Updated on March 28, 2018
Earlier Privacy Policy drafted on 13.8.2014 (Personal Data Act (523/99) Section 10)
This Privacy Policy Statement replaces the previous register description.

Lymed Oy is committed to protecting the privacy of its customers. The Privacy Policy Statement informs our customers of the processing of their personal data. Each client is defined as a registered user in the privacy setting. One must accept the terms of this privacy statement to use Lymed Oy’s services. The information that we collect can be shared by user-provided information that is used by the user to use the web services as perceived and analytically derived. The controller may, on his or her own initiative or at the customer’s request, supplement, correct or delete incomplete, inaccurate or outdated personal data.

We use the information to:
• Secure service delivery
• Produce and design individual products
• Provide a good customer experience
• Develop customer service and e-commerce

Name and contact details of the controller:
Lymed Oy (Business ID: 0935988-8)
Pyhäjärvenkatu 5 A, 33200 Tampere
Contact: info (at) lymed.fi, data controller Mr Tanu Toikka
Registry name: Lymed Oy’s customer database

What data can be collected?
• Identification and contact information such as name, date of birth or personal identification number, address and telephone numbers, e-mail addresses and so on used to distinguish a natural person from another potentially identical natural person
• Customer Information (such as measurements or persons responsible for the treatment)
• Customer relationship information such as billing and payment information, product and order information, customer numbers, cancellations, complaints and repairs
• Registration information such as username, nickname, password and any other unique identifier
• Possible permits and consents
• Any other information collected with the consent of the customer
• Payment information, including credit agreements and other billing information
• Analytically derived information
• Purchasing history, incl. ordered products and their price information
• Delivery information, such as the selected delivery method and delivery address
• Online store usage and browsing information and terminal identifier information

Data sources
Personal data is collected at the time of ordering a product or service, during a customer relationship or otherwise directly from the client or from a healthcare or medical care professional, institution or entity performing the care. The main source of information is the user itself, and we may also get more information from our partners, such as our reseller partner or credit provider.

Disclosing of information
Upon consent given by the customer when ordering and when required, Lymed may also disclose information necessary for the manufacturing of Lymed products to another healthcare professional, institution or body, with the client’s consent. Exceptionally, information may be disclosed to third parties only at the request of the authorities.

Data storage and protection
Lymed Oy handles the patient’s information in confidential systems (HTTPS Hypertext Transfer Protocol Secure) and performs the necessary technical and organizational measures to protect personal information (including unauthorized access to data, accidentally or illegally discarding, modifying, transferring, transferring or other illegal processing). Manually processed documents will be properly destroyed after processing. The information is stored in the registrar’s premises that are locked and accessible only to persons specifically authorized by the data controller. Lymed Oy retains customer information in Finland. We have established privacy practices in handling and processing personal data. The security levels in our ICT solutions is very high. Servers are protected against intrusion attacks and denial-of-service attacks. The processing of personal data has considered the requirements of the EU Data Protection Regulation as of 25 May 2018.

Processing of personal data
Only Lymed Oy’s employees can access the customer information and our staff is trained to use the information safely and ethically. We use trusted contract partners. All partners have taken into account the requirements of the EU Data Protection Regulation and other legislation.

The company responsible for managing the data:
Lymed Oy (Business ID: 0935988-8)
Pyhäjärvenkatu 5 A, 33200 Tampere
Contact: info (at) lymed.fi

Periods of retention
We will only keep the information for the time required so that we can meet the uses described in this leaflet. In addition, some data may be stored longer to the extent necessary to implement the statutory obligations, such as accounting and consumer responsibility, and to demonstrate their proper implementation.
At the customer’s request, personal data relating to him may be removed or anonymized from Lymed Oy’s systems and the information is no longer used for the purposes listed in the prospectus. The information is maintained for an active customer relationship, or 5 years from the previous customer relationship.

For some information, legislation imposes obligations on long-term storage, for example, for the following purposes:
• The Accounting Act defines the information for longer retention periods, regardless of whether the material contains personal data or not
• System logs are collected and maintained as required by law so that we can provide legitimate and secure e-commerce for our customers
• Taking adequate backups from databases and systems for data protection, error correction and security and continuity verification

Permissions
Customer is entitled to:
• Get access to personal information about themselves, including the right to receive a copy of their personal information about them
• Ask for correction or deletion of personal information about themselves
• Under certain conditions, request processing limitation or object to processing of personal data.
In addition, if the processing is based on separate consent, you have the right to cancel your consent at any time. Please note that this does not affect the lawfulness of the processing before withdrawal of consent.

Please contact our customer service to make a claim to your rights. The request must be sufficiently identified so that our customer service can verify your identity. If, in some cases, we cannot enforce your request, such as removing all the information that we have a statutory obligation (such as credit information) or right, we’ll let you know.

If you find that there are shortcomings in the information or if the information is unlawful, you have the right to file a complaint with the Data Protection Authority.
You can request information stored on our systems by contacting our Customer Service at info@lymed.fi. At any time, the customer may terminate his client account and ask Lymed Oy to delete his or her personal information by contacting our customer service. NB! In some cases, all information cannot be removed, and legislation may require you to retain some of your customer-related information.

Third parties
We only release the necessary information to third parties to provide the service, guarantee delivery, and possibly marketing. Your information is also transmitted, for example, to an invoicing partner or a credit granting authority in connection with a credit decision. If necessary, we also disclose information at the request of the authorities, always informing the customer of any request for information if it is permitted under the law.
Cookies
Lymed Oy uses cookies and other similar techniques, such as the local storage of the browser. Cookies are small text files between the terminal browser and the server. We use cookies for example. customer identification, sign-up and any shopping cart functionality. For these activities, the use and use of cookies is mandatory. The cookies set by the server remain in the browser for one (1) month unless they are deleted separately from the browser settings. Visiting a site will re-enable cookies as your browser allows.

Cookies are also used to personalize the user experience. For the personalization of the customer’s browser is set to a third party (RichRelevance) cookie. RichRelevance be sent to the data, such as visits to product pages and search history, has been anonymized, and it is not possible to find out the identity of the third-party client. We also use other technologies such as pixel tags (such as Google Analytics) and simulators. These techniques help us better understand our customers’ behavior and tell us what functions and services are most beneficial to our customers.

The information used in the analysis is anonymous whenever possible. Otherwise, we will deal with personal information if the tag contains client targeting information, such as an IP address. Also, tags that are linked to a customer in some way are treated as personal information.

Changes to the report
Due to changes in the services and changes in legislation, we reserve the right to change the Privacy Policy Statement. Significant changes to the privacy statement will be reported to registered customers when the terms are updated.