This Privacy Notice is prepared by Incight Biomedical Ltd (“IB”, the company to be registered) to describe the processing of personal data of our website visitors, current, former or potential customers, suppliers and other business partners or their representatives, job applicants, as well as other people who contact us or interact with us.
Our website contains third-party components to social media services including Twitter and LinkedIn. These third-party components on our website are downloaded from the servers of these third parties. Please note that such services and applications provided by third parties are subject to their own terms and conditions, and the data protection and privacy practices of these third parties may significantly differ from the practices described in this Privacy Notice adhered to by us. If you wish to obtain more information on how these third parties process your personal data, please familiarize yourself with the privacy policies and other such documentation of these third parties.
1. Controller and contact person
Incight Biomedical Ltd, the company to be registered,
℅ Itä-Suomen yliopisto
Teknillisen fysiikan laitos
Kuopion kampus
PL 1627
70211 KUOPIO
If you want to contact us with respect to matters related to this Privacy Notice or the processing of your personal data, you can contact Ervin Nippolainen at ervin.nippolainen [at uef.fi.
2. Types of personal data we collect
The personal data collected and processed by us may include your name, address, email address, phone number, details related to any meetings or communications between us, and any other information you choose to provide to us.
If you are a representative of our customer, supplier or a business partner, the data may include also information related to the business relation between us and the organization you represent, such as, the name of the organization, information related to the contract between us and the organization and your association with the contract, invoicing and payment details, as well as your title.
If you are a job applicant, the data may include also information relating to your suitability to the open position, such as information on work experience, qualification data and information relating to education, results of personal and aptitude assessment or other suitability assessment data (those candidates that are, on the basis of the first interview, suitable for the position, may be required to participate to a personal and aptitude assessment). The data may also contain other information obtained from you, such as job application and possible appendices of the application, other information accumulated during the recruitment process, such as notes made by the interviewers, communications between you and us, and to the extent permitted by applicable law, drug test certificate or data included in it in order to establish your performance and ability to work, or your personal credit information in order to establish your reliability.
The data we may collect through our website using automated technical means includes the Internet protocol (IP) address used, browser type and version, time zone setting, operating system and platform, and device identification number. We may also collect information about your website visit including which website pages are accessed, page response times and length of visits to pages.
Our Cookie Declaration is available here for information on the cookies we use on our website.
3. Purposes and legal bases of processing
We process your personal data for purposes and under the legal bases as follows:
If you are a representative of a customer, supplier or a business partner, we mainly use your personal data for the purposes directly arising from the contractual or business relation between us and the organization you represent. These purposes include entering into a contract and performing our obligations based on the contract we have concluded with the organization you represent; taking care of, managing and developing our business or other relation with the organization; and invoicing and keeping track of the accuracy of invoicing. The legal basis for this processing is our legitimate interest to conduct our business and your relation to the organization with whom we conduct our business.
If you are a job applicant, we mainly use your personal data for purposes of the recruitment process to the extent the processing is necessary in order to take steps at your request prior to entering into an employment contract between you and us. The processing may also be based on our legitimate interest, such as maintaining a CV database or other legitimate interests itemized below.
We may process your personal data to comply with a legal obligation based on e.g., tax or accounting related legislation or legal obligation to which we are subject.
We may process your personal data to provide you with information you have requested from us, to respond to enquiries from you and to communicate with you in relation to those requests or enquiries. The legal basis for this processing is our legitimate interest, namely carrying out activities in the course of our business to respond to requests or enquiries from representatives of potential or existing customers, suppliers and business partners.
We may process your personal data to send you marketing communications e.g., to provide you with information regarding our products. The legal basis for the processing for marketing purposes is our legitimate interest, namely the sales promotion of our goods and services to individuals or organizations.
We may also process your personal data for a limited number of other legitimate business interests, such as for ensuring and improving data security or the security of our premises and data network; protecting our property; preventing and investigating suspected malpractices; analyzing and compiling statistics for business purposes and to develop our business.
In some limited cases, the legal basis of the processing of your personal data may be your consent, for example, when you contact us to request information about us, our products or services.
If you are a representative of our customer, supplier or business partner, the provision of personal data in the manner described in this Privacy Policy is partially based on the contract between us and the organization you represent. The non-delivery of personal data may prevent us from performing our contractual or other obligations or commitments towards the organization you represent, which may lead to impediments to our business relation with the organization.
4. Regular sources of personal data
We primarily obtain your personal data directly from you. You may provide us personal data for instance through our website, by sending us emails, through phone conversations or meetings with us, or through documents you provide to us. If you are a representative of our customer, supplier or a business partner, we may obtain personal data relating to you also from other representatives of your organization.
We may collect and update personal data also from publicly available sources, or registers of authorities and companies providing services related to personal data.
5. Categories of recipients and transfers outside the EU or EEA Area
We may transfer your personal data to our service providers, including but not limited to business partners, suppliers and sub-contractors working on our behalf for the purposes of completing tasks and providing services to us or to you.
When transferred to an entity processing personal data on behalf of us (i.e., processors), we have, including by contractual arrangements ensured that personal data is processed only under the instructions provided by us and for the purposes specified in this Privacy Notice. The processing carried out by processors may include in particular the provision of data systems and other such services to us.
We may disclose your personal data within the limits permitted or required by the applicable laws, for example to authorities, external advisors, or other third parties including where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person, or for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative procedure. For example, if you are a representative of our business partner participating in our product development, we are obligated to disclose limited amounts of your personal data to competent authorities in Finland or abroad for e.g., product approval purposes.
In addition, we may disclose personal data to a debt collection agency for purposes of debt collection, or to other service providers or partners of ours, but only to the extent that the fulfilment of their tasks requires the disclosure of personal data.
Where you are a representative of a supplier or another business partner, we may disclose limited amounts of your personal data to our customers for purposes of carrying out our business.
If we are involved in a merger, sale of assets or other business transaction or reorganization, we may disclose personal data to the purchaser candidates and their representatives in accordance with the applicable law.
Some of our service providers to whom we transfer personal data are located or may store personal data outside the EU or the European Economic Area (EEA), and therefore to the extent necessary, personal data may be transferred to countries outside the EU or the EEA. In such cases, we will ensure the adequate level of data protection. Information on transfers of personal data outside the EU or EEA area and on the appropriate safeguards applied thereto from time to time is available from the contact person mentioned in the beginning of this Privacy Notice.
6. Retention period of personal data
We review the retention periods for personal data on a regular basis. We are legally required to hold some types of data for certain prescribed periods to fulfil our statutory obligations. For example, due to the EU’s medical device regulation ((EU) 2017/745), we must retain most of our product related documentation prepared by or for us for up to 15 years after the last device has been placed on the market. If you are a representative of a customer, supplier or a business partner, this documentation may contain your personal data.
Outside of specific statutory obligations, we will hold your personal data for as long as it is necessary for the relevant purposes for which we use it, or in accordance with any retention periods set out in any relevant contract you hold with us.
If you are a representative of our customer, supplier or a business partner, the retention period of your personal data is ultimately tied to the term of the business relation between us and the organization you represent. We may however continue to store your personal data after the end of the business relation to the extent necessary for certain legitimate business interests or if the data is necessary for purposes of protecting our rights.
The general retention period of personal data of job applicants is one year from the relevant recruitment decision, based on the limitation period for raising discrimination change under the Gender Equality Act (609/1986).
7. Your rights
Right of access: You have the right to obtain from us confirmation as to whether personal data related to you is processed, and, where that is the case, to access such personal data as well as certain information about our processing of it and your rights in relation to it.
Right to rectification: You have the right to obtain from us rectification of any inaccurate personal data we hold about you.
Right to be forgotten: In certain circumstances, you have the right to obtain erasure of the personal data we hold about you, subject to certain exceptions.
Right to restriction of processing: Under certain circumstances, you may have the right to obtain from us restriction of our processing of your personal data or to object to us processing your personal data. If you object, we will stop processing your personal data unless certain exceptions apply.
Right to data portability: Where the legal basis for processing your personal data is your consent or an agreement directly entered between you and us, and we process your data by automated means, you may have the right to be provided with the personal data we hold about you in structured, commonly used and machine-readable format and to transmit the data to another controller.
Right to object and opt-out from marketing: If you wish us to stop processing your personal data for marketing purposes, we will stop processing your personal data for this purpose. When we collect your data, you may be provided the possibility to choose whether or not you wish to receive marketing communications from us. If you wish to stop receiving marketing communications, you can opt out at any time by clicking an ‘unsubscribe’ link at the bottom of one of our emails or by contacting us by other means.
To exercise any of these rights, reach out to the contact person mentioned in the beginning of this Privacy Notice.
If you consider that our processing of your personal data infringes the data protection laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection. You may do this in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. The website of the Finnish competent authority, the Office of the Data Protection Ombudsman, is available here.
Get in touch: contact@incightbiomedical.com