Privacy notice – Co-operations
Controller
CH-Bioforce Oy
Ahventie 4 A 21-22
02170 Espoo
FINLAND
Business ID: FI2739534-8
Contact person
Tapani Niskanen
tapani.niskanen@ch-bioforce.com
Tel. +358 40 123 9985
Name of the data file
Co-operation data file
The purpose and the legal basis for processing personal data
The personal data are used for executing all the actions related to cooperational or subcontracting relationships. These actions include our rights and responsibilities related to co-operation and subcontracting contracts, communications with the contact persons of our partners as well as sales and marketing concerning products and services offered by our company. The actions related to co-operational or subcontracting relationships include e.g. IT service management, business premise management, production development as well as procurement and financing.
Personal data is processed based either on a contract (where processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract) or legitimate interests (where processing is necessary for the legitimate interests pursued by the controller where there is a customer relationship between the controller and the data subject or their organisation).
The contents of the data file
The register may contain the following information about the data subject and their organisation:
- Basic personal data such as name, address, e-mail address, telephone number, title, other information given by the contact person or their organisation
- Work related data about external workers such as information documented into the orientation form and competences
- Billing data
- Co-operation and communication history including offers, ordered products or services and feedback
- NDAs and other agreements
- Other information given by the contact person or their organisation
The data sources
The personal data are mainly collected either directly from the data subject or their organisation. In some cases data may also be collected from public sources or from the information systems governed by the controller with respect to previous orders.
Means of data collection include e.g. forms in the controller’s website, e-mails, phone calls, meetings and other contacts related to the co-operation or subcontracting relationship.
We do not conduct automated decision-making and profiling with the personal data processing activities included in this privacy notice.
Disclosures and transfers of personal data
Personal data is not regularly disclosed outside the controller.
However, we may disclose data within our group companies, meaning that another company within our group of enterprises may process the data on our behalf. That processing is based on our legitimate interest for transfer personal data for the administrative purposes within our group, such as reporting and effective operations.
We may also disclose some essential data to those third parties who act as our service providers or subcontractors e.g. for ensuring deliveries, organising events. or for billing, marketing and customer management. We used trusted partners on the basis of a mutual partnership agreement. These transfers will be carried out securely in accordance with EU GDPR and other legislative requirements.
Data is not transferred outside the EU or ETA by the controller.
Storage and protection of personal data
The personal data are stored only as long as necessary for the purposes stated in this privacy notice, no longer than ten (10) years from the last active transaction between the data subject and the controller. The data will be erased once storing them is not anymore necessary according to legislation or to ensure the rights or responsibilities of either party.
We take all appropriate measures (including physical, technical and administrative measures) to protect personal data from being lost, destroyed, misused, unlawfully accessed or disclosed to third parties. Only the personnel, who need the data in their work, have access to the personal data stored in the data file. Data is mainly stored only in electronic form and personal usernames and passwords are required for accessing the systems containing personal data. Any physical material is stored in locked premises.
Rights of the data subject
All data subjects have the right to review all data on them in the data file and request to change possible inaccurate, incomplete or outdated data. Recipients of marketing messages may anytime leave the mailing list by acting as advised in the message. The data subject has at any time the right to withdraw previously given specific consent for processing the data. The data subject also has the right to request the erasure of their personal data from the data file providing that they are no more needed for the purpose they were collected for or that there are no legal obligations in effect concerning the controller regarding the processing or storing them. Furthermore, the data subject may request the controller to transmit their data to another controller when the personal data was provided by them. The data subject has in certain cases the right to request the controller to restrict the processing of personal data concerning them or to object to the processing of their personal data. The data subject can at any time make a complaint to authorities regarding the processing of their personal data.
Any requests related to these rights must be sent in writing to the controller’s contact person, who can then request the data subject to visit the controller’s premises to provide personal identification and possible mandate or other documentation confirming the rightful access to the request. The access request can be made free of charge once a year.
Cookies
CH-Bioforce Oy uses cookies in its website to ensure the basic functionalities of the website, to analyse web traffic, to identify users, and to offer a personalised user experience. Cookies are small text files that include information about web site visits. The web site will store that information on the user’s web browser. We will process the cookie data as personal data insofar as the data contains information identifying the web site user such as IP address. Also, the identifiers that have somehow been linked to the user are processed as personal data.
If you wish, you can disable or remove other than strictly necessary cookies modifying the settings within the cookie notification. You can also change or disable the usage of cookies on your browser settings. If you use several browsers, cookies need to be removed from each of them separately. The exact location of the setting depends on the type of the browser you are using. Some cookies are relevant for the functioning of the website, enable easy navigation from a webpage to another and operate certain functions. If you do not accept all the cookies, you may not be able to use all functions and services on the website.
This document has been reviewed / updated 10 May 2024.