This is Axel Health Oy’s register and privacy policy, pursuant the Personal Data Act (Sections 10 and 24) and the EU’s General Data Protection Regulation (GDPR).
LEGAL BASIS AND PURPOSE OF DATA PROCESSING
The legal basis for data processing pursuant to the EU’s General Data Protection Regulation is the consent granted by the user in conjunction with the use of the contact or support request service.
The purpose of data processing is communications with customers and the maintenance and monitoring of the functioning of the installed Axel systems as well as marketing and development of our products.
CONTENT OF THE REGISTER
Data stored in the register includes the data subject’s
- name
- telephone number
- email
- content provided in the open field
and, in conjunction with a support request form, the selected
- matter
- urgency of the matter
The data is stored as long as is necessary for the processing of the matter. Personal data in the register is maintained by adding, updating, and removing information. The data is added to the register received from the person and the data is updated as the person informs of the changes.
DATA SOURCES
The data stored in the register is collected directly from the customer via online forms (contact and support requests).
DISCLOSURE AND TRANSFER OF DATA OUTSIDE THE EU OR THE EEA
As a rule, the data is not disclosed to third parties.
PRINCIPLES OF DATA PROTECTION FOR THE REGISTER
Great care is taken in the processing of the register and the data being processed is protected with appropriate information systems. If the register data is stored on internet servers, the physical and digital data protection for the devices is ensured in an appropriate manner. The data controller ensures that the stored data, access rights to the servers, and other information that is critical in terms of data protection are processed as confidential and only by employees whose duties require them to do so.
RIGHT TO INSPECT THE DATA AND TO REQUEST IT TO BE RECTIFIED
Data subjects have the right to inspect the register data pertaining to them and request any erroneous data to be rectified, and any missing information to be completed. Requests for inspecting or rectifying data must be submitted in writing to the data controller. The data controller has the right to request the data subject to verify their identity. The data controller responds to data subjects’ request within the time limit specified in the EU’s General Data Protection Regulation (within a month as a rule).
OTHER RIGHTS PERTAINING TO DATA PROCESSING
Data subjects have the right to request the deletion of data pertaining to them (‘the right to be forgotten’). In addition, data subjects have all the rights specified in the EU’s General Data Protection Regulation, such as the right to restrict the processing of data in certain circumstances. Requests must be submitted to the data controller in writing. The data controller has the right to request the data subject to verify their identity. The data controller responds to data subjects’ requests within the time limit specified in the EU’s General Data Protection Regulation (within a month as a rule).
