Mehiläinen Corporate Customer and Marketing Register Privacy Statement
Last updated: January 1, 2024
Mehiläinen Oy
Business ID 1927556-5
Arkadiankatu 6
00100 Helsinki, Finland
Mehiläinen Oy's Corporate Customer and Marketing Register.
The Corporate Customer and Marketing Register maintains data on the contact persons and key personnel of existing and potential corporate customers of Mehiläinen. In this context, a corporation also refers to other entities.
Personal data may be processed for the following purposes:
- Management, development, targeting, and monitoring of marketing, communication, and sales;
- Management of customer relationships and customer service;
- Analysis, grouping, and reporting of customer relationships, as well as other purposes related to the overall management of customer accounts and the development of Mehiläinen's business;
- Collection and processing of customer feedback;
- Conducting market research and opinion surveys;
- Recording customer service center calls to verify service transactions, ensure and improve customer service, legal protection, and security, and for training purposes.
Personal data may be transferred and processing may be outsourced to Mehiläinen Group companies and/or external service providers who process personal data on behalf of Mehiläinen.
The processing of personal data is primarily based on Mehiläinen's legitimate interest. The legitimate interest of Mehiläinen is based on the customer relationship or a similar relationship between Mehiläinen and the data subject. Legitimate interest covers, for example, processing carried out for marketing, communication, customer relationship management, and the development of Mehiläinen's services. The basis for processing may also be the data subject's consent, a contract, or Mehiläinen's legal obligations.
The processing includes, among others, the following types of information about the data subjects:
- Contact person or key person's first and last name, gender, title, position, and contact details in the company;
- Mailing lists (e.g., customer magazines, newsletters);
- Information related to the provision, purchase, use, and development of services, as well as marketing and sales;
- Other information essential for the management or development of the customer relationship.
Information is primarily obtained from the following sources:
- The company and the contact person themselves;
- Mehiläinen, Mehiläinen's stakeholders, and external service providers, such as directory services and public registers;
- Other appropriate sources.
Personal data may be disclosed to Mehiläinen Group companies for the purposes described in section 3 of this privacy statement. As a general rule, personal data is not disclosed to third parties outside Mehiläinen. If it is necessary to disclose personal data, the disclosure can be carried out to third parties based on a contract, consent, or legislation.
Personal data may be transferred outside the European Union or the European Economic Area, including to the United States, in accordance with data protection legislation and within its limits. In such cases, the primary basis for transfer is the European Commission's decision on the adequacy of data protection in the United States. If personal data is transferred to a country for which the Commission has made an adequacy decision on adequate level of data protection (Article 45 of the EU General Data Protection Regulation), the primary basis for transfer is the adequacy decision.
Personal data is retained only as long as necessary for the purposes described in this privacy statement. The determination of the retention period is particularly influenced by the timing of the last contact between Mehiläinen and the data subject and when Mehiläinen and the company last cooperated.
Mehiläinen has appropriate technical and organizational security measures in place to protect personal data. Any manual material is kept in a locked space, accessible only to individuals who have been granted access rights. Access to digital material is only available to an employee or professional who is authorized and has a personal username and password. There are different levels of access rights, and each user is given access rights that are sufficient for the task at hand but as limited as possible.
The data subject has the right, based on their personal particular situation, to object at any time to the processing of their personal data, which is based on Mehiläinen's legitimate interests. The data subject can submit their objection request in accordance with section 11 of this privacy statement. In connection with the request, the data subject must specify the particular situation on which they base their objection. Mehiläinen may refuse to comply with the objection request on legally stipulated grounds.
To the extent that personal data is processed for direct marketing purposes, the data subject has the right to object at any time to such processing for marketing purposes and to prohibit the processing of personal data for direct marketing purposes. The data subject can give Mehiläinen consents or prohibitions regarding direct marketing.
For issues related to registered patient and personal data, one can turn to Mehiläinen's Health Information Management team.
Health Information Management
info.terveystiedot@mehilainen.fi
Please note that we can only accept requests from data subjects in writing. Your identity will be verified at a Mehiläinen location with a photo ID or alternatively through the OmaMehiläinen online service. This ensures that information is only released to individuals who have the right to it.
You can also submit an information request through the nearest Mehiläinen location, where your identity will be verified with a photo ID. You can find the nearest Mehiläinen location on our website at https://www.mehilainen.fi/en/locations.
If you are sending sensitive information by email, you can use Mehiläinen's secure mail if necessary.
Data Protection Officer
The Data Protection Officer at Mehiläinen is Kim Klemetti (tietosuoja@mehilainen.fi).