Privacy Policy

This privacy policy states how BCB Medical Ltd. processes personal data it collects from its customers. 
Last updated on March 23rd, 2022. 

1. Data Controller

BCB Medical (Business ID 1839834-4 )
Ruukinkatu 2-4, 20540 Turku, Finland
+358 (0)20 7299 820

2. Contact Person in Data Protection Matters

Tapani Loikkanen
+358 (0)20 7299 834

3. Name of the Register

BCB Medical’s customer and marketing register

4. Purpose of Processing Personal Data

The purposes of processing personal data are contacting customers, maintaining customer relations and marketing. Personal data is processed for the following purposes in particular:

  • Marketing communications such as electronic communications; the website, newsletter, etc.
  • Improving customer service, research related to service development, and customer relationship management.
  • Analysis and statistics (e.g. Google Analytics)
  • Organizing events

No automated individual decisions are made.

5. Legal Basis for Data Processing

Customer data is processed for the performance of a contract with the customer and on the basis of a legitimate interest created by the customer relationship. In addition, personal data is processed for marketing purposes on the basis of data subject’s consent and legitimate interest. In case we would like to use customer’s data as a reference in our websites, we always ask for the customer’s consent.

6. Data Contents of the Register

We store the following data given by the customer: first names, surname, contact details such as telephone number and e-mail address, the company/organization to which the person belongs and his/her position in the company or title, as well as other information to improve the provision of the service. In addition, we record information on diets and accessibility when registering for events.

7. Cookies

BCB Medical uses cookies on its website. A cookie is a small text file sent to and stored on a user’s computer or mobile device. The primary purpose of using cookies is to improve and personalize the visitor’s experience on the website and to analyze and improve the functionality and content of the website. Information collected through cookies can also be used to target communications and marketing activities. Information obtained through cookies may be combined with information obtained from the user in any other context, such as when the user fills in a form on our site.

8. Regular Data Sources

The information stored in the register is obtained from the customer through, for example, messages sent via web forms, e-mail, telephone, social media platforms, contracts, customer meetings and other situations where the customer discloses his/her information.

Information on contact persons of businesses and other organizations may also be collected from public sources such as websites, directory services and other businesses.

9. Regular Disclosure of Data and Transfer of Data Outside EU or EEA

Data is not regularly disclosed to other parties.

Customer data may be transferred outside the EU or EEA when this is necessary to provide the service. If personal data is transferred outside the EU or EEA, we will take into account the requirements of the data protection legislation and the effects of the transfer of the data on the rights and freedoms of the data subject and will take the necessary precautions to carry out the transfer. Data will not be transferred to the United States without the express consent of the data subjects.

10. Data Protection Principles

Personal data is processed with due care and the data processed by the information systems are adequately protected. When personal data is stored on internet servers, the physical and digital security of the servers is adequately ensured. The data controller ensures that stored data, server access rights and other information critical to the security of personal data are treated confidentially and only by employees who need the data in the performance of their duties.

11. Storage of Data 

We will store personal data for as long as is necessary to maintain the customer relationship or until the data subject withdraws his/her consent for marketing or prohibits marketing directed at him/her.

12. Rights of the Data Subject

Every data subject has the right to review their personal data stored in the register and to request the correction of any inaccurate information or the completion of incomplete information.

In addition, data subject has the right to request the deletion of his/her personal data from the register (“right to be forgotten”). Data subjects also have the right to restrict the processing of personal data if the data subject considers that the processed personal data is inaccurate, the processing is against the law or if the data subject has objected to the processing of personal data. The data subject also has the right to file a complaint with the Data Protection Ombudsman regarding the controller’s processing of the personal data collected.

In order for the data subject to exercise the above-mentioned rights, the data subject shall contact the data controller using the following contact information: support(at)bcbmedical.com. If necessary, the controller may ask the person requesting the information to prove his/her identity. The controller shall respond to the customer’s request without undue delay and in any case within one month of receipt of the request.