Registry and Privacy Statement
This UPharma Care Oy data protection statement describes what personal data is stored in UPharma Care Oy’s customer register, where the data is used, how the data is protected and where the data subject can obtain additional information regarding the processing of their own personal data.
UPharma Care Oy
c/o Hoivakehitys Oy
Johanna Jauhiainen, CEO
UPharma Care Oy
c/o Hoivakehitys Oy
+358 207 614 885
Purpose of the processing of personal data
UPharma Care Oy operates in the software publishing industry and collects its customers’ personal data for the provision of services, invoicing, accounting, statistics and research, as well as to fulfill its legal obligations. Personal information is also collected in part for targeted marketing. Personal data collected in the register is processed in accordance with the EU’s general data protection regulation, Finnish data protection legislation and other relevant regulations and laws.
The information in the customer register is used for customer service and for managing and maintaining customer relationships, developing services, marketing products and services, and fulfilling obligations based on law and in accordance with the regulations and instructions of the authorities.
The personal data in the register can also be used as an aid in profiling, for example for targeted marketing. Profiling in this case means the automatic processing of personal data by analyzing and processing the data collected in order to assess the characteristics of the person.
Criteria for the processing of personal data
UPharma Care processes personal data based on agreements agreed between the user and UPharma Care Oy. The processing of personal data is based on a contractual relationship and the legitimate interests of the controller, such as the use of the data in direct marketing, unless specifically prohibited by the person entered in the register. Direct marketing requires the customer to be aware that the information collected can be used for marketing and marketing targeting.
Persons or groups of persons to be entered in the register
- Buyers of UPharma Care Oy’s services
- Users of UPharma Care Oy’s services
- Contact persons related to UPharma Care Oy’s customer, such as close persons registered in the application
- Subscribers to UPharma Care Oy’s newsletter
- Participants in UPharma Care Oy’s competitions who give permission for marketing
- UPharma Care Oy’s partners
Information to be entered in the register
UPharma Care Oy collects information about persons in the register, as applicable, depending on the user’s contractual or cooperation relationship with UPharma Care Oy. The following information can be collected in the register:
- Contact information such as name, address, phone number, email address
- Personal information, such as social security number
- Payment information, such as credit card information or billing address
- Account connection, account number
- Registration information for services
- Customer- and partner-specific information, such as documentation of customer relationship management tasks
- Information on contracts
- Email and mobile phone marketing authorization
- Prohibitions on direct marketing
- Company-specific information, such as credit rating
Collection and dissemination of information
Personal data is collected from the company entered in the register, from the registered person himself and from close persons to whom the person entered in the register has given the right to manage the data.
The person entered in the register is responsible for the accuracy of the information regarding all the information he enters into the service and makes available to UPharma Care Oy. UPharma Care Oy processes and utilizes this information only as previously described, disclosing the information to third parties only if the parties are part of the development and operation of UPharma Care Oy’s services and the customer has entered into a contractual relationship to use the service in question.
The information may also be disclosed to third parties for marketing, research and service development purposes, provided that the information is anonymous and the person entered in the register cannot thus be identified. The basis for disclosing the information is then the development of the services and business of UPharma Care Oy or its partner.
The information entered in the register may be disclosed to the authorities only in accordance with the laws, regulations and guidelines in force.
The collection and utilization of user data is also described in more detail in the product-specific user terms and conditions to which the user agrees when using the service.
Transfer of personal data outside the European Union or the European Economic Area
Personal data entered in the register may be transferred outside the EU or the EEA to the extent permitted by data protection law. In connection with the disclosure of information, UPharma Care Oy ensures an adequate level of data protection through agreements or otherwise as required by data protection legislation.
Retention period of personal data
UPharma Care Oy determines the applicable legislation and business perspective, taking into account the data retention period. Unless there is a special legal basis for the retention of data, personal data may be retained in UPharma Care Oy’s register for a maximum of five years. The data shall be anonymised or deleted immediately if there is no legal and operational basis for processing or storing the data. The retention period may be affected by, for example, the possibility of complaints and the Accounting Act.
Principles of personal data protection
- UPharma Care Oy contributes to ensuring that data processing is controlled so that data is processed only by persons who have the right to data processing
- Persons handling register data have a duty of confidentiality
- Registry data is processed on a network that is secure and isolated from the public telecommunications network
- Confidential information processed on a public network is processed and encrypted using technical solutions
- A register is kept of the use of register data
- The registry dossier is carefully stored in a secure area and the processing of the dossier is monitored
Rights of the data subject
The person entered in the register has the right to inspect the information entered in the register. A request to inspect the register must be made in writing and signed to the contact person indicated in this document.
The person entered in the register has the right to request the correction and clarification of incorrect or incomplete information. A request to repair the register must be made in writing and signed to the contact person indicated in this document.
The registrant has the right to prohibit the controller from processing personal data for marketing, distance selling and research. The data subject must refuse to process the data in writing and signed by the contact person indicated in this document.
The person entered in the register may also, in certain situations, have the right to request the deletion of data, restrict the processing of his or her data or otherwise object to the right to process his or her data. The data subject may also request the transfer of data in machine-readable form based on the Data Protection Regulation, if technically possible.
The person entered in the register has the right to lodge a complaint with the supervisory authority if there are doubts about the right and lawfulness of the data processing.