Privacy notice – Consumer-customers
This privacy notice concerns processing of personal data related to consumer-customers of Oy Orthex Finland Ab.
Controller contact information
Oy Orthex Finland Ab
FI-02270 Espoo, Finland
Tel. +358 (0)19 329 61
For what purposes do we collect your personal data?
We collect your personal data to maintain the customer register of Orthex's Finnish webstore, to archive and process customer orders, to send orders and to manage the customer relationship. The personal data of the customer register is also used to monitor lost packages and to help resolve possible complaints. We also collect your personal data to identify the reseller of the product or to resolve any other contact request or question.
Personal data may be used to develop Orthex's webstore operations, to produce more personalized targeted content on our online services and for statistical purposes.
In addition, non-personal data can be used to compile statistics on, for example, the number and timing of complaints and product defects in order to improve production and product quality.
On what basis do we process your personal data?
We only process your personal data when the processing is based on
a) your consent given to one or more specific purposes
b) the performance of a contract to which you are a party or taking steps at your request prior to entering a contract
c) our statutory obligation or
d) our legitimate interest.
In these cases, we have a valid legal basis for processing your personal data.
What kind of personal data do we process?
We process the following personal information of our consumer-customers:
- first and last name
- email address
- postal address and/or place (if this is required to solve the matter, for example in the
event of a complaint or in a search of a local retailer for a specific product)
- phone number
If it is necessary, for example in the event of a complaint, to pay compensation, we may separately request an account number for a refund.
Where do we collect your personal data?
We collect personal data from the consumer-customers themselves when they place orders in our Finnish webstore or when they contact us via our website either using the Contact Us -form, the Where to Buy -form or by sending us an e-mail.
If you contact us by e-mail, please do not provide anything other than your necessary contact information. We will ask for more information if needed. The mandatory fields are marked with * in the forms.
To which parties do we disclose or transfer your data?
As a rule, we do not disclose your personal data further outside the Orthex Group and at Orthex Group, your personal data is processed only by personnel who are authorised to do so based on their role. If such intra-group transfers or disclosures of personal data take place, we will ensure the security and confidentiality of your personal data by using Intra-Group Data Transfer Agreements.
We use service providers to manage and operate our business. These service providers can only process your personal data based on our instructions and use it only for purposes defined by us. Such processing is always regulated by Data Processing Agreements to ensure that all our service providers keep your personal data safe and process it only in accordance with applicable legislation.
Orthex has the right to disclose personal data e.g., authorities and for direct marketing purposes in accordance with personal data law. Orthex may transfer information in the customer register to its direct marketing records after the end of the customer relationship.
Do we transfer your personal data outside the EU or EEA?
As a rule, we do not transfer your personal data outside the EU or EEA. In case your personal data is transferred outside the EU or EEA, appropriate technical and organisational measures, such as EU Model Clauses, are taken to secure your personal data. The recipients of such data will be required to protect confidentiality and security of the personal data and may not use it for the benefit of their own business.
How do we protect your personal data?
Orthex has taken appropriate technical and organisational measures to restrict access to the personal data it holds and to protect it against loss, accidental destruction, misuse, and unlawful alteration. Access to personal data is restricted on a need-to-know basis to individuals (Orthex’s employees and service providers) who need to access the data for the purposes it was collected for.
How long do we store your personal data?
By default, we store personal data only as long as is necessary for the purposes it was collected for. When personal data is no longer needed for that purpose, it was originally collected for, it will be deleted or anonymized, unless we have a legal obligation to retain the data for a longer period. This means that the retention periods we have defined for your personal data vary depending on the processing purpose, type of personal data, and local requirements.
Do we use your personal data for automated decision making?
We will not use your personal data for automated decision-making which would have legal or equivalent effects on you.
What are your rights as a data subject?
As a data subject you have certain rights which help you to control your own personal data and to affect the way it is being processed. If you wish to use your rights, please contact us by email at email@example.com.
Right to access
You have the right to obtain confirmation as to whether your personal data is being processed by us and to know what personal data it is we process. If you wish, you may request a copy of such data.
Right to rectification
If your personal data is incorrect or incomplete, you have the right to request for rectification or completion of your personal data.
Right to be forgotten
You have the right to request that your personal data be erased. In such a case, we will delete your personal data unless we have a legal obligation or other overriding reason to retain your data.
Restriction of processing, right to object and data portability
In certain situations, you have the right to request us to restrict the processing of your personal data, for example, if your personal data is inaccurate. Based on your own circumstances, you may also have the right to object the processing of your personal data. In this case we will assess whether there are any compelling statutory reasons requiring us to continue processing of your personal data. You may always object processing your personal data for direct marketing purposes. In some cases, you may also have the right to data portability.
Withdrawal of consent
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
Right to file a complaint to a supervisory authority
You have the right to file a complaint with a local supervisory authority if you find that our processing of your personal data violates your rights as a data subject.
Date of this notice
31 May 2022
Can this privacy notice be changed?
We may update this privacy notice from time to time to reflect changes in our services, operations and/or applicable law. Any changes will be posted on this website.