With this Privacy Notice we provide you information on how and why we process your personal data in our business activities.

We process personal data for the following purposes as a controller:

  1. Customer relationships
  2. Financing purposes
  3. Business partner relationships
  4. Marketing
  5. Communications
  6. Social media
  7. Cookies
  8. Recruiting

Please note that we may also process personal data for medical research purposes. When doing so, we shall inform our data subjects separately of the ways their personal data is processed.

1) WHAT TERMS ARE USED IN THIS PRIVACY NOTICE?

Controller means the party responsible for processing the personal data of the data subject.

Data subject is a term for a human being in accordance with data protection laws.

DPO means an independent representative of a controller or a processor who helps the controller or the processor ensure that it complies with relevant data protection laws.

Legal basis for processing means the legal ground on which the controller processes the data subject’s personal data. The legal basis for processing is described in Article 6 of the GDPR.

Personal data means any information concerning the data subject or information by which the data subject can be identified.

Privacy notice means a document drawn up in accordance with Articles 13 and 14 of the EU General Data Protection Regulation (hereinafter ”GDPR”), through which the controller informs data subjects of the ways the controller processes their personal data.

Processor means the party who processes personal data on behalf of the controller.

Purpose for processing means the reason why the controller processes the data subject’s personal data.

2) OUR CONTACT DETAILS

Maculaser Oy (Business ID: 3160009-2)
c/o Terkko Health Hub, Building 14, Haartmaninkatu 4, 00290, Helsinki, Finland

If you have any questions regarding the privacy notice, please contact our DPO at dpo[at]maculaser.com.

3) WHY DO WE PROCESS YOUR PERSONAL DATA?

We process your personal data in accordance with the processing purposes listed below. In the sections on processing purposes, you will find information on what personal data we process and on what legal basis we process your personal data.

a) Customer relationships

Explanation: Personal data is processed to conclude and carry out customer relationships.
Category of data subjects: Customers (contact persons).
Categories of personal data: Contact details and customer relationship data.
Legal basis for processing Performance of contractual obligations with customers.

b) Financing purposes

Explanation: Personal data is processed to seek and obtain financing into our company.
Category of data subjects: Investors and investors’ contact persons.
Categories of personal data: Contact details and other data disclosed to us.
Legal basis for processing: Performance of contractual obligations with investors.

c) Business partner relationships

Explanation: Personal data is processed to conclude and carry out business relationships.
Category of data subjects: Business partners (contact persons).
Categories of personal data: Contact details and data related to our relationship.
Legal basis for processing: Performance of contractual obligations with business partners.

d) Marketing

Explanation: Personal data is processed to market our products and services.
Category of data subjects: Customers and potential customers (contact persons).
Categories of personal data: Contact details.
Legal basis for processing: Our legitimate interests to ensure the continuance of our business operations. Our interests are legitimate, as we provide marketing only in compliance with the applicable legislation.

NB! You may have a right to object data processing for these purposes (see section concerning your rights).

e) Communications

Explanation: Personal data is processed to carry out communications.
Category of data subjects: People who contact us.
Categories of personal data: Contact details and possible other data disclosed to us by the data subject.
Legal basis for processing: Our legitimate interests to carry out communications. Our interests are legitimate, as the data subjects expect us to process their data for communications purposes.

NB! You may have a right to object data processing for these purposes (see section concerning your rights).

f) Social media

Explanation: Personal data is processed in our social media sites and accounts.
Category of data subjects: People who contact us.
Categories of personal data: Contact details and possible other data disclosed to us by the data subject.
Legal basis for processing: Our legitimate interests, according to which we manage our social media. Our interests are legitimate, as the data subjects expect us to process their data for social media purposes.

NB! You may have a right to object data processing for these purposes (see section concerning your rights).

g) Cookies

Explanation: Personal data is processed in cookies of our websites.
Category of data subjects: People visiting our websites.
Categories of personal data: IP addresses.
Legal basis for processing: Consent based on the Act on Electronic Communications Services of Finland (917/2014).

Please have a look at our Cookie Notice for more information about cookies used in our websites.

h) Recruiting

Explanation: Personal data is processed to carry out recruiting.
Category of data subjects: Job applicants.
Categories of personal data: Contact details, CV data, videos and pictures and possible other data disclosed to us by the data subject.
Legal basis for processing: Our legitimate interests, according to which we carry out our recruiting. Our interests are legitimate, as the data subjects expect us to process their data for recruiting purposes. We may also process personal data based on consent.

NB! You have a right to object data processing for these purposes (see section concerning your rights).

4) FROM WHERE DO WE COLLECT YOUR PERSONAL DATA?

We collect your personal data from different sources, depending on our purposes for processing personal data.

a) Customer relationships / e) Communications / f) Social media / h) Recruiting

We collect your personal data for these purposes from yourself.

b) Financing purposes / c) Business partner relationships / d) Marketing

We collect your personal data for these purposes from yourself, our business partners and different public sources (e.g. trade register and social media).

g) Cookies

We collect your personal data by use of cookies.

5) DO WE TRANSFER YOUR PERSONAL DATA TO THIRD PARTIES?

As is typical in modern business operations, we may transfer personal data to different third party service providers to enable us carry out our business operations. Such service providers are for example data storage and communications service providers.

When transferring personal data to third parties, we shall always ensure that the data transfers are carried out in a secure way and in accordance with adequate data protection agreements.

6) DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU OR THE EEA?

We do not transfer personal data outside the EU/EEA (third countries) in regard to data processing purposes of a) and c) – h).

We may transfer personal data to the US when we process personal data for b) Financing purposes.

When we transfer personal data outside the EU or the EEA, we shall always ensure adequate security for the transfer of data by concluding adequate Standard Contractual Clauses (SCCs) as well as supplementary measures based on the Recommendations 1/2020 of the European Data Protection Board (EDPB).

7) HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

The retention period of your personal data depends on the purposes for which we process your personal data. We inspect the necessity of the retained personal data regularly and keep records of the inspections.

a) Customer relationships / b) Financing purposes / c) Business partner relationships

We process and retain personal data for as long as our contractual relationship is in effect or we are in on-going out contract negotiations.

d) Marketing

We process and retain personal data for as long as it is necessary to fulfil the purpose of data processing.

e) Communications

We will process and retain the necessary personal data for three (3) years after the contact.

f) Social media

We will process and retain social media information until individuals remove their information from our social media channels.

g) Cookies

The retention period depends on each cookie used.

h) Recruiting

We will process and retain the necessary personal data for six (6) months from the end of the job announcement deadline. We may retain personal data for an additional six (6) month period, if you provide us your consent for the retention.

8) WHAT DATA PROTECTION RIGHTS DO YOU HAVE?

You may be entitled to use the below listed data protection rights. The contacts concerning the rights shall be submitted to the controller’s contact person in writing. Your rights can be put into action only after you have been satisfactorily identified.

You may also have a right to lodge a complaint to the supervisory authority, if you think that the processing of your personal data infringes the data protection laws.

Right to inspect

The data subject has a right to inspect what data the controller has stored of him/her.

Right to rectify and erasure

The data subject has a right to request the controller to rectify or erase the personal data concerning the data subject on the grounds provided by law.

Right to restriction of processing

The data subject can request the controller to restrict the processing of personal data concerning the data subject on the grounds provided by law.

Right to data portability

The data subject shall have a right to receive the personal data concerning him/her, which he/she has provided to the controller, in a structured, commonly used and machine-readable format, if the processing is based on consent or an agreement between the controller and the data subject and the processing is performed automatically.

Right to object

If personal data is processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him/her for such marketing.

If personal data is processed on the basis of the legitimate interests of the controller, the data subject shall have the right to object the processing of personal data concerning him/her for such purposes in accordance with the law.

Right to object to automated individual decision-making, including profiling

The data subject shall have a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him/her or similarly significantly affects him/her.

Right to withdraw consent

If the legal basis for the processing of personal data is consent given by the data subject, he/she shall have the right to withdraw his/her consent.

9) CAN THIS PRIVACY NOTICE BE AMENDED?

We may unilaterally amend this privacy notice. We update the privacy notice as necessary, for example, when there is a change in legislation. Amendments to this privacy notice will take effect immediately when we post an updated version on our website.

If we make significant changes to the privacy notice, or if there is a significant change in the way it is used, we will notify the data subjects.

(Last update 1.6.2021)