EU General Data Protection Regulation 2016/679
General about the privacy statement of Tekonivelsairaala Coxa Oy and Coxa Oy (hereafter “Coxa” or ”Coxa group”):
Coxa respects its customers’ privacy and aims to protect it when they use Coxa’s online services referred to in this privacy statement. By using Coxa’s websites specified in this document, you accept that Coxa will process any personal data it has collected from its websites in accordance with this privacy statement.
Coxa recommends that you read this privacy statement regularly.
Tekonivelsairaala Coxa Oy (business ID: 1861209-9) and Coxa Oy (business ID: 1648705-2) (jointly “Coxa” or “Coxa Group”)
2. Person responsible for data file matters
Roope Tähkä, firstname.lastname@example.org
3. Name of the data file
Customer and user register of the Coxa shop online store, CoxaPro service, and cooperation network.
4. Grounds for maintaining the data file
The data subject has ordered products or services from the Coxa shop online store or CoxaPro service, or has joined the cooperation network.
5. Purpose of the data file and regular data sources
The purpose of processing the personal data contained in the file is to manage and maintain Coxa’s customer relations and to develop and compile statistics on Coxa’s operations.
Data contained in the data file can also be used by Coxa or Coxa’s cooperation partners for targeting communications, including direct marketing, if the data subject has given his or her consent for this.
6. Data contained in the file
The data file includes the following information provided by the user:
- First name and last name
- Email address
- Postal address
- Telephone number
- Order details
- The employer or organisation represented by the person and position in the company
7. Disclosure of data
Data can be disclosed for direct marketing purposes and to Coxa’s cooperation partners for communications targeting, unless the data subject has prohibited such disclosure. In other cases, data can only be disclosed to third parties subject to the consent of the data subject or when the conveyance is enabled by law.
8. Transfer of data outside the EU or the EEA
Data can be transferred outside the EU or the EEA only within the Coxa Group. Data is never transferred to third parties outside the EU or the EEA without the prior consent of the data subject.
9. Storage period of personal data
Data saved in the customer database is only stored for as long as it is considered necessary considering the purpose of the data described in this privacy statement. Coxa ensures that any outdated data and data that is no longer needed is deleted from the file.
10. Protection of the data file
The data file is not disclosed to unauthorised persons. The data file is only used by persons who need access to the file for their work. The users are bound by confidentiality obligation.
Any cooperation partners who use the data contained in the data file and to whom such data can be conveyed must comply with the same rules and regulations as Coxa in its role as the controller.
Any manual data file materials derived from the electronic data file, such as printouts, must always be stored on locked premises and destroyed after use in a manner required by data protection regulations.
11. Cooperation network membership
All natural persons who work as professionals in the healthcare sector can register with the cooperation network. Coxa reserves the right to refuse memberships in the network or to remove existing memberships without an explanation.
12. Inspecting personal data
Data subjects have the right to inspect any data concerning themselves that has been stored in the customer and user register of the Coxa shop online store, CoxaPro service, or cooperation network. To check or correct your personal data, please contact us by using the email address provided in section 2 of this document.
13. Correcting and removing personal data from the file
Data subjects have the right to demand that any incorrect, incomplete, unnecessary or outdated personal data concerning themselves be corrected or removed from the data file by notifying the controller of this using the address specified in section 1 of this document. Personal data can be removed from the file subject to the data subject’s request except for any order and service data that must be maintained e.g. because of a guarantee.