INFORMATION NOTICE
General Data Protection Regulation (2016/679), Articles 13 and 14
Date of drafting: August 28th , 2018
We may update or revise this Information Notice at any time, with any notice to you as may be required under applicable law.
1. Controller / Company
Orion Corporation Orion Pharma
(Company Identification Number: 1999212-6)
Region Partner Sales
Orionintie 1
02200 Espoo
Finland
Tel. 010 4261
2. The person in charge / contact person
Sauli Niinistö
Orion Corporation Orion Pharma
Orionintie 1
02200 Espoo
Tel. 010 4261
Sauli.niinisto@orionpharma.com
Contact details of the Data Protection Officer: privacy@orion.fi
3. Name of the data file
Customer relationship management system (CRM) of Orion Pharma
4. The purpose for processing the personal data / recipients (or categories of recipients) of personal data / the legal basis for processing the personal data
The purpose for processing the personal data in this data file is to enable the controller to maintain customer services, develop, maintain, administer and monitor client relationships and to otherwise create and develop its operations, products and services.
We may share your information with third parties, such as those who assist us by performing technical operations such as data storage and hosting. If ownership or control of Orion Pharma or all or any part of our products, services or assets changes, we may transfer your personal data to any new owner, successor or assignee. Orion Pharma may disclose information to its authorised distributors and business partners to facilitate the delivery of its products and services. Orion Pharma will not otherwise disclose the collected data for commercial purposes outside the Orion Group.
The legal basis for processing of the personal data is legitimate interests of Orion / administration of the client relationship . We only process personal data based on our legitimate interests, in case we have deemed, based on the balancing of interest test, that the rights and interests of the data subject will not override our legitimate interest.
5. Content of the data file
The following personal data of Orion Pharma’s partner companies’ employees is collected :
Name, phone number and email address of the customer, company or other organisation and customer’s position in the company or organisation
6. Source of information
Information is collected by Orion Phama´s personnel.
7. Retention period of the personal data
The data files are periodically updated to include only data which is relevant for the purpose of processing.
8. The principles how the data file is secured
A. Manual data file
The manual data shall be stored in an area with restricted access, available only for the authorized persons.
B. Electronic information
The data file is located on a server in a private hosting environment. The application is used via a secure https connection. The data shall be stored in system with restricted password protected access, available only for the authorized persons who need the information based on their role. Only an authorized user of the data file can create new users and maintain user information.
9. Right of access
The data subject shall have the right of access, after having supplied sufficient search criteria, to the data on himself/herself in the personal data file, or to a notice that the file contains no such data. The controller shall at the same time provide the data subject with information of the sources of data in the file, on the uses for the data in the file and the destinations of disclosed data.
The data subject who wishes to have access to the data on himself/herself, as referred to above, shall make a request to this effect to the person in charge at controller by a personally signed or otherwise comparably verified document.
10. Right to object to processing
In case the legal basis for processing the personal data is the legitimate interests of the controller, the data subject has the right to object to processing on grounds relating to his or her particular situation.
In case the data subject wishes to use its above-mentioned rights, he or she shall make a request to this effect to the person in charge at the data controller by a personally signed or otherwise comparably verified document in writing to the representative of the data controller named under section 2. hereinabove.
11. Rectification, restriction of processing and erasure
The data controller shall, on its own initiative or at the request of the data subject, without undue delay rectify, erase or supplement personal data contained in its personal data file if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. The controller shall also prevent the dissemination of such data, if this could compromise the protection of the privacy of the data subject or his/her rights.
Under specific circumstances the data subject shall have the right to obtain from the controller restriction of processing.
If the data controller refuses the request of the data subject of the rectification of an error, a written certificate to this effect shall be issued. The certificate shall also mention the reasons for the refusal. In this event, the data subject may bring the matter to the attention of the Data Protection Ombudsman.
The data controller shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.
Requests for rectification shall be made by contacting the representative of the data controller named under section 2. hereof.