Data Protection Description for Wellmedic Oy Ab's Customer Register
Date: 20.6.2024

1. Data Controller
   Wellmedic Oy Ab, Business ID 3132484-1, Rådhusgatan 13, second floor, 65100 Vasa
   
   
2. Contact Person for Register Matters
   CEO Marta Backlund, marta.backlund@wellmedic.fi
   Phone: +358 44 079 0215
   
   
3. Name of the Register
   Wellmedic Corporate Customer Register
   
   
4. Purpose and Legal Basis for Processing Personal Data
   The primary basis for processing personal data is the customer relationship between
   Wellmedic and its customer, customer consent, the task given by the customer, or other
   relevant connection.
   Personal data may be processed for the following purposes:
   
   
5. Care, execution, development, and follow-up of customer relationships, customer
   service, communication, and marketing.
   Conducting analysis, reporting, and categorization of customer relationships and other
   purposes intended for the development of the customer relationship and business
   conducted by Wellmedic.
   Collecting feedback and processing customer satisfaction.
   Conducting market research and surveys.
   Recording calls with consent for verifying service events, ensuring security and legal
   protection, training staff, and ensuring service quality.
   Profiling purposes are described in detail in point 10 of this data protection description.
   Processing tasks can be outsourced to Wellmedic's partners and/or external service
   providers in accordance with data protection legislation and within its limits.
   
   
6. Register Content
   Description of information, data about the registered person that may be stored:
   Name, date of birth, address, phone number, customer number, gender, language,
   email, and other necessary information needed to maintain a good level of service.
   Employees, coworkers, information about the workplace (such as job satisfaction,
   accidents, organizational size, employees' ages, and health conditions).
   Information related to services requested, purchased, or used by the registered
   customer, notes, level and validity period, information about communication and
   marketing in various forms.
   Information provided by the registered person themselves, information about care
   outside Wellmedic, interests, occupations, or other similar information.
   Information about agreements related to insurance, occupational health services,
   sports clubs, and similar arrangements.
   Services requested and used by the registered person, including billing information.
   Requests for services, operational units, and type of resource (professional staff).
   Information about prohibitions, restrictions, consents regarding the use of personal
   data, and other choices made by the registered person.
   Data processing details such as the date the information was stored and the information
   source.
   The purpose of the register, information collection related to maintaining the customer
   relationship.
   
   
7. Data Retention Period
   Wellmedic retains data in its customer register until the customer relationship between
   the registered person and the company has ended. The basis for termination is
   determined based on key indicators related to the customer's last contact. The
   customer relationship can also end earlier at the customer's own request.
   
   
8. Sources of Information
   Information is primarily collected from the following sources:
   The registered person themselves, events related to the registered person's customer
   relationship, communication, transactions, and use of services.
   The party providing identification, certification, address, updating, credit information, or
   other similar services.
   The register may also record information provided by Wellmedic's partners, such as
   insurance companies or sports clubs.
   
   
9. Regular Disclosure and Transfer of Information
   Information is disclosed to Wellmedic's partners for purposes described in point 4 of
   this data protection description in accordance with data protection legislation and
   within its limits. Customer data may be transferred outside the European Union or the
   European Economic Area, including to the United States, in accordance with data
   protection legislation and within its limits.
   
   
10. Description of Data Protection Principles
    Any manual material is stored in a locked space accessible only to persons with special
    rights. Access to digital material is granted only to authorized employees or partners
    with personal usernames and passwords. Permissions have different levels, and users
    are always granted limited access.
    
    
11. Profiling
    As part of the processing of personal data in the customer register, Wellmedic may use
    the data for profiling purposes. Profiling is carried out by assigning the registered person
    a customer ID with which data about the registered person arising from the use of
    services can be combined. After this, a profile created in the above-described manner
    can be compared with profiles of other registered persons. The purpose of profiling is to
    investigate the demand and consumer behavior for services offered by Wellmedic.
    
    
12. Right to Object
    A registered person has the right, considering their special situation, to object to
    profiling and other processing actions directed at the registered person's personal data
    where the basis for processing is the customer relationship between Wellmedic and the
    registered person. The registered person can present their objection according to point
    13 of this data protection description. In case of objection, the registered person must
    specify the particular situation due to which they oppose the processing. Wellmedic
    may refuse the objection request on legal grounds. The registered person can give
    consent or request a ban on channel-specific direct marketing and profiling.
    Data Subject Rights in the Processing of Personal Data
    
    
    1. Right of Access
       Every registered person has the right to check what information has been stored about
       them in Wellmedic's customer register. Requests for access should be made in
       accordance with point 13 of this data protection description. The right of access can be
       denied based on legal provisions. Exercising the right of access in digital form is free of
       charge.
       
       
    2. Right to Rectification, Deletion, or Restricted Processing
       In so far as the registered person or user can act themselves, the person should, without
       delay after becoming aware of an error or discovering an error themselves, on their own
       initiative correct, delete, or complete the stored information that is incorrect,
       unnecessary, incomplete, or outdated. If the registered person cannot correct
       incomplete information themselves, a request for rectification should be made
       according to point 13 of this data protection description. Including the deletion of data
       from Google or Apple applications. The registered person also has the right to require
       Wellmedic to restrict the processing of the registered person's personal data, for
       example, in a situation where the registered person is awaiting a response to a request
       for rectification or deletion of their information.
       
       
    3. Right to Transfer Own Data
       In so far as the registered person themselves have delivered such information to the
       customer register, which is processed with the registered person's consent, the
       registered person has the right to receive this information, generally in a digitally
       readable format, and the right to transfer this information to another data controller.
       
       
    4. Right to Lodge a Complaint with the Supervisory Authority
       The registered person has the right to complain to the supervisory authority if the data
       controller has not complied with data protection regulations in their operations.
       
       
    5. Other Rights
       If personal data is processed based on a registered consent, the registered person has
       the right to withdraw their consent by notifying Wellmedic of this in accordance with
       point 13 of this data protection description.
       
       
13. Contacts
    In all matters related to the processing of personal data and situations related to the
    registered person's exercise of their rights, the registered person should contact
    Wellmedic at any of its business locations or by post to the address: Wellmedic Oy Ab –
    Data Protection, Rådhusgatan 13, second floor, 65100 Vasa. If necessary, Wellmedic
    may ask the registered person to specify their request in writing, and the registered
    person's identity may need to be verified before taking further action.