Data Protection Description for Wellmedic Oy Ab's Customer Register
Date: 20.6.2024

  1. Data Controller
    Wellmedic Oy Ab, Business ID 3132484-1, Rådhusgatan 13, second floor, 65100 Vasa

  2. Contact Person for Register Matters
    CEO Marta Backlund, marta.backlund@wellmedic.fi
    Phone: +358 44 079 0215

  3. Name of the Register
    Wellmedic Corporate Customer Register

  4. Purpose and Legal Basis for Processing Personal Data
    The primary basis for processing personal data is the customer relationship between
    Wellmedic and its customer, customer consent, the task given by the customer, or other
    relevant connection.
    Personal data may be processed for the following purposes:

  5. Care, execution, development, and follow-up of customer relationships, customer
    service, communication, and marketing.
    Conducting analysis, reporting, and categorization of customer relationships and other
    purposes intended for the development of the customer relationship and business
    conducted by Wellmedic.
    Collecting feedback and processing customer satisfaction.
    Conducting market research and surveys.
    Recording calls with consent for verifying service events, ensuring security and legal
    protection, training staff, and ensuring service quality.
    Profiling purposes are described in detail in point 10 of this data protection description.
    Processing tasks can be outsourced to Wellmedic's partners and/or external service
    providers in accordance with data protection legislation and within its limits.

  6. Register Content
    Description of information, data about the registered person that may be stored:
    Name, date of birth, address, phone number, customer number, gender, language,
    email, and other necessary information needed to maintain a good level of service.
    Employees, coworkers, information about the workplace (such as job satisfaction,
    accidents, organizational size, employees' ages, and health conditions).
    Information related to services requested, purchased, or used by the registered
    customer, notes, level and validity period, information about communication and
    marketing in various forms.
    Information provided by the registered person themselves, information about care
    outside Wellmedic, interests, occupations, or other similar information.
    Information about agreements related to insurance, occupational health services,
    sports clubs, and similar arrangements.
    Services requested and used by the registered person, including billing information.
    Requests for services, operational units, and type of resource (professional staff).
    Information about prohibitions, restrictions, consents regarding the use of personal
    data, and other choices made by the registered person.
    Data processing details such as the date the information was stored and the information
    source.
    The purpose of the register, information collection related to maintaining the customer
    relationship.

  7. Data Retention Period
    Wellmedic retains data in its customer register until the customer relationship between
    the registered person and the company has ended. The basis for termination is
    determined based on key indicators related to the customer's last contact. The
    customer relationship can also end earlier at the customer's own request.

  8. Sources of Information
    Information is primarily collected from the following sources:
    The registered person themselves, events related to the registered person's customer
    relationship, communication, transactions, and use of services.
    The party providing identification, certification, address, updating, credit information, or
    other similar services.
    The register may also record information provided by Wellmedic's partners, such as
    insurance companies or sports clubs.

  9. Regular Disclosure and Transfer of Information
    Information is disclosed to Wellmedic's partners for purposes described in point 4 of
    this data protection description in accordance with data protection legislation and
    within its limits. Customer data may be transferred outside the European Union or the
    European Economic Area, including to the United States, in accordance with data
    protection legislation and within its limits.

  10. Description of Data Protection Principles
    Any manual material is stored in a locked space accessible only to persons with special
    rights. Access to digital material is granted only to authorized employees or partners
    with personal usernames and passwords. Permissions have different levels, and users
    are always granted limited access.

  11. Profiling
    As part of the processing of personal data in the customer register, Wellmedic may use
    the data for profiling purposes. Profiling is carried out by assigning the registered person
    a customer ID with which data about the registered person arising from the use of
    services can be combined. After this, a profile created in the above-described manner
    can be compared with profiles of other registered persons. The purpose of profiling is to
    investigate the demand and consumer behavior for services offered by Wellmedic.

  12. Right to Object
    A registered person has the right, considering their special situation, to object to
    profiling and other processing actions directed at the registered person's personal data
    where the basis for processing is the customer relationship between Wellmedic and the
    registered person. The registered person can present their objection according to point
    13 of this data protection description. In case of objection, the registered person must
    specify the particular situation due to which they oppose the processing. Wellmedic
    may refuse the objection request on legal grounds. The registered person can give
    consent or request a ban on channel-specific direct marketing and profiling.
    Data Subject Rights in the Processing of Personal Data

    1. Right of Access
      Every registered person has the right to check what information has been stored about
      them in Wellmedic's customer register. Requests for access should be made in
      accordance with point 13 of this data protection description. The right of access can be
      denied based on legal provisions. Exercising the right of access in digital form is free of
      charge.

    2. Right to Rectification, Deletion, or Restricted Processing
      In so far as the registered person or user can act themselves, the person should, without
      delay after becoming aware of an error or discovering an error themselves, on their own
      initiative correct, delete, or complete the stored information that is incorrect,
      unnecessary, incomplete, or outdated. If the registered person cannot correct
      incomplete information themselves, a request for rectification should be made
      according to point 13 of this data protection description. Including the deletion of data
      from Google or Apple applications. The registered person also has the right to require
      Wellmedic to restrict the processing of the registered person's personal data, for
      example, in a situation where the registered person is awaiting a response to a request
      for rectification or deletion of their information.

    3. Right to Transfer Own Data
      In so far as the registered person themselves have delivered such information to the
      customer register, which is processed with the registered person's consent, the
      registered person has the right to receive this information, generally in a digitally
      readable format, and the right to transfer this information to another data controller.

    4. Right to Lodge a Complaint with the Supervisory Authority
      The registered person has the right to complain to the supervisory authority if the data
      controller has not complied with data protection regulations in their operations.

    5. Other Rights
      If personal data is processed based on a registered consent, the registered person has
      the right to withdraw their consent by notifying Wellmedic of this in accordance with
      point 13 of this data protection description.

  13. Contacts
    In all matters related to the processing of personal data and situations related to the
    registered person's exercise of their rights, the registered person should contact
    Wellmedic at any of its business locations or by post to the address: Wellmedic Oy Ab –
    Data Protection, Rådhusgatan 13, second floor, 65100 Vasa. If necessary, Wellmedic
    may ask the registered person to specify their request in writing, and the registered
    person's identity may need to be verified before taking further action.