© 2022 All rights reserved. Onnikka Health Oy.
This is Onnikka Health Oy’s privacy notice in accordance with the EU’s General Data Protection Regulation (GDPR) concerning personal data collected through the company’s website. Date of revision 30 May 2022.
Onnikka-application has its own Privacy Notice, which is delivered with the application.
1. Data controller
Onnikka Health Oy, (business ID 3241238-4)
Kansankatu 46 B 39,
90100 Oulu, Finland
2. Data controller contact
Ville Nyman, email@example.com
3. Name of the Register
Onnikka Health Oy website user register
4. Legal basis and purpose of processing personal data
Depending on the situation, the legal basis for the processing of personal data in accordance with the EU’s General Data Protection Regulation is either:
– the consent of the person, or
– the legitimate interest of the controller
The purpose of the processing of personal data is to manage the customer relationship and customer service, as well as to develop the online service and ensure its safety.
The data is not used for automated decision-making or profiling.
5. Data content of the register
The data stored in the register includes the data sent by the customer him/herself and the data collected using the web analytics tool.
For example, when a customer contacts a company using a web form, submits questions or comments, a name, email address, and message are collected from the customer.
When a customer visits a website, cookies are used to collect web analytics data about them to the Matomo analytics service to develop the website and detect abuses.
– the page through which the customer entered the website
– the part of the website visited by the customer and the duration of the page download
– date and duration of the visit (including previous visit, first visit and total number of visits)
– IP address
– device type, operating system, screen resolution, browser language and type, country, estimate of the user’s geographical location
– files and links that the customer clicked
The controller processes and stores personal data only for as long as is necessary for the predetermined purpose of the personal data. Personal data that has become redundant and which the controller no longer has grounds to store or process is deleted at regular intervals in accordance with the controller’s own data protection practices.
6. Regular data sources
The information stored in the register is obtained via the website: either by means of a web form or a web analytics tool.
7. Regular disclosures of data and transfer of data outside the EU or EEA
The data is not regularly disclosed to other parties. Personal data is not transferred or processed outside the EU or EEA in countries that have not been considered to have an adequate level of data protection by the EU Commission
8. Principles of registry protection
The processing of the register is handled with care and the data processed with the help of information systems is properly protected. When registry data is stored on Internet servers, the physical and digital security of their hardware is adequately ensured. The controller ensures that the stored data, access rights to servers and other data critical to the security of personal data are treated confidentially and only by the employees whose job description it belongs to.
9. Rights related to the processing of personal data
A person in the register has the right to request the deletion of personal data concerning him or her from the register (“right to be forgotten”). The data subject has the right to inspect what data concerning him or her is stored in the customer register. In addition, the data subject has the right to demand that incorrect data in the register be corrected. The request for correction of the data shall identify the error to be corrected and indicate the information to be corrected. Data subjects also have other rights under the EU’s General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Please note that before carrying out the request, we have the right and obligation to verify your identity, which means that we must be able to identify you adequately. Requests must be sent in writing to the controller.