Privacy Notice
This Privacy Notice informs why and how Carecode Ltd (“Carecode”) collects, uses or shares personal data and what rights Users have. The Users can be representatives of business customers or suppliers, potential business contacts or internet users visiting the website (together hereinafter “Users”).
This website may contain links to websites and services of third parties. These websites or services are subject to their own privacy notices. Carecode does not take any responsibility of third parties’ privacy notices or processing of personal data in third parties’ operations. Please pay attention to their respective privacy notices and subsequent changes to them.
1. Data Controller
The data controller in accordance with the applicable data protection law is Carecode Ltd.
The primary contact is: privacy@carecode.fi
2. Legal Basis and Purpose of Processing Personal Data
Carecode processes personal data of the Users for various purposes, which are explained below.
2.1 Business operations
Carecode processes Users’ personal data for the following purposes:
- to provide and deliver products and services to business customers;
- to buy products and services from suppliers; and
- to communicate with Users.
Primarily, the legal basis for processing Users’ personal data is the performance of the contract, including processing needed prior to entering into the business relationship.
2.2 Marketing
Users’ personal data can be used for marketing purposes. In this respect, the processing is based on Carecode’s legitimate interest to provide Users with relevant and up-to-date information as part of the website and business relationship. The processing is based on Carecode’s legitimate interest to promote its existing and new products and services.
Users should refer to section 7 below for further information about marketing communications and Users’ rights in this respect.
2.3 Information security
Carecode processes technical data, including some personal data for information security purposes and fraud prevention. Carecode maintains information security measures to safeguard business information and business assets, to protect personal data, to avoid criminal activities and to ensure the availability of the website. This processing is based on Carecode’s legitimate interest to ensure an appropriate level of network and information security.
3. Collection of Personal Data
Carecode processes the following categories of personal data for purposes listed above:
- basic information about the User, such as name, email address and phone number;
- basic information about the User’s employer such as company name, address, email address and phone number;
- information relating to business relationship, such as products ordered, starting and end time of business relationship;
- billing information, such as account numbers, payments made and outstanding and bills delivered;
- reasons for contacting Carecode and details related to contact;
- customer communications; and
- surveys and competitions participated in (if any).
Carecode automatically collects and processes the following technical data about the User and the use of website:
- IP address, device ID, device type, operating system used and application settings;
- user activity such as pages viewed, and items ‘clicked’ on;
- timestamps and log data relating to the use of the website; and
- location/country of origin. This technical data is collected automatically through the use of website.
Carecode does not process Users’ special categories of personal data (sensitive data).
4. Sources of Personal Data
As a rule, personal data is collected directly from the User in connection with the business relationship or website activity. However, Carecode may, from time to time, also collect information from publicly available sources and third parties, such as marketing companies.
5. Disclosure of Personal Data
Carecode may disclose User’s personal data to the following third parties:
- when permitted or required by law to comply with requests by competent authorities, such as requests by tax authorities, law enforcement authorities and other authorities;
- trusted services providers, such as distributors, IT service providers and marketing service providers for the purposes listed above; and
- if Carecode is involved in a merger, acquisition, or sale of all or a portion of its assets.
6. Transfer of Personal Data Outside EEA
Users’ personal data is processed within the European Economic Area. Further, Carecode might use processors outside of the EEA. Such transfers are governed by the EU Standard contractual clauses.
7. Marketing Communications
When a User provides Carecode with contact details, for example, in connection with a sale of product, contact Carecode’s customer service, participate in survey, Carecode may use User’s personal data for marketing purposes and to promote its latest products. Users are given the opportunity to opt-out of receiving marketing communications from Carecode.
7.1 eMarketing
Carecode may provide a User with product updates, newsletters and other communications about existing or new products by email. A User may unsubscribe at any time by clicking on the “unsubscribe” link located on the bottom of emails.
When Carecode collects or uses information about a User’s web browsing for e-marketing purposes, the User has the right to object to this at any time by contacting Carecode. Regarding the right to object please refer to section 9 below for further information.
7.2 Statistics and segregation
Carecode may create User group profiles or segment data for the purpose of creating aggregated statistics about the use of website, products, such as to estimate number of Users, viewed pages and detect which parts of the website the Users find most useful, to identify features that could be improved and to provide context based advertising to User groups. Data collected for these purposes is not used to identify a particular User but to analyze how the Users in general or User groups use the website.
8. Retention of Personal Data
The personal data will be retained only for as long as necessary to fulfill the purposes defined in this Privacy Notice. After that personal data will be removed except when retention is required by applicable law or rights or obligations by either party.
Here are the main rules for the retention periods:
- personal data regarding business customers and suppliers will be retained during the business relationship and after that as long as necessary or required by law or rights or obligations by either party, for example for billing purposes; and
- Carecode will delete or anonymize data used for marketing purposes after three years has lapsed since the last contact between the User and Carecode, unless data retention is required by law or rights or obligations by either party. Should a User have a concern about data retention for marketing purposes, User should refer to Section 9 for further information about Users’ rights in this respect.
9. Privacy Rights
Users have the following rights:
- the right to request access to personal data about himself/herself;
- the right to request rectification, restriction or erasure of personal data. However, please note that certain information is strictly necessary in order to fulfil the purposes defined in this Privacy Notice and may also be required by law. Therefore, the deletion of such data may not be allowed by the applicable law, which prescribes mandatory retention periods;
- the right to object to processing based on legitimate interest of Carecode;
- the right to object to processing for marketing purposes and opt-out of receiving future direct marketing;
- the right to withdraw consent at any time when the processing is based on consent. The withdrawal will not affect the lawfulness of the processing carried out before the withdrawal;
- Users have a right to data portability, i.e. right to receive the personal data in a structured, commonly used machine-readable format and transmit the personal data to another data controller, to the extent required by applicable law. This applies for personal data processed based on contract or consent; and
- Users have a right to file a complaint to the national data protection authority in the EEA.
Please send above-mentioned requests to Carecode at privacy@carecode.fi.
10. Security
Carecode maintains reasonable security measures, including physical, electronic and procedural measures to protect personal data from loss, destruction, misuse, and unauthorized access or disclosure. For example, Carecode limits the access to this information to authorized employees who need to know that information in the course of their job description and third-party service providers who may only process data in accordance with instructions provided by Carecode.
Please be aware that, although Carecode endeavors to provide reasonable security measures for personal data, no security system can prevent all potential security breaches.
11. Contact Carecode
For requests regarding our Privacy Notice or personal data Carecode holds about the User in question, please contact Carecode by email at privacy@carecode.fi. Please do not send sensitive information with unencrypted email.
12. Changes to this Privacy Notice
Carecode may amend this Privacy Notice and the related information. Carecode recommends that the Users regularly access the Privacy Notice to obtain knowledge of any possible changes to it. Carecode will inform Users of possible changes by using reasonable and available channels.