POLICY FOR THE PROCESSING OF PERSONAL DATA
Updated 1 April 2021
We at Remomedi understand how important privacy is to our customers. We are committed to respecting and protecting our customers’ privacy. Our customers entrust us with their confidential data, and we have an obligation to act in accordance with this trust.
In this Policy for the Processing of Personal Data (“Privacy Policy”), we state:
- how we collect personal data;
- what personal data we process;
- for what purposes we process personal data;
- how we protect and safeguard personal data;
- to whom we disclose personal data;
- how long we retain personal data; and
- what rights and options you have regarding the processing of your personal data.
When processing your personal data, we comply with the EU legislation applicable to Remomedi and with authority regulations and instructions. The Privacy Policy applies to the processing of personal data of natural persons, regardless of whether you are a consumer or business customer. In addition, Remomedi may have case- and service-specific Privacy Policies, which describe the processing of personal data in the case or service in question.
The Privacy Policy does not apply to services or websites provided by other companies, even if they were accessed through Remomedi’s services.
DEFINITIONS
The below terms are used in the Privacy Policy as follows:
“Anonymized data” refers to data that can no longer be associated with you as a person, as all
identifiable elements have been removed.
“Customer” is a subscriber, buyer, or user of our Services. The customer that has a contractual
relationship with Remomedi is responsible for ensuring that all the users are aware of and
understand the contents of the Privacy Policy.
“Personal data” refers to data that can be associated with you either directly or indirectly. The
types of personal data we process are described below in the Privacy Policy.
“Services” refers to all products and services provided by Remomedi.
“Remomedi companies” means companies that belong to Remomedi family of companies.
“Traffic data” refers to such data on (video)calls, messages and e-mail messages generated in connection with the use of a service that is processed in the communications network to transmit a message, or for other purposes permitted or required by law.
Data generated in connection with the use of services includes information about the parties of communications and the terminal device, the start and end time and duration of communications, the data transmission protocol, the volume of data transmitted, or other similar data processed in the communications network to transmit, distribute, or forward messages. If the traffic data can be associated with you as a person either directly or indirectly, it is also considered to be personal data.
HOW DO WE COLLECT PERSONAL DATA?
Remomedi provides a wide range of services. What personal data we collect depends on the Services you use, and on what data you submit to us or we collect in this connection or otherwise when you log in to our Service.
We can collect personal data from the following sources:
Directly from you yourself for instance when you do business with us, buy, or subscribe to our Services and products, or when you register with or log in to our Services or contact us.
From other sources:
Detected data generated in connection with the Service use are processed by us to the extent permitted by law for instance when you use our communications network, mobile apps and other Services (for example in connection with video calls and sending of messages or website visits).
Data obtained specifically from other sources, such as other service providers or our customer organisations. We may also process personal data received from other Remomedi companies in accordance with this Privacy Policy under the conditions laid down by law.
Disclosure of personal data to Remomedi is not compulsory, but if you choose not to disclose your personal data, we will not necessarily be able to provide you with our Services.
WHAT PERSONAL DATA DO WE PROCESS ON YOU?
We may process the following types of personal and traffic data:
- Basic details, such as name and contact details;
- Demographic data, such as age, date of birth, gender and mother tongue;
- Personal identity number, if necessary, in order to identify the customer for healthcare and pharmacy services, billing purposes or if otherwise permitted or required by law;
- Data collected in connection with the registration with, identification in and login to Remomedi’s services and applications, such as usernames and passwords and transaction data concerning the login;
- Data on customership and contractual relationship, such as data on the Service, purchases, products, orders and guarantee times and the data associated with them or necessary to provide them, user information, data associated with invoicing, credit control and payment, data on online transactions, authorisations, records made in customer service situations such as recorded calls as well as e-mail, and other additional data you have provided;
- Data generated in association with Communications Services (VideoPharmacy service, Remomedi app), such as traffic data, data generated from the use of Remomedi’s website, data needed for administering electronic identification services; and
- Other data that we collect with your consent and that we specify when requesting your consent.
FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?
We collect, process, and use personal data that are needed for conducting and planning our business, efficient customer service and other appropriate commercial activities, including the processing of personal data for anonymizing data.
The processing of personal data is most often based on an agreement you have concluded with us or on Remomedi’s legitimate interest in connection with Service use and provision. Remomedi has a legitimate interest to process personal data for customer relationship management and to serve our customers. We may also process personal data based on other grounds, such as based on your consent or the law.
We may combine data collected in connection with different Services in so far as the data have been collected for the same purpose.
Remomedi may have business pages on Facebook that are administered by Remomedi. For these pages, Remomedi and Facebook act as joint controllers, as applicable. Facebook processes data in accordance with its privacy policy. Facebook is primarily responsible for complying with data protection legislation and for implementing the rights of the data subject in its service. Learn more about the processing of personal data by Facebook and the page administrator and the division of responsibilities between the parties. Facebook privacy settings can be managed on Facebook.
In all cases, we process personal data only for a specified purpose and to the extent necessary for it, taking the protection of our customers’ privacy always into account.
Remomedi processes your personal data for the following purposes
1. Based on a contractual relationship and to provide Services:
We process your personal data for the provision and production of Services. We process yourpersonal and traffic data for of transmitting communications, implementing a service, and ensuring information security, for example when transmitting a text message or email to the recipient. In addition, the provision of Services requires that we process personal data for
managing a customer or contractual relationship, identifying customers or users, processing and delivering orders, invoicing, service and product quality control, credit control, debt collection, customer service, and for fixing various faults and incidents or for processing complaints. The formation of a contractual relationship and/or the delivery of services may require an
approved credit decision, which can be taken through automated decision-making.
We also process personal data for the purpose of customer communications, for example for sending notifications related to Services and to contact customers in matters related to our Services.
We process personal and traffic data to detect technical faults and errors, to ensure the information security of our Services, data systems and communications networks, and to test their operations. If necessary, we may also process personal and traffic data to detect or prevent misuse and fraud related to our Services, for example if a service subject to a charge has been
used or attempted to use free of charge. For purposes of information security, we may also collect data on Service use, e.g., on successful and failed logins to our Services requiring registration.
We may process traffic data for the technical development of a service, such as for optimizing the operations. In addition, we may compile statistics for the development of Services and for other analysis needs.
We process personal data internally for the development, management and quality control of our
business, Services, and related processes. Such processing may be necessary, for example, when
we analyse delivery processes and complaints related to them to improve the efficiency of our
delivery process and thereby to find a better and faster way to serve our customers. We also
process personal data to better understand our customers’ needs and wishes as regards, for
example, the features and contents of our Services.
2. Based on legitimate interest:
Remomedi may process your personal data based on legitimate interest. Remomedi has legitimate
interest to process your personal data in the following situations, for example:
Direct marketing: We process and utilize both anonymized data and personal data for marketing purposes and for building target groups for marketing within the limits of the valid legislation. In addition, we may process personal data to target our marketing at the products and services that each customer finds interesting. We may use personal data within the limits of the law for marketing both our own and our cooperation partners’ (healthcare including pharmacies) products and services, such as for market research, and for customer satisfaction surveys.
Personalization of services: We may process personal data or anonymized data for personalizing and targeting Services for instance by giving recommendations and by showing targeted contents in our Services or customer channels. We also process personal data and anonymized data to get a comprehensive picture about the customer’s use of our Services. We use such profiled data to enable our customers to get a better experience of the use of our Services. Statistical purposes: We may also process personal data to create statistical analyses, which enable us to develop our business, customer offering or improve our services or products.
3. To comply with legal obligations:
We process personal data to fulfil our legal obligations, such as accounting and regulatory purposes.
As a healthcare company, Remomedi has an obligation to store information pursuant to regulations.
In addition, as a provider of an electronic identification service, Remomedi is obligated to store the data required to verify an individual authentication event.
4. For other purposes to which you have given your consent:
We may process your personal data for all purposes to which you have given your consent. You can, for example, give your consent to the processing of your traffic data or location data for us to guide you to pharmacy and other healthcare services.
When requesting your consent, we inform you of the meaning of the consent to personal data processing and how you can cancel your consent.
HOW DO WE PROTECT AND SAFEGUARD PERSONAL DATA?
As a healthcare technology company, information security and protection of customer data are of paramount importance to us. It is important for Remomedi to ensure the availability, integrity, and security of personal data. We strive to take appropriate actions to protect personal data and to prevent and detect unauthorized access to personal data and loss of personal data.
We take continuous efforts to safeguard our customers’ rights. We take care of the security of our personnel, data, information systems and public communications networks as well as our offices and technical facilities. We pay special attention to protecting the data we process, such as your personal data.
In data protection, we consider the risks posed to privacy protection and business operations by the processing of personal data, the available technical options, and different kinds of threats in accordance with the applicable legislation, regulations, and obligations under agreements. We may disclose your personal data to the extent permitted and required by law. We may also
process anonymized or statistical data that cannot be associated with you as a person. Such information can also be disclosed to third parties for other purposes than those described in the Privacy Policy.
We may disclose your personal data to the parties below.
1. Companies using Remomedi Services for the provision and production of Services to the extent permitted by applicable legislation.
2. Remomedi’s subcontractors that process personal data on our behalf based on our assignment. These third parties are not allowed to use the personal data for any other purpose than for providing the service agreed with us. When using subcontractors, we will ensure in an appropriate manner that the processing takes place in accordance with the Privacy Policy. The processors referred to herein include, for example, electronic identification providers, IT service providers and equipment servicing partners.
Our partners who process personal data on our behalf may be in the European Union or the European Economic Area. When transferring personal data outside the EU or EEA, we ensure by means of agreements (e.g., using the EU Commission’s standard contractual clauses) or otherwise (an adequacy decision by the European Commission) that the transfers are implemented as required by law. In addition, we ensure, and expect our processors to ensure, as required by legislation, that your personal data remain protected regardless of whether they are transferred outside the EU. More information on the conditions for the transfer of personal data to a party outside the EU or EEA.
3. Telecommunications companies or service providers that provide or are committed to providing you with services, for example, for invoicing purposes or in the event of a fault, or in association with electronic identification to identification broker services or service providers whose services you access or log in by means of Remomedi’s services or applications.
We may disclose personal data for healthcare service providers and identification broker services in the extent required by the intended use and as allowed or required by law. During authentication, your name, electronic unique identification number and/or personal identity number may be disclosed to the healthcare service provider and the identification service broker.
If you use the payment feature of your Remomedi service or application, i.e., you purchase goods and services from pharmacy or healthcare service provider, Remomedi may process the personal data needed to execute the payment transaction and disclose the subscription number to the service provider (such as Online Payment Processing Company) through whom you purchase the service using the payment feature.
When Remomedi discloses personal data to other service providers, the processing and collecting of personal data is carried out in accordance with the contractual terms and privacy policies of the respective service provider, and this Privacy Policy shall not apply to the processing of personal data by these parties.
Service providers might also transfer personal data to parties outside the EU and the EEA. If necessary, we recommend that you contact the relevant service provider if you need more information about their privacy policies.
4. Other third parties with your consent, which we may have received in connection with a particular service, for example.
5. In relation to legal proceedings or at the request of an authority based on applicable law or court order or in connection with a trial or authority process. Under a court decision, personal data may be disclosed, for example, to a copyright holder or their representative.
6. As required or permitted by law, for example when providing a connection-specific itemization for an invoice.
7. In connection with mergers and acquisitions and various business transaction and transfers.
HOW LONG DO WE STORE YOUR PERSONAL DATA?
We keep personal data only if necessary to fulfil the purposes defined in the Privacy Policy, unless otherwise required by legislation. No corresponding restrictions apply to the storing of anonymized data.
We do not store outdated or unnecessary information. We aim to make sure that the personal data and other customer data are up-to-date and correct.
Data processed based on a contractual relationship are stored, as a rule, for the duration of the contractual relationship or if the provision of the Services requires. After the expiry of the contractual relationship or the end of the Service provision, personal data will be stored if they are needed, for example, for unfinished business, invoicing, complaints, or warranty period. As a rule, the retention period for the data is at least 3 years from the end of the year in which the customer relationship ended. The storage times of individual data types may also be shorter.
Data processed based on legal obligations are processed and stored if required by law. Obligations regarding the retention of personal data have been laid down in, for example, the Act on Electronic Communications Services (6–12 months) and the Act on Strong Electronic Identification and Electronic Trust Services (5 years).
The storage time of data processed with your consent is determined according to purpose of the processing. If you have given your consent to the processing of personal data for a specific service and then cancel your consent, we will no longer process data to target this specific service to you based on them.
However, we may still have the right or obligation to process personal data, for example, under a contractual relationship or legal obligation by healthcare or pharmacy authorities.
WHAT RIGHTS AND OPTIONS DO YOU HAVE?
Your rights and options depend on the purposes of the processing of personal data and on the situation.
The right of access: You have the right to receive a confirmation of whether your personal data are processed, and if they are, to gain access to the data. If less than six months have passed since your previous inspection request, Remomedi may charge you for the inspection request according to the pricelist
The right to give and withdraw your consent: If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
The right to rectify data: You are entitled to have your personal data rectified or, in certain cases, to have defective personal data supplemented.
The right to object to the processing of personal data: You are entitled to object to the processing of your personal data based on Remomedi’s legitimate interests, including profiling. Remomedi may reject the request, if the processing is necessary to implement Remomedi’s mandatory and legitimate interests. You are always entitled to oppose to the processing of your personal data for direct marketing purposes and for profiling related to direct marketing.
The right to data portability: You has the right to receive your personal data you have submitted to us for processing based on your consent or performance of contract. You are entitled to receive the data in a structured, commonly used, and machine readable format, and the right to transfer the data to another controller.
The right to be forgotten: You are entitled to ask Remomedi to erase data related to you, for example, if (i) you consider them unnecessary for the purposes described above, (ii) you cancel the consent you have given, (iii) you consider Remomedi to process your personal data contrary to law, or (iv) you object to the use of your personal data for direct marketing purposes.
The right to restriction of processing: You have the right under certain circumstances to require the controller to restrict the processing of your personal data.
You have the right to file a complaint about a credit decision made with automatic data processing to our customer service and to request that Remomedi’s handler processes the data and ensure that the decision is based on correct information. Please note that the credit decision may remain unchanged.
HOW WILL YOU KNOW IF THE PRIVACY POLICY HAS BEEN AMENDED?
We will update the Privacy Policy, if necessary, as our operations and Services develop. We advise you to check for the latest version regularly on our website.
If there is a conflict between translations, the Finnish version shall prevail.
HOW CAN YOU EXERCISE YOUR RIGHTS AND CONTACT US?
You can also get more information from Remomedi’s customer service, by calling +358 (0) 20 730 7415.
You can send any questions related to the processing of personal data or the Privacy Policy to the addresses below.
Controller of Company information:
Remomedi Oy, Valimotie 1, 00380 Helsinki, Finland
Business ID 2822258-8, VAT No. FI28222588
If you think that Remomedi has acted contrary to the Privacy Policy or the valid legislation, you are entitled to file a complaint about the matter. You can also file a complaint in Finland with the Office of the Data Protection Ombudsman, that monitors the lawfulness of the processing of personal data; the Medication Safety Agency Fimea, which regulates and monitors the use of personal data in healthcare, or the Finnish Transport and Communications Agency, which monitors the lawfulness of the processing of traffic data in Finland.
If you have any questions or want to discuss how Remomedi protects your privacy, please contact our Data Protection Officer: support@remomedi.com, or by calling +358 20 730 7413.
Applicable links: