Privacy Policy
Register and Privacy Statement
Effective from 5 September 2025
Data Controller
Company name: Suomen Työterveys & Suomen Etälääkärit Oy (hereinafter “the data controller”)
Business ID: 3453527-3
Visiting and postal address: Tiirasaarentie 27 A 1, 00200 Helsinki
Email: info@suomentyoterveys.com
For matters regarding data processing and data protection, please contact info@suomentyoterveys.com.
General Information
This register and privacy statement, compliant with the EU General Data Protection Regulation (GDPR), explains how we, as the data controller, process personal data. The statement also serves as a contract for personal data processing in situations where we process data on your or your company’s behalf (a “DPA” – data processing agreement). Legally, in such cases, we are the data processor and you or your company are the data controller.
Purposes and Legal Basis for Data Processing
We process data for the following purposes:
- Managing the customer relationship
- Fulfilling the rights and obligations of the customer and the data controller
- Purposes related to online services
- Research activities
- Targeted marketing by the data controller and its partners
Processing is based on a customer agreement and/or individual consent.
Sources of Data
Data is collected with consent from:
- Messages submitted via web forms
- Emails
- Cookies
- Phone calls
- Social media services
- Contracts, meetings, and other situations where data is provided
The data controller uses cookies on its website to improve the user experience, measure performance, and enable targeted marketing. Cookies are small text files stored by your browser on your device. You can block cookies in your browser settings.
Data Content
We may process one or more of the following types of data:
- First and last name
- Postal address
- Phone number
- Email address
- Professional group
- Data collected via cookies (IP address, browser type, location, etc.)
- Company and position
- Company contact information
- Social media account and profile information
- Information about subscribed services
- Customer relationship data
- Chat conversation history
Disclosure of Data
Data from the register may be accessed by systems used to process the data, which are physically located in Europe or the USA and are either Privacy Shield registered or otherwise compliant with GDPR.
Data is not disclosed to external parties, except as requested by Finnish authorities. Data may be published to the extent agreed.
Data Transfer Outside the EU or EEA
Some data may be stored and processed outside the EU. Processing complies with the EU GDPR and Privacy Shield requirements for personal data processing. Data is not disclosed to third parties.
Principles of Data Protection
Access to data is granted only to employees of the data controller and other designated persons who need the data to perform their duties. This includes staff in contact with customers. The data controller ensures that personal data is processed only by authorized individuals who are bound by confidentiality or subject to legally mandated confidentiality obligations.
The data controller implements necessary technical and organizational measures in processing personal data, including instructing staff and ensuring the security of the systems used.
Data may also be processed by the following partners and their group companies:
- Cloud services: Google LLC, Microsoft Corporation
- Customer communications: MailChimp
- Web traffic monitoring: Google LLC
- Financial administration
Data Retention Period
Data processed based on consent is retained until the customer withdraws consent. The data controller may, however, retain necessary personal data to exercise its rights and obligations (e.g., to demonstrate compliance with diligence obligations).
General Rights of the Data Subject
Data subjects may:
- Modify, delete, or request the erasure of their data
- Access stored data
- Request correction of data
Requests must be made in writing to the data controller. The data controller may require proof of identity. In accordance with GDPR, responses are generally provided within one month.
Changes to the Privacy Policy
The data controller continuously develops its business and reserves the right to amend this privacy policy. Changes may also result from updates to legislation.
The data controller recommends reviewing the privacy policy regularly.