Privacy notice – Data request

Controller

CH-Bioforce Oy
Ahventie 4 A 21-22
02170 Espoo
FINLAND
Business ID: FI2739534-8

Contact person

Tapani Niskanen
tapani.niskanen@ch-bioforce.com
Tel. +358 40 123 9985

Name of the data file

Data requests data file

The purpose and the legal basis for processing personal data

The personal data are used for managing the registrant right related requests and executing all the actions related to them. These actions may include data access, rectification, erasure or transfer, or objecting to or restricting the processing of their personal data.

Personal data is processed due to a request from the data subject based on complying with the controller’s legal obligation according to the EU General Data Protection Regulation.

The contents of the data file

The register may contain the following information about the data subject:

  • Name
  • Email address
  • Telephone number
  • Address
  • Information concerning identification card
  • Information concerning possible mandate
  • Other information given by the data subject
  • History data related to requests and their processing

The data sources

The personal data are collected either directly from the data subject or from the person they have authorised.

Means of data collection include e-mails, phone calls or meetings.

We do not conduct automated decision-making and profiling with the personal data processing activities included in this privacy notice.

Disclosures and transfers of personal data

Personal data is not regularly disclosed outside the controller.

However, we may disclose data within our group companies, meaning that another company within our group of enterprises may process the data on our behalf. That processing is based on our legitimate interest for transfer personal data for the administrative purposes within our group, such as reporting and effective operations.

We may also disclose some essential data to those third parties who act as our service providers or subcontractors e.g. for ensuring deliveries, organising events. or for billing, marketing and customer management. We used trusted partners on the basis of a mutual partnership agreement. These transfers will be carried out securely in accordance with EU GDPR and other legislative requirements.

Data is not transferred outside the EU or ETA by the controller.

Storage and protection of personal data

The personal data are stored only as long as necessary for the purposes stated in this privacy notice, no longer than one (1) years from the last active transaction between the data subject and the controller. The data will be erased once storing them is not anymore necessary according to legislation or to ensure the rights or responsibilities of either party.

We take all appropriate measures (including physical, technical and administrative measures) to protect personal data from being lost, destroyed, misused, unlawfully accessed or disclosed to third parties. Only the personnel, who need the data in their work, have access to the personal data stored in the data file. Data is mainly stored only in electronic form and personal usernames and passwords are required for accessing the systems containing personal data. Any physical material is stored in locked premises.

Rights of the data subject

All data subjects have the right to review all data on them in the data file and request to change possible inaccurate, incomplete or outdated data. Recipients of marketing messages may anytime leave the mailing list by acting as advised in the message. The data subject has at any time the right to withdraw previously given specific consent for processing the data. The data subject also has the right to request the erasure of their personal data from the data file providing that they are no more needed for the purpose they were collected for or that there are no legal obligations in effect concerning the controller regarding the processing or storing them. Furthermore, the data subject may request the controller to transmit their data to another controller when the personal data was provided by them. The data subject has in certain cases the right to request the controller to restrict the processing of personal data concerning them or to object to the processing of their personal data. The data subject can at any time make a complaint to authorities regarding the processing of their personal data.

Any requests related to these rights must be sent in writing to the controller’s contact person, who can then request the data subject to visit the controller’s premises to provide personal identification and possible mandate or other documentation confirming the rightful access to the request. The access request can be made free of charge once a year.

Cookies

CH-Bioforce Oy uses cookies in its website to ensure the basic functionalities of the website, to analyse web traffic, to identify users, and to offer a personalised user experience. Cookies are small text files that include information about web site visits. The web site will store that information on the user’s web browser. We will process the cookie data as personal data insofar as the data contains information identifying the web site user such as IP address. Also, the identifiers that have somehow been linked to the user are processed as personal data.

If you wish, you can disable or remove other than strictly necessary cookies modifying the settings within the cookie notification. You can also change or disable the usage of cookies on your browser settings. If you use several browsers, cookies need to be removed from each of them separately. The exact location of the setting depends on the type of the browser you are using. Some cookies are relevant for the functioning of the website, enable easy navigation from a webpage to another and operate certain functions. If you do not accept all the cookies, you may not be able to use all functions and services on the website.

This document has been reviewed / updated 10 May 2024.