary, confidentiality agreements.
4.3. We do not transfer your data outside the EU or EEA.
​
5. Storage of Personal Data
​
5.1. Personal data is stored for two years after the end of the customer relationship, unless the customer requests the data to be deleted earlier. After the retention period, the data will be deleted or anonymized within 3 months. We reserve the right to notify separately of either a shorter or longer retention period.
5.2. Personal data may be used for profiling, provided there is a legal basis for it. We do not use personal data for automated decision-making.
​
6. Rights of the Data Subject
​
6.1. The data subject has the right to access and review their own data. They can request the data to be provided in writing or electronically.
6.2. Correction and Deletion of Data
-
The data subject has the right to request the correction of incorrect or inaccurate data and to request the deletion of their data.
​
6.3. Reviewing Data
-
The data controller actively ensures the deletion, correction, and completion of incorrect, unnecessary, incomplete, or outdated personal data concerning the purpose of the processing.
​
6.4. Data Transfer
-
The data subject has the right to request the transfer of their data to another data controller. They can also request the restriction of the processing of their personal data in certain situations.
​
​6.5. Objection to the Use of Data
-
The data subject has the right to object to the use of their data for certain purposes. They can prohibit the disclosure and processing of their data for direct marketing purposes.
​
​​
6.6. Withdrawal of Consent
-
If the processing of personal data is based on consent, the data subject has the right to withdraw their consent at any time. This does not affect the processing carried out before the withdrawal.
​
6.7. Right to Complain
-
If the data subject believes that the processing of their personal data violates the EU General Data Protection Regulation or national data protection laws and regulations, they have the right to file a complaint with the supervisory authority.
​
6.8. Requests Concerning the Rights of Data Subjects
-
All requests concerning the rights of data subjects must be made electronically and addressed to the Data Protection Officer. Identity verification is required before the data is provided. Requests are processed within a reasonable time and as soon as possible after the request is made and identity is verified. If the request cannot be fulfilled, the data subject will be informed in writing.
bottom of page