1. General terms

Lymed.fi and all its sister sites are Lymed’s (VAT FI09359888) markets. These terms apply in trade between Lymed and its customers. The same terms apply in Lymed’s mediated services and products. Lymed has the right to update these terms without prior notice. Orders follow the terms that have been applicable at the time the order’s been made, and these terms are available from Lymed’s webpages.

Lymed is not responsible for damage caused by force majeure. Force majeure is an unforeseeable event or change in circumstances which is outside of Lymed’s influence. Lymed is obliged to inform the customer of force majeure without delay.

2. Client and data protection

The applicable EU and Finnish legislation is applied in trade on consumer sales, marketing and advertising. Primarily these terms apply in trade between corporate customers and Lymed, and the remainder is covered by the Finnish trade law.

The customer is obliged to hand over complete contact information when placing the order, which contains (from the consumer customer) name, address and telephone number and possibly email address and the date of birth. Company customers give out the name of the contact person, phone number, email and corporate registration number, mailing address, telephone number/s and billing address.

Customer data is stored in Lymed’s customer register and the data is used to maintain the customer relationship. The Personal Data Act allows that the personal data may be processed (to collect, store, organize, use, transfer, assign, save, modify, merge, protect, delete, destroy and perform other actions on personal data) without explicit consent or if the data subject has a connection to the registrar’s business. Sensitive data, however, such as the person’s health, disease or disability, targeted treatment or other comparable measures, may only be processed if the data subject has given explicit consent.

The register is available at Lymed’s premises, according to the Personal Data Act. The customer can check the information concerning them by contacting Lymed’s customer service. Contact must be made in writing, it must be signed and submitted to: Lymed Oy, Pyhäjärvenkatu 5A, 33200 Tampere, Finland. A complete register description can be found at Lymed’s website.

Lymed’s sites use cookies, which allow sites to be more user-friendly. Lymed’s sites’ cookies are meant to ease, improve and speed up the transaction experience. A cookie is a small text file that a Lymed’s web server saves on your hard disk. Some of Lymed’s sites’ contents may require you to accept cookies in order to function. The user’s web browser likely accepts cookies as a default, but the user can also block cookies in their browser settings, or by removing the cookies from the browser at the end of use of the service. More information can be found in the operating instructions of proprietary browser manufacturer’s instructions.

3. Prices

We always check prices at the time the order is processed. If the price has decreased, we will correct the rates for any open order. If the price of a product increases before the order is shipped, we will deliver the product at the original price. Price changes are applied on the indicated date and will apply to all orders immediately.

Delivery estimates are based on Lymed’s manufacturing time estimates. Lymed, or its suppliers, are not liable for delays caused by matters outside of their influence or future unforeseen changes. Lymed reserves the right to restrict the sale of products in exceptionally large batches.

4. Delivery

Lymed offers several options for transportation. For more information on delivery methods and services, please read the delivery option from Lymed’s website. One order can be delivered in several batches.

Lymed is not obliged to reserve other products of the same order to the customer, if the availability of the product is not good or if the delivery is delayed for reasons beyond Lymed. Alternatively, the customer can accept the delayed delivery of an order or a product withdrawal. The delivery postage will be charged according to the valid price list.

5. Paying

Current information on payment methods can be found in Lymed’s website.

6. Returns

The customer is entitled to cancel the order or part of an order during 14 days of receipt of the order in accordance with the Consumer Protection Act. The returned product must be flawless, unused and in original packaging. Tried on socks, tailor-made products and other hygiene products can not be returned.

Contact Lymed’s customer service before returning the product. Products can be returned either by mail, with a free customer return, or directly to Lymed’s facilities. If the product has been purchased from a Lymed dealer or a distributor, the return must be made to the place of purchase. Lymed is responsible for the return costs if the return is made according to the instructions given and Posti Group’s customer return service is used.

You have a right to familiarize yourself with the product for 14 days. We recommend to take care of the product, its accessories and documentation and, of course, the product packaging until you have decided to keep the product. Buyer is responsible, under the law, for any impairment if the product has been taken into use.

We ask you to carefully save all the documents related to customer return until you have been informed of the receipt of the return from Lymed.

Return right constraints are determined in accordance with Chapter 6-16 of the Consumer Protection Act. Hygiene and intimate products cannot be returned after the package is opened, because the product is non-refundable for sale by its very nature.

Service products do not have a similar right of withdrawal, as per Consumer Protection Act, if the service has been completed or if the customer has given permission to begin producing the service or if the lack of right of withdrawal has been told in advance. This applies, for example (but not exclusively) to situations where the customer for whom the product has been ordered, has died, or the order needs to be changed or cancelled, even if the delivery of the product has already begun.

Product, that are being returned, must be packed carefully.

7. Warranty, support and accountability

Warranty is determined in accordance with the terms and conditions specified by the manufacturer’s warranty. The customer is required to explore the product warranty terms and conditions before using the product. Warranty terms and conditions can be found in the manual or manufacturer’s internet address. The warranty covers, as a rule, only product manufacturing and material defects. The warranty period is specified in the product information.

Warranty repair is always done in accordance with Lymed’s terms of the warranty. Contact Lymed’s customer service or if you have bought the product from a vendor or a distributor, they will help you in your warranty needs.

Lymed is responsible for the statutory liability for errors in products, when the product is out of warranty or guarantee is not issued. Lymed’s manufactured products have a warranty of 4 months and pressure guarantee of 6 months.

Lymed takes in material for charity. You can deliver the products to Lymed’s address or leave the product at Lymed’s place of business. Lymed can give further instructions, if needed, to recycle the product.

8. Reclamation

The customer is obliged to present proof of purchase, a receipt or other documentation of the place and time of purchase, when returning the goods to complain about an error.

Complaints are dealt with only in writing. Free-form complaint can be sent either by email to info (a) lymed.fi or by mail snail to our mail address. The website has a reclamation form, which can be used when sending the product for a reclamation.

Reclamation personnel reports directly to the Executive Committee. The staff, if necessary, will consult the management abotu the complaint. The store staff will not handle complaints.

Settlement of disagreements and the legal venue: The consumer customer has the right to bring any disputes arising out of this agreement to the Consumer Disputes Board ( www.kuluttajariita.fi ) for decision. Prior to bringing the matter to the Consumer Disputes Board’s reading, the consumer needs to be in contact with magistrate’s Consumer Center ( www.kuluttajaneuvonta.fi ). The client may raise disputes arising from the debt relationship with Lymed, either in Lymed’s domicile or the district court of the Finnish municipality, in the district court in whose jurisdiction he resides. If the Customer does not have a residence in Finland, disputes are settled in Lymed’s district court.

General expenses are not covered because the Consumer Advice and the Consumer Disputes Board provides free of charge to help solve disputes.

9. Corporate customers’ additional terms

Lymed is not responsible for direct or consequential loss, damage or loss of income caused by the product and / or service. Lymed’s liability is always limited to the content of these terms and conditions. Product defect liability is limited to the possible return of the purchase price, decreased by the monetary loss of value of the product while its been in use.

The warranty period for products purchased for business use is determined in accordance with the manufacturer’s warranty terms and conditions, and the termination of the warranty period ends Lymed’s liability. The physical opening of the sales packagwe ends the warranty and the seller’s responsibility, if the manufacturer has not informed otherwise.

Lymed is not obliged to fulfill the contract, if it is subject to force majeure, which it can not reasonably be overcome. Lymed shall not be liable to compensate the client damage or expense in case of force majeure, and is entitled to cancel the contract.

When submitting an order and / or tender, the customer clearly accepts Lymed’s terms and conditions. Possible acquisition contract terms used by the customer are not complied with, when they are in conflict with the terms of Lymed.

Lymed Oy
Pyhäjärvenkatu 5 A
33200 Tampere
020 779 2233
y: 0935988-8


Privacy Policy Annex

1. Background and Purpose

This Privacy Policy Annex is applied to the contractual relationship between the Supplier (Lymed Oy) and a the Customer when Supplier (Lymed Oy) handles personal data for the Customer.

The purpose of this Privacy Policy Annex is to take into account the responsibilities and obligations set out in the Data Protection Regulation.

The Customer is a Registrar of Personal Data for Customer Processing, which is defined in the Terms and Conditions of the Service, which defines the purposes and means of Handling Personal Data. The Supplier is a Personal Data Handler who handles such Personal Data on behalf of the Customer in accordance with this Privacy Policy Annex. The parties agree on the categories registered, the processing operations carried out by the Supplier, the security procedures and the purpose for which the Supplier Handles Customer Personal Data.
2. Definitions

“Personal Information” means any information relating to an identified or identifiable natural person. Identifiable is a natural person who can be identified, directly or indirectly, in particular by identifying information such as name, personal identification number, location information, domain name information or one or more physical, physiological, genetic, psychological, economic, cultural or social factors characteristic of him;

“Terms of Use” means a contract with which this Privacy Policy Annex is attached.
“Handling” means an activity or functions that are targeted to Personal Data or Personal Data by either automatic data processing or manually, such as data collection, storage, organization, structuring, retention, modification, modification, search, query, use, disclosure by transfer, dissemination or otherwise making them available, coordinating or combining, restricting, deleting or destroying data;
“Service” means a service defined by the Terms and Conditions provided by the Supplier to the Customer.
“Agreement” means a contractual relationship between the Customer and the Supplier as defined in the Terms of Service.
“Privacy Notice” means the Terms of Use specifying the processing of Personal Data;
“Data Protection Regulation” means the European Union’s General Data Protection Regulation 2016/679, which will apply from 25 May 2018;
“Data Protection Law” means the current Personal Data Act (523/1999) until 25 May 2018 and the Privacy Policy as of 25 May 2018;
“Security breach” means an event that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the Data of the processed Personal Data.

3. Customer Responsibilities

Customer Handles Personal Data in accordance with Data Protection Law. The Customer is responsible for the Personal Data provided to the Supplier and their legality throughout the entire Agreement. Customer is responsible for ensuring that all registered individuals whose Personal Data are processed are provided with the necessary legal notices and information regarding the processing of Personal Information. The Supplier does not follow the content, quality or timeliness of the provided Personal Data.

The Customer is responsible for ensuring that Personal Data Processing and its purpose and grounds are in compliance with the Data Protection Act. The Customer is also responsible for ensuring that Personal Data has been collected in accordance with Data Protection Law and that Customer has the right to transfer Personal Data to the Supplier by Processing in accordance with this Privacy Policy.

The Parties do not intend to transfer any statutory obligations of the controller to the Supplier acting as a Personal Data Handler by this Privacy Statement.

4. Supplier’s Responsibilities

Supplier Handles Personal Data in accordance with the Privacy Policy and any other written instructions provided by the Customer unless otherwise required by the Supplier’s applicable law. In this case, the Supplier informs the Customer of this legal requirement prior to processing, unless information is legally prohibited. For the sake of clarity, it is stated that Customer is always considered to have instructed the Supplier to provide the Services related to the Processing of Personal Data under the Agreement.

Given the nature of the processing operations, the Supplier assists Customer with appropriate technical and organizational measures to meet the Customer’s obligation to respond to requests regarding the use of the rights of the registered natural person provided by Chapter 3 of the Data Protection Regulation (provided that the data subject has this right under the Privacy Policy):
a. the right of access to personal data;
b. right to rectify and remove Personal Data;
c. right to limit treatment;
d. the right to transfer personal data from one system to another; and
e. the right to object to the processing of personal data.

The Party shall notify the other Party of the request for the exercise of the registered rights immediately and no later than the following working day (Mon-Fri) of receipt of the request if action is required from the other Party for the execution of the request. Each Party shall provide all information, necessary to execute the request for notification purposes. The supplier has the right to charge the Customer for all measures concerning the implementation of the rights of the registrant on an hourly basis, in accordance with their current price list. Taking into account the nature of the processing operations, the Supplier is obliged to implement the functions related to the implementation of Registered Rights defined in points 5c to d as part of the Service under the Agreement as of 25 May 2018.

Given the nature of the processing operations and the information available to the Supplier, the Supplier assists the Customer in compliance with the obligations set out in Articles 32 to 36 of the Data Protection Regulation:

a. Providing security of personal data processing through appropriate technical and organizational measures;
b. Notification of security breaches to the supervisory authority and registered persons;
c. participation, where appropriate, of an impact assessment of data protection where an impact assessment is required under Article 35 of the Data Protection Regulation; and
d. participation in a prior consultation of the supervisory authority if prior consultation is required under Article 36 of the Data Protection Regulation.

The Supplier is only required to assist the Customer with the extent to which the Data Protection Act implements the Personal Data Handler’s obligations. The Supplier is entitled to charge the Customer for the above-mentioned measures on an hourly basis based on their current price list.

The Supplier will send a plan of the actions and related charges in advance in writing to the Customer.

5. Purpose of processing personal data

Customer transfers to Supplier and Vendor Systems only information that he / she has the right to process according to applicable data protection legislation. Supplier Handles Personal Data only to provide its own services and to complete orders.
The supplier performs the following processing of personal data: collecting, saving, organizing, structuring, retention, editing, retrieval, querying, making available, matching or merging, limiting, deleting or destroying, backing up.

For personal information on the Customer, the Supplier only processes personal data in accordance with the terms and conditions of the Service and this Privacy Policy, unless otherwise required by applicable law. If the Supplier notices that the written instructions are unlawful, the Supplier informs the Customer of this legal requirement before being processed. However, the supplier is not aware of the fact that disclosure is prohibited in that legislation for important reasons of public interest.

When required by applicable data protection legislation, the Supplier treats as a processor a report on processing operations for the supervisory authority.

6. Registered Groups and Personal Information Types
The Supplier Handles Personal Data related to the Customer’s activities stored in the Service. Personal Data to be Handled includes personal information of the registered person, such as name, contact information, date of birth.

The information that may be processed may include personal identification numbers or data belonging to the specific categories of personal data referred to in the Data Protection Regulation.

7. Security

The Parties undertake to agree and implement commonly used technical and organizational measures to protect personal data. When designing and implementing the measures concerned, the Parties shall agree on the latest technology and implementation costs, the nature, extent, context and purpose of the processing, and the probability and severity of the handling of risks to natural persons’ rights and freedoms. In assessing the appropriate level of security, the parties must also take into account the risks involved in handling, in particular unauthorized and unlawful processing of personal data and inadvertent loss, destruction or damage to personal data.

Such measures include:

a. pseudonymization and encryption of personal data;
b. the ability to ensure the continued confidentiality, integrity, availability and fault tolerance of services;
c. ability to quickly restore access to and access to information in the event of physical or technical failure; and
d. a procedure for regularly testing, investigating and evaluating the effectiveness of technical and organizational measures to ensure the security of data processing.

The above measures are examples of how the Parties can ensure the security of personal data processing. The Parties agree in this Privacy Statement about the measures and other information security procedures that the Supplier implements in the processing of Personal Data. The reporter is responsible for backing up Personal Data stored on his operating environment and checking the functionality of backups.

The Provider ensures that persons who deal with Personal Data are bound by the obligation of professional secrecy or are subject to an appropriate statutory obligation of professional secrecy. The Supplier shall take the necessary steps to ensure that such Personal Data are processed only for the purposes specified in this Privacy Statement.

The Supplier will comply with their current internal security instructions in Personal Data Processing. For security reasons, the Vendor Security Guidelines are confidential, and the Supplier presents the contents of the Guidance to the Customer upon request.

8. Transfer of personal data
The Supplier shall have the right to transfer Personal Data to the Service of the Service for the European Union, the European Economic Area or any other country where the European Commission has determined that it will guarantee an adequate level of data protection. The Supplier has the right to transfer Personal Data outside the EU / EEA territory for the purpose of providing the service, in accordance with the express transfer principles of Data Protection Law.

9. Subcontractors

The Supplier is entitled to use subcontractors in the implementation of the Service and in the related Personal Data Processing. The supplier informs the subcontractors he or she is using to the customer upon request. The Supplier is responsible for subcontracting Handling Personal Data in accordance with this Annex and Privacy Policy.

10. Security breaches

The Party shall notify the other Party without undue delay of the Information Security breach that it has become aware of. When communicating a breach of a security breach, you must provide the Supplier with all information that may be considered to assist in solving, delimiting, or blocking a security breach. The supplier makes a notification to the contact person specified in the customer’s order information. You report to a Supplier about a security breach. When communicating a breach of a security breach, the Supplier shall, as far as possible, provide the Customer with:

a. a description of the security breach including, where applicable, the relevant registered groups and estimated numbers as well as the categories of personal data types and the estimated numbers (to the extent that such information is available to the Supplier;
b. Contact details of the Supplier’s Data Protection Officer or other person for whom further information can be obtained;
c. a description of the likely consequences of a security breach; and
d. a description of the actions the Supplier has taken in response to a security breach and any actions that the Supplier has taken to mitigate the adverse effects of the security breach.

If a Security Infringement is due to a reason for the Customer’s liability, Customer will be liable to the Supplier for any damage caused by the Security Infringement and related notifications. The Supplier is entitled to invoice the Customer for any costs incurred as a result of the inquiries initiated at Customer’s request based on the Supplier’s Price List in force.

The Customer is responsible for notifying security breaches to the supervisory authority and the data subject in accordance with the Privacy Policy.

11. Right of scrutiny

The Customer or an Independent Expert appointed by the Customer who cannot be a Supplier Competitor has the right to inspect during this Privacy Policy that the Supplier complies with the Obligations assigned to this Privacy Policy in this Privacy Policy. The audit concerns the supplier’s necessary material related to Customer’s Personal Data Processing and the Vendor’s systems and facilities used in the Processing of Personal Data. The inspection may be carried out at most once a year and must be notified to the Supplier in writing at least 30 days in advance. Despite the foregoing, the supplier must always allow audits of the activities of the Personal Data Processor performed by the Supervisory Authority. This Privacy Policy Annex applies, as applicable, to inspections by authorities.

The Supplier participates in the audit and provides the inspector with the information necessary to demonstrate that the Supplier complies with the obligations defined in this Privacy Statement. The inspection must not cause harm to the Supplier’s service production and the auditor is not entitled to access the data of the Supplier’s customers or partners. If the auditor is other than the Customer, the inspector and the Supplier make a confidentiality agreement before carrying out the audit.
The Customer is responsible for all the costs incurred in the inspection and reimburses the costs incurred by the Supplier for the checks. If the audits reveal significant deficiencies in the Supplier’s activities, the Supplier is responsible for the costs incurred by the inspector.

12. Damage caused by handling personal data

If a data subject is harmed by the breach of the Data Protection Regulation, each Party shall be liable for the loss incurred by the data subject himself, in accordance with Article 82 of the Data Protection Regulation. Each Party shall also be responsible for any administrative fines imposed by the Supervisory Authority pursuant to Article 83 of the Data Protection Regulation.

This Privacy Statement is subject to the Disclaimer of Terms of Service.

13. Termination of processing of personal data

The Supplier deletes Personal Data when the Contract expires, and the provision of the Personal Data Processing Service is terminated or when the obligations of this Privacy Policy Annex expire. In addition, the Supplier will remove all existing copies of the Personal Information under the Agreement or this Information upon termination of the obligations of the Protective Cover, unless the Supplier is required by law or authority to retain such Personal Data.