Cookie settings
Data Protection Description for Wellmedic Oy Ab's Customer Register
Date: 20.6.2024
- Data Controller
Wellmedic Oy Ab, Business ID 3132484-1, Rådhusgatan 13, second floor, 65100 Vasa - Contact Person for Register Matters
CEO Marta Backlund, marta.backlund@wellmedic.fi
Phone: +358 44 079 0215 - Name of the Register
Wellmedic Corporate Customer Register - Purpose and Legal Basis for Processing Personal Data
The primary basis for processing personal data is the customer relationship between
Wellmedic and its customer, customer consent, the task given by the customer, or other
relevant connection.
Personal data may be processed for the following purposes: - Care, execution, development, and follow-up of customer relationships, customer
service, communication, and marketing.
Conducting analysis, reporting, and categorization of customer relationships and other
purposes intended for the development of the customer relationship and business
conducted by Wellmedic.
Collecting feedback and processing customer satisfaction.
Conducting market research and surveys.
Recording calls with consent for verifying service events, ensuring security and legal
protection, training staff, and ensuring service quality.
Profiling purposes are described in detail in point 10 of this data protection description.
Processing tasks can be outsourced to Wellmedic's partners and/or external service
providers in accordance with data protection legislation and within its limits. - Register Content
Description of information, data about the registered person that may be stored:
Name, date of birth, address, phone number, customer number, gender, language,
email, and other necessary information needed to maintain a good level of service.
Employees, coworkers, information about the workplace (such as job satisfaction,
accidents, organizational size, employees' ages, and health conditions).
Information related to services requested, purchased, or used by the registered
customer, notes, level and validity period, information about communication and
marketing in various forms.
Information provided by the registered person themselves, information about care
outside Wellmedic, interests, occupations, or other similar information.
Information about agreements related to insurance, occupational health services,
sports clubs, and similar arrangements.
Services requested and used by the registered person, including billing information.
Requests for services, operational units, and type of resource (professional staff).
Information about prohibitions, restrictions, consents regarding the use of personal
data, and other choices made by the registered person.
Data processing details such as the date the information was stored and the information
source.
The purpose of the register, information collection related to maintaining the customer
relationship. - Data Retention Period
Wellmedic retains data in its customer register until the customer relationship between
the registered person and the company has ended. The basis for termination is
determined based on key indicators related to the customer's last contact. The
customer relationship can also end earlier at the customer's own request. - Sources of Information
Information is primarily collected from the following sources:
The registered person themselves, events related to the registered person's customer
relationship, communication, transactions, and use of services.
The party providing identification, certification, address, updating, credit information, or
other similar services.
The register may also record information provided by Wellmedic's partners, such as
insurance companies or sports clubs. - Regular Disclosure and Transfer of Information
Information is disclosed to Wellmedic's partners for purposes described in point 4 of
this data protection description in accordance with data protection legislation and
within its limits. Customer data may be transferred outside the European Union or the
European Economic Area, including to the United States, in accordance with data
protection legislation and within its limits. - Description of Data Protection Principles
Any manual material is stored in a locked space accessible only to persons with special
rights. Access to digital material is granted only to authorized employees or partners
with personal usernames and passwords. Permissions have different levels, and users
are always granted limited access. - Profiling
As part of the processing of personal data in the customer register, Wellmedic may use
the data for profiling purposes. Profiling is carried out by assigning the registered person
a customer ID with which data about the registered person arising from the use of
services can be combined. After this, a profile created in the above-described manner
can be compared with profiles of other registered persons. The purpose of profiling is to
investigate the demand and consumer behavior for services offered by Wellmedic. - Right to Object
A registered person has the right, considering their special situation, to object to
profiling and other processing actions directed at the registered person's personal data
where the basis for processing is the customer relationship between Wellmedic and the
registered person. The registered person can present their objection according to point
13 of this data protection description. In case of objection, the registered person must
specify the particular situation due to which they oppose the processing. Wellmedic
may refuse the objection request on legal grounds. The registered person can give
consent or request a ban on channel-specific direct marketing and profiling.
Data Subject Rights in the Processing of Personal Data
- Right of Access
Every registered person has the right to check what information has been stored about
them in Wellmedic's customer register. Requests for access should be made in
accordance with point 13 of this data protection description. The right of access can be
denied based on legal provisions. Exercising the right of access in digital form is free of
charge. - Right to Rectification, Deletion, or Restricted Processing
In so far as the registered person or user can act themselves, the person should, without
delay after becoming aware of an error or discovering an error themselves, on their own
initiative correct, delete, or complete the stored information that is incorrect,
unnecessary, incomplete, or outdated. If the registered person cannot correct
incomplete information themselves, a request for rectification should be made
according to point 13 of this data protection description. Including the deletion of data
from Google or Apple applications. The registered person also has the right to require
Wellmedic to restrict the processing of the registered person's personal data, for
example, in a situation where the registered person is awaiting a response to a request
for rectification or deletion of their information. - Right to Transfer Own Data
In so far as the registered person themselves have delivered such information to the
customer register, which is processed with the registered person's consent, the
registered person has the right to receive this information, generally in a digitally
readable format, and the right to transfer this information to another data controller. - Right to Lodge a Complaint with the Supervisory Authority
The registered person has the right to complain to the supervisory authority if the data
controller has not complied with data protection regulations in their operations. - Other Rights
If personal data is processed based on a registered consent, the registered person has
the right to withdraw their consent by notifying Wellmedic of this in accordance with
point 13 of this data protection description.
- Right of Access
- Contacts
In all matters related to the processing of personal data and situations related to the
registered person's exercise of their rights, the registered person should contact
Wellmedic at any of its business locations or by post to the address: Wellmedic Oy Ab –
Data Protection, Rådhusgatan 13, second floor, 65100 Vasa. If necessary, Wellmedic
may ask the registered person to specify their request in writing, and the registered
person's identity may need to be verified before taking further action.