Privacy statement

Marketing register

This is Sharkmed Oy’s register and privacy statement in accordance with Data Protection Act (1050/2018) and the EU’s General Data Protection Regulation (GDPR).

You accept this privacy statement by using website, using the services provided by Sharkmed Oy or by filling out the contact form on the website

1. Data controller of the register

Sharkmed Oy

Martinsyrjäntie 8 A3
05810 Hyvinkää

VAT: 1714517-7

2. Contact person in data protection matters

Osmi Kiiski

tel. +358 44 2310489

3. Register name

Sharkmed Oy’s Marketing Register.

4. Purpose and legal basis of personal data processing

Personal data is processed for the implementation of all measures related to marketing, customer acquisition, customer service, feedback processing, improvement of products and operations, and development. These measures include the sale, marketing and other external communications of the products and services offered by our company, as well as the use of our website.

Sharkmed Oy also has statutory grounds for the use of personal data in order to comply with laws, regulations, injunctions or other legal measures and regulatory requirements.

Personal data is processed based on either

  • consent (in which case the data subject accepts the processing
    of his personal data for a specific, identified purpose) or
  • for a legitimate interest (in which case the processing is necessary to implement the legitimate interests of the data controller in direct marketing, and it is estimated that the interests or rights of the data subject do not override the legitimate interest of the data controller).

5. Data content of the register

The register may contain the following information about the data subject and his organization:

  • Basic information: name, address, e-mail address, phone
    number, title/role in the organization, contact history, including offers
  • Granted and revoked marketing permits
  • Website usage information, cookies
  • Other information provided by the person

6. Data sources of the register

As a general rule, personal data is obtained either directly from the registered person or from his or her organization. In some cases, information can also be collected from public sources, or from information systems managed by the controller in connection with previous orders.

Data collection methods include e.g. forms on the controller’s website, e-mail messages, telephone conversations, sales meetings and other contacts with the data subject.

We do not use automatic decision-making, such as profiling, in the processing of personal data covered by this statement.

7. Transfers and transfers of personal data

Personal data is not passed on as a rule.

However, we may disclose some necessary information to the third parties we use as service providers or subcontractors, for example to guarantee delivery or for accounting, invoicing, marketing, organizing events and customer relationship management. We use trusted contractual partners with whom the requirements set by the EU GDPR and other legislation have been taken into account in the contracts.

8. Storage and protection of personal data

Personal data is stored only as long as it is necessary to fulfill the purpose for which the data was collected or as long as it is legally necessary in order to fulfill the purposes defined in this statement. Personal data is deleted when its storage is no longer necessary in order to fulfill the defined purposes, to comply with law or the rights or obligations of either party.

We take appropriate measures, including physical, technical and administrative measures, to protect personal information from loss, destruction, misuse and unauthorized access or disclosure. Only persons who need it to perform their work tasks have access to personal data. As a rule, the data is stored only in electronic form, and access to information systems containing personal data requires a user-specific username and password. Written material is stored in locked facilities.

9. Rights of the data subject

The registered person has the right to check the information about him/her in the register and to demand that any incorrect, incomplete or outdated information be corrected. Recipients of marketing messages can unsubscribe from the mailing list at any time by following the instructions in the message. Any given explicit consent to certain processing of personal data can be withdrawn at any time. The registered person also has the right to request the removal of his personal data from the register, provided that they are no longer needed for the purposes for which they were collected or for which they were otherwise processed, or that there are no legal obligations for the controller to process or store them. In addition, the data subject can request to transfer the personal data he/she has provided to another data controller, if necessary. The registered person has the right, on certain grounds, to request the restriction of the processing of his personal data or to object to the processing of his personal data. The registered person has the right at any time to file a complaint with the supervisory authority about issues related to the processing of his personal data.

Requests regarding these rights can be submitted in writing to the contact person of the data controller, who can then oblige the requester to visit the data controller’s offices in order to verify the identity and possible power of attorney of the person making the request, i.e. his rights to the request he submitted. A personal data inspection request can be made free of charge once a year.

10. Cookies

Sharkmed Oy uses cookies on its website to implement website functions, analyze web traffic, identify users and provide a personalized user experience. Cookies are small text files that contain information about website visits. The site stores them in the user’s browser. We treat cookie data as personal to the extent that they contain information targeting the site user, such as an IP address. Identifiers that are connected to the user in some ways are also treated as personal information.

If you wish, you can block or delete non-necessary cookies by editing your settings in the cookie notification. You can also change or block the use of cookies in your browser settings. If you use several different browsers, cookies must be deleted from each one separately. The exact location of the settings depends on the type of browser you use. Some cookies are essential for the operation of the site, enable easy navigation from one page to another and perform certain functions. If you do not accept all cookies, you may not be able to use all functions and services on the site.

11. Changes to this privacy statement

This privacy statement is updated from time to time, for example when the legislation changes. 

This privacy statement was last viewed / updated on 22nd November 2022.