Privacy policy

This is the register and privacy policy of Axel Health Oy (2222619-0) in accordance with the EU General Data Protection Regulation (GDPR). We process your data within a shared corporate infrastructure managed jointly by Axel Health Oy, Axel Health Unitary Oy, Axel Health Ab, and Akseli Portugal Unipessoal. Axel Health Oy acts as your primary point of contact for exercising your data protection rights, although you may contact any member of the corporate group. The Uoma mobile application has its own separate privacy policy.

LEGAL BASIS AND PURPOSE OF THE PROCESSING OF PERSONAL DATA

The legal basis for the processing of personal data under the EU General Data Protection Regulation is the consent given by the individual when using the contact or support request service. The purpose of processing personal data is to communicate with customers and to monitor and maintain the operation of customer installations of the Axel system. The data is also used for user research, sales, marketing, and the development of products and services.

If you are a contact person or decision-maker for a healthcare provider or another of our stakeholders, we process your professional contact information based on legitimate interest (GDPR Article 6(1)(f)) to perform business-to-business (B2B) relationship management, sales, and marketing. We have evaluated this processing using a Legitimate Interest Assessment (LIA). You always have the right to object to this processing.

In an active recruitment process, the legal basis for processing is the request of the data subject and the legitimate interest of the data controller. We may also store the job applicant's data at their request.

CONTENT OF THE REGISTER

The register only processes data that is necessary for the use of the website, recruitment, and for the management of business operations, sales, and customer relationships.

Groups of data subjects concerned by the processing:

• Users of the website and support service.
• Contact persons and decision-makers of current and potential corporate customers (such as wellbeing services counties and other healthcare operators) whose data is processed for business sales, marketing, and customer relationship mapping.
• Representatives of stakeholders.
• Job applicants.

Data collected:

• Information collected via the website and support service: Name, telephone number, email address, content entered in the free-form message field, and the type and urgency of the matter selected in the support request form.
• Basic information: Name, job title, area of responsibility, and the represented organization/company.
• Contact information: Professional email address, telephone number, and organization address.
• Interaction and account information: Information on sales and marketing measures sent, history of email and telephone correspondence, meeting and negotiation notes, as well as any feedback and product needs provided by the customer.
• Direct marketing permissions and prohibitions: Information on newsletter subscriptions as well as any marketing prohibitions or other opt-out requests.
• Job applicant data: Contact details of the job applicant as well as work experience and education information.

The data is entered into the register as received from the individual and is updated according to what the individual reports.

DATA RETENTION PERIOD

Data collected via the contact form is stored for 2 years from the formal conclusion of the matter to respond to the data request and to handle any follow-up measures, unless the contact leads to the start of a customer relationship or a competitive bidding process. If you have given your consent to marketing, we will store your data until you withdraw your consent.

Job applicant data is stored for the duration of the recruitment process and for 2 years after the end of the application process due to legal limitation periods arising from the Equality Act and the Non-Discrimination Act. If a person who has submitted an open application has given their consent for the application to be stored, the data is stored for 1 year from the date the consent was given.

REGULAR SOURCES OF DATA

Personal data is primarily collected from the data subject themselves when filling out forms on the website (such as contact and support requests), subscribing to the newsletter, or submitting job applications.

For the purpose of business sales, marketing, and mapping potential customer relationships, data is also collected and updated regularly from the following sources based on the legitimate interest of the data controller:

• Publicly available internet and web sources, such as the public websites of organizations and wellbeing services counties.
• Public business and authority registers (such as the Business Information System YTJ or similar Nordic business registers).
• Professional social media networks (such as LinkedIn).
• Through direct business relationships and communication (such as information received via email, telephone, or in meetings).
• Job applications from job applicants.

REGULAR DISCLOSURES OF DATA AND TRANSFER OF DATA OUTSIDE THE EU OR THE EEA

Data is not regularly disclosed to other parties.

PRINCIPLES OF REGISTER PROTECTION

The processing of the register is carried out with care, and the data processed by means of information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of their hardware is taken care of appropriately. The data controller ensures that stored data, server access rights, and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes it.

RIGHT OF ACCESS AND RIGHT TO REQUEST RECTIFICATION

Every person in the register has the right to check the data stored in the register about them and to request the rectification of any incorrect data or the completion of incomplete data. If a person wishes to check the data stored about them or request a correction, the request must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time prescribed by the EU General Data Protection Regulation (generally within one month).

OTHER RIGHTS RELATED TO THE PROCESSING OF PERSONAL DATA

A person in the register has the right to request the deletion of personal data concerning them from the register ("the right to be forgotten"). Likewise, data subjects have other rights under the EU General Data Protection Regulation, such as the restriction of processing of personal data in certain situations. Requests must be sent in writing to the data controller. The data controller may, if necessary, ask the requester to prove their identity. The data controller will respond to the customer within the time prescribed by the EU General Data Protection Regulation (generally within one month).