Controller

Health Step Finland Oy

Yliopistonrinne 3

70210 Kuopio, Finland

VAT: 28380033

Contact Person Responsible for Data Protection

Data Protection Officer

Timo Lakka

Phone: + 358 40 7707329

Email: timo.lakka(a)uef.fi

Name of the Personal Data Register

Customer Register and Marketing Register of the Website

Legal Basis and Purpose of Processing Personal Data

We process personal data to deliver and implement website content and to market our services.

Data is processed based on the customer relationship between the user and Health Step Finland Oy, a contract, use of the website, the customer’s explicit consent, or legal obligations.

Regular Sources of Data

The data recorded in the personal data register is obtained directly from the data subject. We collect information via registration and payment forms completed by the customer.

Processed Personal Data

Information provided by the user or that identifies the person:

• Identification data such as name
• Contact information such as address, email address, and phone number
• Data from service usage and data derived via analytics, such as browser version, geolocation, and other tracking data from Google Analytics
• Data entered by the customer into contact forms.

Disclosure of Personal Data

We may disclose certain essential data to third parties for delivery and marketing purposes. Customer data is also used with third parties for analytics and personalization.

We utilize purchasing and browsing data with partners to better offer products and deals of interest to you. Data used for analytics and personalization is anonymized or pseudonymized wherever possible. Only we can link the pseudonymized data back to your name.

We may also disclose data to authorities when necessary. We will inform the customer of such requests, if permitted by law.

We disclose data to the following third parties:

• Analytics and statistics partners
• Product recommendation and personalization partners
• Email marketing partners (if the customer has opted in to newsletters, browsing-based messages, or product review requests)
• SMS partners (if text message sending is allowed)
• Delivery companies (when delivery method includes shipping to pick-up points, nearest post office, or direct home delivery)
• Payment processors (when paying by card)
• Credit providers (if customer chooses invoice or installment payment via credit company)
• Some maintenance providers (in connection with product service or maintenance)
• Collection agencies (when invoices become overdue and go to collections).

Health Step Finland Oy ensures a high level of data security and protection in compliance with the EU GDPR during data transfers and processing.

To ensure the appropriate level of protection in third-party data processing, we rely on:

• Standard contractual clauses approved by the European Commission
• EU-US Privacy Shield Agreement
• Other methods approved under the GDPR.

Personal data is not transferred outside the EU or the European Economic Area (EEA).

Protection of Personal Data

All personal data is protected against unauthorized access and accidental or unlawful destruction, alteration, disclosure, transfer, or other unlawful processing.

Health Step Finland Oy stores customer data in Finland. Data centers and the technical and process security of our commerce systems are of a very high standard.

The processing of personal data complies with the GDPR requirements effective from May 25, 2018. All access to personal data is monitored in accordance with best practices.

Data Retention Period

We retain your personal data only for as long as necessary to fulfill the purposes described in this notice.

Additionally, some data may be retained longer to comply with legal obligations, such as accounting or consumer transaction responsibilities, and to demonstrate proper compliance with them.

Profiling

Personal data is not used for profiling or other automated decision-making.

Rights of the Data Subject

Right of Access

You have the right to obtain confirmation on whether we process your personal data and, if so, to access a copy of that data.

Right to Rectification

You have the right to request that inaccurate or incorrect personal data be corrected. You may also provide additional information to complete incomplete personal data.

Right to Erasure

You have the right to request deletion of your personal data if:

1. The data is no longer needed for the purposes for which it was collected;
2. You withdraw your consent, and there is no other legal basis for processing;
3. The data has been processed unlawfully.

Right to Restrict Processing

You have the right to restrict processing of your personal data if:

1. You dispute the accuracy of your personal data;
2. The processing is unlawful, and you oppose the deletion and request restriction instead;
3. The controller no longer needs the personal data for the original purposes, but you require it for legal claims.

Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Lodge a Complaint with a Supervisory Authority

The national data protection authority in Finland operates under the Ministry of Justice. You have the right to file a complaint with the supervisory authority if you believe that the processing of your personal data violates applicable data protection legislation.

Contact Information

For all questions regarding the processing of personal data or exercising your rights, please contact the Data Protection Officer via email at timo.lakka(a)uef.fi or by mail at Yliopistonrinne 3, 70210 Kuopio, Finland.

‍