PRIVACY POLICY

Visitors to the Renalis.fi website must accept the means of data collection and processing described in this Privacy Policy. We collect and store three types of information; observable information about the use of online services, information provided by users themselves and information derived through analytics.

RENALIS:FI CUSTOMER REGISTER PRIVACY POLICY

1. Data Controller

Renalis Oy (hereinafter Renalis) Business ID 3408982-4

2. Contact person responsible for the register

Pia Koponen, Chief Executive Officer
pia.koponen@renalis.fi.
Phone 040 900 9560.

3. Name of the register

Renalis customer register

4. Purpose of processing personal data

The source of the data is the website user/customer himself/herself. Personal data are processed for purposes related to the management, administration and development of the customer relationship, the provision and delivery of services.

5. Legal grounds for processing

The legal basis for processing personal data is the following criteria in accordance with the EU General Data Protection Regulation (hereinafter also referred to as “GDPR”):

the data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes (GDPR Art. 6.1.a);
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (GDPR Art. 6 Art. 1.f).

The legitimate interest of the controller mentioned above is based on a relevant and appropriate relationship between the data subject and the controller, which results from the fact that the data subject is a customer of the controller and where the processing is carried out for purposes which the data subject could reasonably have expected at the time of collection of the personal data and in time of collection of the personal data and in the context of the relevant relationship.

6. Data content of the register

What information does Renalis collect and store?

Information provided by the user

  • Identification information, such as name
  • Contact information, such as telephone number, email address and postal address

7. Regular data sources

Personal data is collected from the data subject himself.

Personal data is also collected and updated, within the limits of applicable law, from publicly available sources related to the performance of the customer relationship between the controller and the data subject and through which the controller carries out its obligations in relation to the maintenance of the customer relationship.

8. Sensitive personal data

We do not ask or request you to provide us with sensitive personal data. We ask that you do not send or disclose to us any information that is considered sensitive under applicable law (such as social security number, credit card number, passport number, racial or ethnic origin, political opinions, religion or belief, health, sex life, sexual orientation, criminal history, trade union membership, biometric or genetic information used to identify an individual) on our site or otherwise.

9. Use of personal data of minors

This site is not directed to persons under the age of 16. We ask that persons under the age of 16 not disclose their personal information through this site. If your child has submitted personal information to us and you wish to request the deletion of that personal information, please contact the contact person listed in Section 2.

10. Data transfers and disclosures

Renalis stores data within the EU and does not disclose or transfer data outside the European Economic Area.

11. Retention period of personal data

Data collected in the register will be kept only for as long and to the extent necessary in relation to the original or compatible purposes for which the personal data were collected.

We will keep the data for the period necessary to fulfil the purposes of use set out in this notice

The controller will regularly assess the necessity of data retention in accordance with its internal code of conduct. In addition, the controller will take all reasonable steps to ensure that personal data which are inaccurate, inaccurate or out of date, having regard to the purposes of the processing, are erased or rectified without undue delay.

12. Rights of the data subject

The data subject has the following rights under the EU General Data Protection Regulation:

  1. The right to obtain confirmation from the controller that personal data concerning him or her are being processed or not being processed and, if such personal data are being processed, the right of access to the personal data and the following information: (i) the purposes of the processing; (ii) the categories of personal data concerned; (iii) the recipients or categories of recipients to whom the personal data have been or are to be disclosed; (iv) where possible, the envisaged period of retention of the personal data or, if that is not possible, the criteria for determining that period; (v) the data subject’s right to obtain from the controller the rectification or erasure of personal data concerning him or her or the restriction of the processing of personal data or to object to such processing; (vi) the right to lodge a complaint with a supervisory authority; (vii) where the personal data are not collected from the data subject, any available information on the origin of the data (Art. ). This basic information described in (i) to (vii) is provided to the data subject on this form;
  2. the right to withdraw consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent before its withdrawal (GDPR Art. 7);
  3. the right to obtain the rectification, without undue delay, of inaccurate or incomplete personal data concerning the data subject and the right to have incomplete personal data completed, inter alia, by providing further explanations, taking into account the purposes for which the data were processed (GDPR Art. 16);
  4. the right to obtain from the controller the erasure of personal data concerning the data subject without undue delay, provided that (i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed; (ii) the data subject withdraws the consent on which the processing was based and there is no other lawful basis for the processing; (iii) the data subject objects on grounds relating to his or her particular personal situation and there is no legitimate ground for the processing or the data subject objects to the processing for direct marketing purposes; (iv) the personal data have been unlawfully processed; or (v) the personal data must be erased in order to comply with a legal obligation under Union or national law to which the controller is subject (Article 17 GDPR).
  5. The right to restriction of processing by the controller where (i) the data subject contests the accuracy of the personal data, in which case the processing is restricted for a period of time within which the controller can verify its accuracy; (ii) the processing is unlawful and the data subject objects to the erasure of the personal data and requests instead the restriction of their use; (iii) the controller no longer needs the personal data concerned for the purposes of the processing, but the data subject needs them for the establishment, exercise or defence of legal claims; or (iv) the data subject has objected to the processing of personal data on grounds relating to his or her particular situation, pending verification whether the legitimate grounds of the controller override those of the data subject (Art. );
  6. the right to obtain the personal data concerning him or her which the data subject has provided to the controller in a structured, commonly used and machine-readable format and the right to transmit such data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent within the meaning of the Regulation and the processing is carried out automatically (Art. 20 GDPR);
  7. the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data concerning him or her infringes the EU General Data Protection Regulation (Article 77 GDPR).

Requests concerning the exercise of the rights of the data subject shall be addressed to the contact person of the controller mentioned in point 1.