Last updated: January 1, 2024
Mehiläinen Oy
Business ID 1927556-5
Pohjoinen Hesperiankatu 17 C
00260 Helsinki, Finland
Mehiläinen Oy's Corporate Customer and Marketing Register.
The Corporate Customer and Marketing Register maintains data on the contact persons and key personnel of existing and potential corporate customers of Mehiläinen. In this context, a corporation also refers to other entities.
Personal data may be processed for the following purposes:
- Management, development, targeting, and monitoring of marketing, communication, and sales;
- Management of customer relationships and customer service;
- Analysis, grouping, and reporting of customer relationships, as well as other purposes related to the overall management of customer accounts and the development of Mehiläinen's business;
- Collection and processing of customer feedback;
- Conducting market research and opinion surveys;
- Recording customer service center calls to verify service transactions, ensure and improve customer service, legal protection, and security, and for training purposes.
Personal data may be transferred and processing may be outsourced to Mehiläinen Group companies and/or external service providers who process personal data on behalf of Mehiläinen.
The processing of personal data is primarily based on Mehiläinen's legitimate interest. The legitimate interest of Mehiläinen is based on the customer relationship or a similar relationship between Mehiläinen and the data subject. Legitimate interest covers, for example, processing carried out for marketing, communication, customer relationship management, and the development of Mehiläinen's services. The basis for processing may also be the data subject's consent, a contract, or Mehiläinen's legal obligations.
The processing includes, among others, the following types of information about the data subjects:
- Contact person or key person's first and last name, gender, title, position, and contact details in the company;
- Mailing lists (e.g., customer magazines, newsletters);
- Information related to the provision, purchase, use, and development of services, as well as marketing and sales;
- Other information essential for the management or development of the customer relationship.
Information is primarily obtained from the following sources:
- The company and the contact person themselves;
- Mehiläinen, Mehiläinen's stakeholders, and external service providers, such as directory services and public registers;
- Other appropriate sources.
Personal data may be disclosed to Mehiläinen Group companies for the purposes described in section 3 of this privacy statement. As a general rule, personal data is not disclosed to third parties outside Mehiläinen. If it is necessary to disclose personal data, the disclosure can be carried out to third parties based on a contract, consent, or legislation.
Personal data may be transferred outside the European Union or the European Economic Area, including to the United States, in accordance with data protection legislation and within its limits. In such cases, the primary basis for transfer is the European Commission's decision on the adequacy of data protection in the United States. If personal data is transferred to a country for which the Commission has made an adequacy decision on adequate level of data protection (Article 45 of the EU General Data Protection Regulation), the primary basis for transfer is the adequacy decision.
Personal data is retained only as long as necessary for the purposes described in this privacy statement. The determination of the retention period is particularly influenced by the timing of the last contact between Mehiläinen and the data subject and when Mehiläinen and the company last cooperated.
Mehiläinen has appropriate technical and organizational security measures in place to protect personal data. Any manual material is kept in a locked space, accessible only to individuals who have been granted access rights. Access to digital material is only available to an employee or professional who is authorized and has a personal username and password. There are different levels of access rights, and each user is given access rights that are sufficient for the task at hand but as limited as possible.
The data subject has the right, based on their personal particular situation, to object at any time to the processing of their personal data, which is based on Mehiläinen's legitimate interests. The data subject can submit their objection request in accordance with section 11 of this privacy statement. In connection with the request, the data subject must specify the particular situation on which they base their objection. Mehiläinen may refuse to comply with the objection request on legally stipulated grounds.
To the extent that personal data is processed for direct marketing purposes, the data subject has the right to object at any time to such processing for marketing purposes and to prohibit the processing of personal data for direct marketing purposes. The data subject can give Mehiläinen consents or prohibitions regarding direct marketing.
10.1 Right of Access by the Data Subject (Right to Inspect)
The data subject has the right to obtain confirmation from Mehiläinen as to whether personal data concerning them is being processed or not. If their personal data is being processed, the data subjects have the right to receive information about the processing of their personal data, for example, the purposes of processing and the groups of personal data involved. Mehiläinen informs about the processing of personal data in its privacy statements. The data subject can also contact Mehiläinen regarding the processing of personal data in the manner specified in section 11 of this privacy statement.
The data subject has the right to inspect the information being processed about them. The inspection request can be made in accordance with section 11 of this privacy statement. The right to inspection can be denied on legally stipulated grounds. The exercise of the right to inspection is generally free of charge. However, Mehiläinen may charge the data subject a reasonable fee based on administrative costs under certain conditions.
10.2 Data Subject's Right to Demand Rectification, Deletion, or Restriction of the Data Processing
The data subject has the right to demand that incorrect data concerning them be corrected. The data subject can make a correction request to Mehiläinen in accordance with section 11 of this privacy statement.
The data subject has the right, under certain conditions, to have their personal data deleted, for example, if the data subject objects to the processing and there is no justified reason for the processing. The deletion request can be made in accordance with section 11 of this privacy statement.
The data subject also has the right to require the controller to restrict the processing of their personal data, for example, when the data subject is waiting for Mehiläinen's response to their request for correction or deletion of information.
10.3 Right to Data Portability
To the extent that the data subject has provided data to Mehiläinen that is processed based on the data subject's consent or a contract and the processing is carried out automatically, the data subject has the right to receive such data in a structured, commonly used, and machine-readable format and the right to transfer this data to another controller.
10.4 Data Subject's Right to File a Complaint with the Supervisory Authority
The data subject has the right to file a complaint with the competent supervisory authority (in Finland, the Office of the Data Protection Ombudsman) if the controller has not complied with applicable data protection legislation in its operations.
10.5 Other Rights
If personal data is processed based on the data subject's consent, the data subject has the right to withdraw their consent at any time by notifying Mehiläinen in the manner specified in section 11 of this privacy statement. However, the withdrawal of consent does not affect the lawfulness of consent-based processing carried out before its withdrawal.
For issues related to registered patient and personal data, one can turn to Mehiläinen's Health Information Management team.
Health Information Management
info.terveystiedot@mehilainen.fi
Please note that we can only accept requests from data subjects in writing. Your identity will be verified at a Mehiläinen location with a photo ID or alternatively through the OmaMehiläinen online service. This ensures that information is only released to individuals who have the right to it.
You can also submit an information request through the nearest Mehiläinen location, where your identity will be verified with a photo ID. You can find the nearest Mehiläinen location on our website at https://www.mehilainen.fi/en/locations.
If you are sending sensitive information by email, you can use Mehiläinen's secure mail if necessary.
Data Protection Officer
The Data Protection Officer at Mehiläinen is Kim Klemetti (tietosuoja@mehilainen.fi).