Data protection statement
Registration and data protection leaflet
This is the registration and data protection statement in accordance with the EU General Data Protection Regulation (GDPR).
Produced on 01.04.2024 Last amendment 01.04.2024
1. The Controller
Amartmed Oy, Luotsikatu 9, 00160 Helsinki
2. Contact person responsible for the register
Tomi Roine, tomi@amartmed.fi, 045-7733 2977
3. Name of the register
Amartmed Oy's customer and marketing register
4. Legal basis and purpose of processing personal data
The legal basis for processing personal data under the EU General Data Protection Regulation is:
- the consent of the person (documented, voluntary, identified, conscious and unambiguous);
- a contract in which the data subject is a party;
- the legitimate interest of the controller (e.g. pre-contractual, employment, membership).
The purpose of processing personal data is communication with customers, maintaining customer relationship and marketing.
Data are not used for automated decision-making or profiling.
5. Data content of the register
Information to be entered in the register shall include: name, status, company / organisation, contact details (telephone number, e-mail address, address), web site addresses, web connection IP address, codes / profiles for social media services, information on ordered services and changes thereto, billing information, other information related to customer relationship and services ordered.
The website visitors' IP addresses and cookies necessary for the functions of the service are treated on the basis of a legitimate interest, for example, for data security and for the collection of statistical information by visitors of the website where they can be considered as personal data. Third party cookies are requested, if necessary, for individual consent.
6. Regular data sources
The information stored in the register is obtained from, among other things, messages sent via web-form, e-mail, telephone, social media services, contracts, customer meetings and other situations where the customer provides information.
Information on business and other organisations' contact persons may also be collected from public sources such as websites, directory services and other companies.
7. Regular transmission and transmission of data outside the EU or EEA
The information is not regularly disclosed to other parties. Information may be published to the extent agreed with the customer.
8. Principles of Registry Protection
The records shall be handled with due care and the data processed by the information systems shall be adequately protected. When the registration data is stored on Internet servers, the physical and digital security of their equipment is properly provided. The controller shall ensure that stored data, server access rights and other critical information concerning the security of personal data are treated in a confidential manner and only by employees whose job description it is.
9. Right of inspection and right to require correction of information
Each person in the register shall have the right to verify the data stored in the register and to require the correction or completion of any incorrect information. If a person wishes to verify or require a correction to the data stored, the request shall be sent in writing to the controller. Where appropriate, the controller may request the applicant to prove his identity. The controller will respond to the customer within the period laid down in the EU Data Protection Regulation (as a rule within one month).
10. Other rights relating to the processing of personal data
The person in the register has the right to request the deletion of personal data relating to him from the register ("right to be forgotten"). Data subjects also have other EU:n yleisen tietosuoja-asetuksen mukaiset oikeudet kuten henkilötietojen käsittelyn rajoittaminen tietyissä tilanteissa. Pyynnöt tulee lähettää kirjallisesti rekisterinpitäjälle. Rekisterinpitäjä voi pyytää tarvittaessa pyynnön esittäjää todistamaan henkilöllisyytensä. Rekisterinpitäjä vastaa asiakkaalle EU:n tietosuoja-asetuksessa säädetyssä ajassa (pääsääntöisesti kuukauden kuluessa).

