Fortrolighedspolitik

Evondos marketing og kommunikation: Fortrolighedspolitik for persondataregister

1. Navn på registret

Evondos marketing og kommunikation: Persondataregister

2. Dataansvarlig

Evondos Oy
Business ID 2175820-8
Salorankatu 5–7
24240 Salo
Finland

3. Den dataansvarliges repræsentant for dette register

Markus Mäkelä
Tlf. +358 50 5952670
markus.makela@evondos.com

4. Kontaktinformationer for den databeskyttelsesansvarlige5. Formål og juridisk grundlag for håndtering af persondata

Formålet med dette dokument er at informere om, hvordan persondata bliver behandlet i Evondos’ marketing- og kommunikationsafdeling. Grundlaget for behandling af persondata er Evondos’ legitime interesser baseret på et kundeforhold, andre relevante relationer eller implementering af en serviceaftale hos en kunde.

Til brug for kundekommunikation
Evondos behandler og bruger kundernes persondata til at dele relevant, servicerelateret information og til at udvikle sine kundetjenester. Kommunikationskanalerne til kunderne er enten telefonen eller direct marketing via et e-mailmarketingsystem eller i form af direct mails.

Til brug for direct marketing
Evondos indsamler, behandler og segmenterer persondata fra kundeemner. Kontaktpersonerne hos kundeemnerne er udvalgt på baggrund af deres jobprofil og ansvarsområde. Bearbejdningen af persondata fra kundeemner omfatter modificering og målretning af direct marketing-indsatsen, så den er relevant og til fordel for modtagerne.

6. Registrets dataindhold

Evondos’ register over kunder og kundeemner indeholder nedenstående persondata, som er en forudsætning for relevante og målrettede marketingbudskaber og handlinger:

  • navn
  • arbejdsgiver
  • kontaktinformation: telefonnummer, mailadresse
  • titel

7. Almindelige informationskanaler

Vi modtager persondata direkte fra de registrerede og kan derudover bruge kunders og kundeemners offentlige hjemmesider til at indsamle information.
Andre informationskilder kan anvendes i overensstemmelse med gældende lovgivning.

8. Regelmæssige modtagere af persondata

Vi behandler informationerne selv og anvender derudover underleverandører som fx tjenesteleverandører inden for direct marketing, der behandler persondata på vores vegne og efter vores ønsker, når de leverer ydelser til os. Vores underleverandører er ikke berettigede til at behandle persondata til andre formål end at levere relevante services til os.

9. Dataoverførsel uden for EU-og EØS-lande

Vi overfører persondata uden for EU/EØS til USA. Vi har taget passende forholdsregler for overførslen. Enten er modtageren, som skal behandle disse data, certificeret under EU-US-samarbejdet om datasikkerhed, eller også bruger vi de standardmæssige kontraktklausuler, som er accepteret af EU.

10. Datasikkerhedsforanstaltninger og datalagringsperioder

Persondata om kunder og kundeemner lagres i et kontrolleret CRM-system, hvortil adgang er sikret med kodeord. Data på hhv. kunder og kundeemner er adskilt i dette system. Adgangen til persondataene i registret er begrænset til udvalgte personer baseret på deres ansvarsområder inden for håndtering af disse persondata. Enhver person, som tilgår registrets persondata, er underlagt en fortrolighedsforpligtelse.
Persondata opbevares, så længe det kræves, for at behandle dem under hensyntagen til de specificerede lagringsperioder angivet i gældende lovgivning og regler inden for områder som fx revision og skattelovgivning. Persondata bliver slettet senest tre år efter, at behovet for at behandle dem er udløbet.
Vi vurderer løbende behovet for datalagring, blandt andet i lyset af den gældende lovgivning. Derudover sørger vi for passende handlinger, hvis formål er at sikre, at der ikke opbevares uforenelige, forældede eller unøjagtige persondata i registret under hensyntagen til formålet med behandlingen. Vi korrigerer eller sletter den type data hurtigst muligt.

11. De registreredes rettigheder

Som registreret har du ret til at se dine egne persondata, vi har lagret i registret, samt ret til at kræve at få rettet eller slettet disse data. Du har også ret til at trække dit samtykke tilbage eller ændre det.
Som registreret har du iht. EU’s persondataforordning (ikrafttrædelse 25. maj 2018) ret til at gøre indsigelse mod behandlingen af dine persondata eller anmode om begrænset behandling, ligesom du kan indgive en klage til myndigheden, der fører tilsyn med databehandling. Den type anmodning skal afleveres personligt eller skriftligt som mail til repræsentanten anført i afsnit 3.
Den registrerede har ret til at indgive en klage til den relevante tilsynsmyndighed for databehandling.

Kontaktinformationerne på tilsynsmyndigheden kan findes her:
www.datatilsynet.dk

12. Ændringer i fortrolighedspolitikken

Hvis vi foretager ændringer i denne fortrolighedspolitik, placerer vi den ændrede politik på vores hjemmeside med en angivelse af ændringsdatoen. Hvis ændringerne er betydelige, kan vi også informere dig om dette på andre måder, for eksempel ved at sende en e-mail eller lægge et opslag på vores hjemmeside. Vi anbefaler, at du genlæser vores fortrolighedspolitik og -principper fra tid til anden, så du er opdateret om de ændringer, vi foretager.

Privacy Policy for Evondos® Automatic Medicine Dispensing Service user and usage register

Controller

Evondos Oy
Salorankatu 5 -7
24240 Salo, Finland
+358 2 777 760
info@evondos.com

(hereafter “we’ or “Evondos”)

Contact person for register matters

Mika Apell
Evondos Oy
Salorankatu 5 -7
+358 2 777 760
mika.apell@evondos.com

Name of register

Evondos® Automatic Medicine Dispensing Service user and usage register

What is the legal basis for and purpose of the processing of personal data?

The legal basis of processing personal data is Evondos’ justified interest on the basis of a customer relationship and implementing the contract.

The purpose of processing personal data is:

  • the delivery of the Evondos® Service to the customer,
  • fulfilling our contractual and other promises and obligations,
  • problem solving and analyzing usage data to further develop the Service to be best suited to its intended use.

What data do we process?

We process the following personal data of our customers or other data subjects, like individuals participating in our trainings, in connection with the register:

  • Basic information of the home care organizations’ user such as first name*, surname*, native language*, e-mail address*, phone number, user name*, user role*, ID for the security key, log data linked to a user (e.g. refilling the Device)*
  • Basic information of the home care client such as photo (voluntary), first name*, surname*, date of birth/personal id*, native language*, address, postal code and post office, e-mail address, phone number, contact person/relative information to whom the client may have has given permission to disclose information
  • Basic information of the contact person named by the home care client such as first name surname, date of birth/personal id, e-mail address, phone number
  • Data related to the automatic medicine dispensing service such as general usage settings (assisted medicine taking, safety lock, travel status, access to medicines in special circumstances etc.)*, information contained in the medicine pouch*; client’s name and client id in the medicine pouch (identifier code)*, settings for the medication dispensing time windows*, settings for the reminders*, event and incident information*, reminders for other medication than those being automatically dispensed (name of the medicine, times for the reminders and related instructions), other settings and data related to the Service*.
  • Data related to other e-Health services such as messages sent to clients by the users belonging to the home care’s organization or contact person / relative whom the client has given messaging permission by using Device’s messaging feature

Personal data marked with a star, is a compulsory requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide the service. Access to information is automatically limited according to the user role and the application the user  uses, e.g. web access or mobile application.

From where do we receive data?

We receive information primarily from the date subjects.

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations. Data updating of this kind is performed manually or by automated means.

To whom do we disclose data and do we transfer data outside of EU or EEA?

We process information ourselves and use subcontractors that process personal data on behalf of and for us. We have outsourced the

  • IT-management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider.
  • Message delivery in SMSs and voice calls
  • 1st line customer support services

Data may be disclosed to authorities under compelling provisions. We do not disclose personal data outside of EU/EEA.

How do we protect the data and how long do we store them?

Only those of our employees, who on behalf of their work duties are required to process customer data, are entitled to use the system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

We store the data as long as it is necessary for the purpose of processing the data. Usage logs and audit trail is archived for 12 years in product liability purposes.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

What are your rights as a data subject?

As a data subject you have a right to inspect the personal data concerning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (applied from 25.5.2018) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

For specific personal reasons, you also have a right to object profiling and other processing concerning you, when processing the data is based on the customer relationship. In connection to your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request on the basis of the law.

Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).

Changes in the Privacy Policy

Should we make amendments to this privacy policy statement, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy policy principles from time to time to ensure you are aware of any amendments made.

Evondos A/S job applicant data register privacy statement

1. Name of the register

Evondos A/S job applicant personal data register.

2. Data Controller

Evondos A/S Business ID 38224662
Forskerparken 10 DK 5230 Odense M Denmark

3. Data Controller’s representative for this register

Kaisa Kaariluoto-Elo (acting)
Tel. + 358 40 500 1272 kaisa.kaariluoto-elo@evondos.com

4. The contact details of the data protection officer

Mika Apell
Tel. +358 40 5873295 mika.apell@evondos.com

5. The purpose and the legal basis for processing the personal data

The purpose of the processing of personal data is actions related to the recruitment process and management of the recruitment process and enabling contacts regarding application and selection processes from persons (data subjects) who have applied for the positions.

6. Information content of the register

We process the following personal data of the job applicants or other data subjects in connection with the job applicant register:

  • basic information of the data subject such as name*
  • contact information of the data subject such as email address*, phone number*, home
    address*;
  • information regarding the position applied for such as information of the position in question including information of the nature and type of the employment relationship and information of the contact persons designated for the application process;
  • other information that the data subject has provided of himself, his background etc. in connection with the application process, such as a picture, study and other educational information, work history, language skills, other special skills, description of personal features, different certificates and ratings;
  • information regarding the recruitment process of the data subject such as information of upcoming further interviews or of the interruption of the recruitment process;
  • other possible information that the data subject himself has provided voluntarily in connection with the recruitment process or information that the controller has collected based on a separate consent of the data subject.

Providing the information marked with a star* is a requirement for us to be able to move forward in the application process.

7. Regular information sources

We receive data primarily from:

  • the data subject himself
  • recruitment companies
  • other similar reliable sources

8. Regular recipients of the personal data

We do not regularly disclose information to external parties.
We process information ourselves and use subcontractors that process personal data on behalf of and for us e.g. We have outsourced the IT-management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider.

9. Data transfers outside the EU and EEA

Personal data will not be transferred outside the EU or EEA.

10. Data Security measures and the periods for storing data

Only those of our employees, who on behalf of their work are entitled to process job applicants data, are entitled to use a system containing personal data. Each user has a personal username and password to the system. The information is collected into databases that are protected by firewalls, passwords and other technical measures. The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
The data is stored for the duration of recruitment process in question and for one year after the open position has been fulfilled.

11. Data subject’s rights

Data subject has the right in accordance with the General Data Protection Regulation to request from the data controller access to and rectification or erasure of data subject’s personal data or restriction of processing concerning the data subject and object to processing. Such requests shall be delivered personally or in writing by email to the representative identified in section 3.
Data subject has the right to lodge a complaint to supervisory authority relating to processing of personal data. The contact details of the supervisory authority can be found at www.datatilsynet.dk.

12. Changes in the Privacy Policy

Should we make amendments to this privacy protection statement, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.

Evondos Oy Supplier data register privacy policy

1. Name of the register

Evondos Oy Supplier data register

2. Data Controller

Evondos Oy
Business ID 2175820-8
Salorankatu 5-7
24240 Salo
Finland

3. Data Controller’s representative for this register

Satu Syrjänen
Tel. + 358 50 4441744
satu.syrjanen@evondos.com

4. The contact details of the data protection officer

Mika Apell
Tel. +358 40 5873295
mika.apell@evondos.com

5. The purpose and the legal basis for processing the personal data

The legal basis for the processing of the personal data is the company’s justified interest on the basis of a supplier relationship or other appropriate connection with the supplier. Further, processing is necessary for the performance of the contract to which the data subject is a party
The purpose of processing the personal data is managing the Supplier relationship and for the following purposes:

  • to manage and maintain supplier information and supplier relationship
  • implementation of contracts
  • traceability of certain components or deliveries
  • handling reclamations / reject reports
  • planning and development of data controller’s Sourcing and Procurement operations

6. Information content of the register

Register contains following personal data that are necessary for the Sourcing and Procurement operations:

  • contact information; Supplier (company) name
  • contact person(s) name and title, phone number, email address, address

7. Regular information sources

The source of information stored in the register is in general the supplier’s contact person in question. Other information sources may be used as permitted by the applicable legislation.

8. Regular recipients of the personal data

Personal Data will be disclosed as permitted and required by the applicable legislation to those data controller’s service providers or subcontractors who need information for data controller’s Sourcing and Procurement activities.
Personal Data may be processed by Evondos group companies.

9. Data transfers outside the EU and EEA

Personal data will not be transferred outside the EU or EEA.

10. Data Security measures and the periods for storing data

The data is stored in data systems that have technical ways of ensuring the data protection and monitoring the processing of the data. The data systems are access controlled.  The right to access the data in the register is limited to certain persons and to the extent their work duties require processing of the data. Any person accessing the data in the register is bound by a confidentiality obligation.

Personal data is stored for as long the purpose of processing personal data requires, considering the storage times specified in the applicable legislation and regulations, such as accounting and taxation legislation and regulations. Personal data is erased not later than three years after the need for processing has expired.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

11. Data subject’s rights

Data subject has the right in accordance with the General Data Protection Regulation to request from the data controller access to and rectification or erasure of data subject’s personal data or restriction of processing concerning the data subject and object to processing. Such requests shall be delivered personally or in writing by email to the representative identified in section 3.

Data subject has the right to lodge a complaint to supervisory authority relating to processing of personal data. The contact details of the supervisory authority can be found at www.tietosuoja.fi.

12. Changes in the Privacy Statement

Should we make amendments to this privacy statement, we will place the amended statement on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.