Privacy statement, corporate customer register

Terveystalo's corporate customer and partner register contains the personal data of existing or potential customers' and partners' responsible persons, contact persons and potential owners, as well as other stakeholders.

Depending on the nature of the service in question, we process your personal data for the following purposes:

• promoting collaborative relationships, managing corporate customer/partner relationships, providing customer service, and maintaining the personal data of the corporate customer's/partner’s relevant contact persons
• user and access management of the service portal offered to the customer or partner (e.g. the Suunta service)
• organizing events that form part of stakeholder activities
• collecting and processing customer feedback
• conducting and analyzing market research and customer/partner feedback surveys
• analyzing and grouping of coporate partner or customer relationships for reporting purposes, and for other purposes related to the overall development of business and customer relationships
• managing, developing, targeting and monitoring sales, marketing and communications
• ensuring the quality and security of operations and the legal protection of the parties involved
• preventing wrongful use and resolving problem situations
• fulfilling legal requirements, managing risk and compliance (e.g. checking contractor liability and credit information, carrying out sanctions checks and other mandatory matters)
• anonymizing and destroying personal data in a secure manner
• recording customer service calls to verify service transactions, ensure quality service, develop operations, and ensure the legal protection and safety of the parties involved

• an agreement between the person and Terveystalo,
• the person's consent,
• the legitimate interest of Terveystalo or a third party, or
• Terveystalo's statutory obligations (based, for example, on the Act on the Contractor’s Obligations and Liability when Work is Contracted Out (1233/2006) or the Act on the Fulfilment of Certain Obligations of Finland as a Member of the United Nations and of the European Union (659/1967) ).

Terveystalo ensures that processing based on legitimate interest is proportionate to the interests of the data subject and meets his or her reasonable expectations. For exmaple, the processing of personal data may be based on legitimate interest in the following situations:

• for managing the contractual or customer relationship with a corporate customer or partner and maintaining the personal data of the persons involved
• for providing customer service and for recording calls
• for analyzing and grouping customer relationships for reporting purposes
• for conducting market research and opinion polls
• for managing, developing, targeting and monitoring sales, marketing and communications
• for developing business
• for ensuring the quality and security of operations and the legal protection of the parties concerned
• for ensuring the technical functionality of the services
• for use monitoring
• for collecting usage and behavioral data of applications and services (e.g. log data and data collected with identifiers necessary for providing the service)
• for compliance and risk management purposes
• for preventing wrongful use and resolving problem situations.

Depending on the nature of the service in question, the following personal data are processed:

• name and contact information
• information about corporate partner/organization you represent, your job title, role and department or unit where you work
• description of responsibilities in the organization in question
• consents / prohibitions for marketing communications
• customer feedback, responses to surveys and questionnaires
• communications with Terveystalo
• event invitations and participation information (including possible food restrictions)
• recordings of customer service calls
• access information and user role
• identifiers of the strong authentication service used for logging in
• information about possible verification of contractor responsibility information and/or credit information
• ownership, control and/or beneficial ownership in the corporate partner, information regarding being subject to sanctions, date of birth and nationality.

In addition, if you are a user of the Suunta service, your social security number is also processed.

Regarding online and communication behavior, we process the following personal data:

• Monitoring online behavior and use of services, for instance through the use of IP addresses or cookies. The collected data may include, for example, the pages you browse, the forms you fill out, the device model you use, the channel (such as an application, mobile browser or internet browser), browser version, session ID, the time and duration of the session.
• Log data related to the use of applications and services.
• Communication behavior; the collected data may include, for example, opening or clicking on an email we send to you, or navigating to our website from a message.

Terveystalo only stores personal data that are necessary for Terveystalo’s operations and for the purposes the personal data in question are processed. Terveystalo only stores personal data if it has a legal basis for its processing. The retention period for personal data is determined by the purpose of processing the personal data and/or the type of personal data. The retention period for personal data is also affected by the obligations set by law for the retention of personal data and other deadlines determining the retention period (e.g. the period for bringing an action or the statute of limitations). We generally store your personal data for as long as you are the contact person of our corporate partner or if there is another legal basis for its storage. Event participant information is stored as part of the accounting documentation for the current year and for the following six (6) years. Call recordings are generally stored for three months.

Terveystalo erases personal data that are no longer necessary for the purposes they were processed, including during the course of the cooperation relationship, such as personal data related to the carrying out of marketing and the use of online services. Information that has become unnecessary for its intended purpose, is outdated, or for which there is no longer any basis for processing is anonymized or securely destroyed. 

The processing of personal data may be outsourced to group companies and/or external service providers who process personal data on behalf of Terveystalo.

Personal data is not generally transferred to third parties for their independent processing activities. Terveystalo transfers personal data to other controllers in cases permitted by law, for example to authorities.

Personal data is generally not processed outside the EU/EEA. If this is done, the transfer will take place using the European Commission's standard data protection clauses or another transfer mechanism permitted by data protection legislation.

Terveystalo receives the personal data it processes primarily from its partners or from the person themselves or as a result of the person's actions. Online behavior is monitored via user activity on Terveystalo's website.

Communication behavior is monitored by reactions to Terveystalo's messages.

Personal data can also be obtained from other reliable external data sources, for example, the trade register, services used to check credit information and/or sanctions, and from authorities.

Right to access personal data 

• The data subject has the right to be informed about the processing of personal data and to familiarize themselves with the information concerning them.

Right to rectification

• The data subject has the right to request the rectification of incorrect and/or incomplete personal data.

Right to erasure

• The data subject has the right to request the deletion of personal data. Deletion requests will be implemented within the limits permitted by law.

Right to object or to the restriction of processing

• The data subject has, in certain situations, the right to object to the processing of their personal data on grounds related to their particular situation at any time.
• The data subject has the right to request the restriction of the processing of personal data if the data subject disputes the accuracy thereof. In such cases, the processing of personal data will be restricted for the duration of the investigation.

Right to data portability

• The data subject has the right to request the transfer of personal data from one system to another, if the data has been provided by the data subject himself/herself and the processing of personal data is based on consent or on an agreement.

Right not to be subject to automated decision-making

• The data subject has the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning him/her or significantly affects him/her in a similar way. However, there are exceptions to this right.

Withdrawal of consent 

• Where the processing of personal data is based on consent, the data subject may withdraw his/her consent at any time. Consent can be withdrawn by contacting customer service: yritysasiakaspalvelu@terveystalo.com

Right to lodge a complaint with a supervisory authority 

• The data subject has the right to lodge a complaint with a supervisory authority (in Finland, the Data Protection Ombudsman) if the data subject considers that the processing of personal data has infringed data protection legislation. Instructions for filing a complaint can be found on the Data Protection Ombudsman's website: Home | Data Protection Ombudsman’s Office.  A complaint can also be lodged in the Member State where the data subject has their permanent residence or place of work. 

A request regarding your rights as a data subject can be made to tietosuoja@terveystalo.com.

Terveystalo uses appropriate physical, technical and administrative safeguards to protect personal data from misuse. Such safeguards include, among other things, controlling and filtering network traffic, using encryption techniques and secure equipment facilities, appropriate access control, managing the granting of access rights and monitoring their use, instructing personnel involved in the processing of personal data, and managing risks in the design, implementation and maintenance of our services. Terveystalo carefully selects the subcontractors it uses, and ensures, through contractual and other arrangements, that data is also processed by them in accordance with legislation and good data protection practices.

Terveystalo’s Data Protection Officer

Email: tietosuoja@terveystalo.com

Postal address:

Data Protection Officer

Terveystalo Group

Jaakonkatu 3A, 00100 HELSINKI