2. Controller of personal data
2.1 For the purpose of compliance with the data protection regulation, the data controller is Koite Health Oy (2918895-9) Otakaari 5A (we refer to ourselves as ”we”, ”us” or ”our”). This means that we are responsible for your personal data. If you have any further questions about our privacy policies and you wish to be in contact with us, you can use these contact details:
3. Purpose of the Collection of Personal Data and Legal Basis
3.1 We ensure that personal data is collected and processed only in accordance with the following purposes:
- To provide you with information on the products and services we offer;
- To notify you about changes to our services;
- For communication and marketing purposes; and
- To disclose data to certain authorities if the legislation so requires.
3.2 The legal basis for our processing of your personal data is
- consent from the data subject, i.e. you; and
- processing is necessary for the purposes of legitimate interests in Koite Health or a third party, and this interest overrides the interests of the data subject.
3.3 When the legal basis for processing personal data is your consent, you always have the right to withdraw your consent. Unfortunately, some of our services may no longer then be available to you.
3.4 The personal data will be stored until you withdraw your consent. After this time period the data will be deleted/anonymized.
4. What data do we collect?
4.1 We may collect and store personally identifiable data such as your name, address, telephone number, e-mail address, or other identifiable personal data which is voluntarily submitted by you when you use our website or engage with any of our content.
4.2 With your consent, we can also collect personal data for marketing purposes to directly advertise by mail. If you are under 16-years old, this consent must be given by your legal guardian.
5. Transfer of personal data
5.1 The collected personal data may be transferred to employees and our business partners in order to deliver a service to us or on our behalf in accordance with applicable data protection laws. The transfer of personal data is conducted in compliance with legal requirements, including such requirements that transfers are made under data processor agreements, to ensure that personal data is not processed for purposes other than clearly stated and to ensure that security measures are adequate.
6. Securing of Personal data
6.1 We will implement appropriate technical and organisational measures to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. Your personal data will be stored in a secure environment and treated confidentially.
7. The rights of the data subject
7.1 You have the right to
- request access to the personal data concerning you;
- rectification or erasure of your personal data;
- restriction of processing;
- object to processing;
- data portability;
- withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
- lodge a complaint with a supervisory authority.
7.2 If you wish to exercise your above-mentioned rights, you can contact us using the contact details under section 2.1. We will respond to your request without undue delay, but at the latest within one month after the request has been received.