Controller
Name: Oral Hammaslääkärit Ltd
Business ID: 2863321-3
Postal and street address: Tekniikantie 4 A, FI-02150 Espoo, Finland
Tel.: +358 (0)10 400 3010 (switchboard)
Contact person for register matters
Name: Sanna Elomaa
Email: tietosuojavastaava@oral.fi
Register name
Stakeholder and partner register of the Oral Group
The legal basis for the processing of personal data
The legal bases for the processing of personal data are Oral’s legitimate interest (for instance, stakeholder relationship or some other appropriate connection) and the agreement between Oral and its partner. The processing can also be based on the data subject’s consent.
The purpose of the processing of personal data
The purposes of the processing of personal data in the register are:
• Communications between Oral and its stakeholders and partners
• Managing, maintaining and developing stakeholder and partner relationships
• Planning and developing Oral’s business operations
• Executive search for health care professionals for recruitment purposes
Categories of data subjects
Stakeholder personnel (e.g. health care professionals) and contact persons of existing as well as potential partners.
Data content of the register
The register may contain the following personal data of stakeholder personnel:
• name
• title, profession, position or role in the company
• name of the employer
• contact details (postal address, email address and telephone number)
• year of birth
• registration number (JulkiTerhikki)
• health care professional’s practice rights
• information on education and work experience
• revenue data
• data related to communications (e.g. e-mail)
• possible additional information provided directly by the data subject
The register may contain the following personal data of the contact persons of the partners:
• name
• title, profession, position or role in the company
• company name
• contact details (postal address, email address and telephone number)
• data related to communications (e.g. e-mail)
• possible additional information provided directly by the data subject
Regular sources of the register’s data
The data can be collected directly from the data subject e.g. by phone, online, in meetings and through other forms of contact. Personal data can also be collected from the data subject’s employer or from external service providers (such as Alma Talent Tietopalvelut).
For executive searches in particular, personal data can also be collected and updated through publicly available data sources such as the websites of companies and organisations as well as public registers (for example, the central register of social welfare and health care professionals, JulkiTerhikki).
Regular disclosure of data
The personal data are not regularly disclosed to third parties. However, personal data can be disclosed to companies located in Finland or abroad that belong to the same Group.
Transfer of data outside the EU or EEA: The personal data are not transferred outside the European Union or the European Economic Area.
In exception to the above, the personal data of health care professionals may be transferred to a Group company in Switzerland for the approval of recruitments or various company arrangements. The legality of the transfer of personal data to Switzerland is based on the European Commission’s decision concerning the adequate level of data protection.
The principles of register protection
The register’s data are stored in data systems that use technical and programmatic measures to ensure a sufficient level of data security. Each person using the register has a personal user ID and password to access the system. Only designated people have access to the data in the register to the extent necessary for the purposes of performing their tasks.
Data retention period
The personal data in the register are retained for as long as necessary for the purposes of the register. Oral shall regularly assess the necessity of retaining the data and Oral shall take care of such reasonable measures that ensure that no personal data related to the data subjects that are obsolete, inaccurate or incompatible with the purpose of the processing of the personal data are stored in the register.
Rights of the data subject
Right to inspection
Data subjects have the right to inspect the personal data on them stored in Oral’s stakeholder and partner register. The inspection request must be submitted to the contact person of the register in writing.
Right to request the rectification of data
Data subjects have the right to request the rectification of inaccurate personal data concerning them. The rectification request must be submitted to the contact person of the register in writing.
Right to request the erasure of data
Data subjects have the right to request the erasure of personal data concerning them in the register unless there is a legal basis for the retention of the data. The erasure request must be submitted to the contact person of the register in writing.
Right to request the restriction of the processing of personal data and the right to object to the processing of personal data
Data subjects have the right to request the restriction of and to object to the processing of their personal data if, for example, they deny the validity of the personal data concerning them. In this case, processing is restricted until Oral ensures the validity of the data or proves the existence of a legitimate basis for the processing. The restriction and/or objection request concerning the processing of personal data must be submitted to the contact person of the register in writing.
Right to withdraw consent regarding the processing of personal data
If the processing of personal data is based on the data subject’s consent, the data subject has the right to withdraw their consent regarding the processing of personal data at any time. The consent can be withdrawn by submitting a request to the contact person of the register in writing.
Right to lodge a complaint to the supervisory authority
Data subjects have the right to lodge a complaint concerning failures in the processing of personal data to the supervisory authority (Data Protection Ombudsman).
Updated 1 July 2022