Legal

Privacy Policy

As a data controller, MedTech-Wessman Oy is obliged under the GDPR to inform data subjects in a clear manner. This register description fulfils that obligation.

1. Data Controller

MedTech-Wessman Oy

Address: Eerolankaari 7, 37630 Valkeakoski, Finland

Contact for register-related matters and the company Data Protection Officer:

MedTech-Wessman Oy / Markus Wessman Tel. +358 41 315 4775 Email: markus.wessman@medtech-wessman.fi

2. Data Subjects

The company does not maintain a formally compiled register; however, such a register may indirectly arise from customers, companies and the personal data of individuals working within them, through emails and other communication channels.

3. Purpose of Processing Personal Data

Basis for maintaining the register:

  • Personal data is processed on the basis of a customer relationship with the data subject
  • Personal data is processed on the basis of consent
  • Personal data is processed only for pre-defined purposes: managing customer relationships and informing about our services

4. Personal Data Stored in the Register

The customer register contains the following data:

  • Name
  • Address
  • Email
  • Phone number
  • Job title
  • Company
  • Information about purchased products / services

5. Rights of the Data Subject

The data subject has the following rights. Requests to exercise these rights should be sent to markus.wessman@medtech-wessman.fi

  • Right of access — the data subject may review their personal data stored by us.
  • Right to rectification — the data subject may request correction of inaccurate or incomplete data.
  • Right to object — the data subject may object to processing if they consider it unlawful.
  • Right to restrict direct marketing — the data subject may prohibit use of data for direct marketing.
  • Right to erasure — the data subject may request deletion of data if processing is no longer necessary.
  • Right to withdraw consent — where processing is based solely on consent, it may be withdrawn at any time.
  • Right to lodge a complaint — the data subject may lodge a complaint with the Data Protection Ombudsman: www.tietosuoja.fi

Note: the controller may have a statutory right to retain certain data. Accounting records must be retained for 10 years under the Finnish Accounting Act (Chapter 2, Section 10).

6. Regular Sources of Data

Customer data is obtained regularly from the customer themselves by telephone, email or other publicly available sources.

7. Regular Disclosures of Data

Data is not disclosed for marketing purposes outside MedTech-Wessman Oy. We may disclose data to our contractual partners as necessary to fulfil customer relationships and contractual obligations. Our partners are committed to complying with GDPR requirements.

8. Duration of Processing

Personal data is generally processed for as long as the customer relationship is active, or for the period required by the Finnish Accounting Act or other legislation.

9. Processors of Personal Data

The customer register is processed by MedTech-Wessman Oy employees. An accounting firm and partly outsourced IT support may in some situations have access to the company's personal data. We may also partly outsource processing to third parties under contractual arrangements ensuring GDPR compliance.

10. Transfer of Data Outside the EU

Personal data is not transferred outside the EU or the European Economic Area.

11. Automated Decision-Making and Profiling

We do not use data for automated decision-making or profiling.