Privacy notice for subcontractors, suppliers, and co-operation partners of Oy Orthex Finland Ab
This privacy notice concerns processing of personal data related to the subcontractors, suppliers, and co-operation partners of Oy Orthex Finland Ab.
Controller contact information
Oy Orthex Finland Ab
FI-02270 Espoo, Finland
Tel. +358 (0)19 329 61
For what purposes do we collect your personal data?
We collect personal data about representatives of our subcontractors, suppliers, and co-operation partners for the following purposes:
- Procurement of products and services
- Invoicing and payment management
- Supplier or partnership management
- Fulfillment of our other legal obligations
On what basis do we process your personal data?
We only process your personal data when the processing is based on
a) your consent given to one or more specific purposes
b) the performance of a contract to which you are a party or taking steps at your request prior to entering a contract
c) our statutory obligation or
d) our legitimate interest.
In these cases, we have a valid legal basis for processing your personal data.
What kind of personal data do we process?
We process the following personal data about representatives of our subcontractors, suppliers, and co-operation partners:
- Identification details: first and last name, job title, position
- Contact details: company, address, phone number, email address
- Payment and contract details
Where do we collect your personal data?
We collect your personal data directly from our subcontractors, suppliers, and co-operation partners, primarily under various supplier and co-operation agreements.
To which parties do we disclose or transfer your data?
As a rule, we do not disclose your personal data further outside the Orthex Group and at Orthex Group, your personal data is processed only by personnel who are authorised to do so based on their role. If such intra-group transfers or disclosures of personal data take place, we will ensure the security and confidentiality of your personal data by using Intra-Group Data Transfer Agreements.
We use service providers to manage and operate our business. These service providers can only process your personal data based on our instructions and use it only for purposes defined by us. Such processing is always regulated by Data Processing Agreements to ensure that all our service providers keep your personal data safe and process it only in accordance with applicable legislation.
In certain situations, we must disclose your personal data to another controller, who will use that personal data for its own purposes. Personal data may have to be disclosed for example to authorities when Orthex has a legal obligation to do so.
Do we transfer your personal data outside the EU or EEA?
As a rule, we do not transfer your personal data outside the EU or EEA. In case your personal data is transferred outside the EU or EEA, appropriate technical and organisational measures, such as EU Model Clauses, are taken to secure your personal data. The recipients of such data will be required to protect confidentiality and security of the personal data and may not use it for the benefit of their own business.
How do we protect your personal data?
Orthex has taken appropriate technical and organisational measures to restrict access to the personal data it holds and to protect it against loss, accidental destruction, misuse, and unlawful alteration. Access to personal data is restricted on a need-to-know basis to individuals (Orthex’s employees and service providers) who need to access the data for the purposes it was collected for.
How long do we store your personal data?
By default, we store personal data only as long as is necessary for the purposes it was collected for. When personal data is no longer needed for that purpose, it was originally collected for, it will be deleted or anonymized, unless we have a legal obligation to retain the data for a longer period. This means that the retention periods we have defined for your personal data vary depending on the processing purpose, type of personal data, and local requirements.
What are your rights as a data subject?
As a data subject you have certain rights which help you to control your own personal data and to affect the way it is being processed. If you wish to use your rights, please contact us by email at firstname.lastname@example.org.
Right to access
You have the right to obtain confirmation as to whether your personal data is being processed by us and to know what personal data it is we process. If you wish, you may request a copy of such data.
Right to rectification
If your personal data is incorrect or incomplete, you have the right to request for rectification or completion of your personal data.
Right to be forgotten
You have the right to request that your personal data be erased. In such a case, we will delete your personal data unless we have a legal obligation or other overriding reason to retain your data.
Restriction of processing, right to object and data portability
In certain situations, you have the right to request us to restrict the processing of your personal data, for example, if your personal data is inaccurate. Based on your own circumstances, you may also have the right to object the processing of your personal data. In this case we will assess whether there are any compelling statutory reasons requiring us to continue processing of your personal data. You may always object processing your personal data for direct marketing purposes. In some cases, you may also have the right to data portability.
Withdrawal of consent
If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time.
Right to file a complaint to a supervisory authority
You have the right to file a complaint with a local supervisory authority if you find that our processing of your personal data violates your rights as a data subject.
Date of this notice
31 May 2022
Can this privacy notice be changed?
We may update this privacy notice from time to time to reflect changes in our services, operations and/or applicable law. Any changes will be posted on this website.