Inion Oy Data Protection Clause
The purpose of this Data Protection Clause is to give information on collecting, handling and retaining personal data in Inion Oy.
Inion Oy complies with EU General Data Protection Regulation (GDPR).
Inion Oy is committed to protecting the privacy of people whose personal data it holds.
Collecting personal data
In connection with distribution, sales, training, education, consulting, complaint handling, post marketing surveillance and clinical evaluation of Inion’s products, Inion Oy collects relevant personal data of the people involved in these connections. Inion Oy collects and evaluates patient data only in such a manner that the data is not connected to the patient’s identity.
Regular sources of personal data
Inion Oy gets the personal data from the persons themselves upon request for the above-mentioned connections.
Purpose of collecting personal data
- The personal data from customers is collected for the purpose of conducting the tasks related to distribution, sales, training, education, product complaint handling, clinical evaluation, post marketing surveillance and consulting between Inion Oy and the person in question.
Processing of personal data is based on consent of the data subject, contract with the data subject, or legitimate interests, such as the regulatory requirements for medical devices.
Where processing is based on consent, data subject shall have the right to withdraw his/her consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, the data subject shall be informed thereof.
- The qualifications and identities of the persons involved in medical device testing and evaluation are collected based on the requirements of EU directives and legislation for medical device manufacturers. Inion is obliged to present this information to the relevant authorities upon request.
Content of the register
The register contains personal data, such as name, address, position, qualifications and CV provided by the person in question.
Persons handling the personal data
Access to personal data is limited to relevant staff only, as well as IT administration.
Transferring personal data outside European Union (EU) or European Economic Area (EEA)
- The personal data from customers is not transferred outside European Union (EU) or European Economic Area (EEA), unless the person is informed separately.
- The personal data required by authorities may be transferred outside the EU or EEA without informing the person separately. The authority takes care of the appropriate protection of the personal data according to local laws and is bound to keep all information confidential in line with article 20 of the EU Medical Devices Directive and articles 109 and 110 of EU Medical Devices Regulation.
Description of the register and its protection
The registers are located on Inion Oy server. To access the personal data on the server, a person needs to be Inion employee and have appropriate user rights. User rights for the register are granted based on the employee’s role. External access to Inion Oy servers is monitored with firewalls.
Retaining personal data
- The personal data from customers is retained by Inion Oy as defined for the file in question.
- The personal data required by the authority is retained by Inion Oy for the retention period set in the EU regulations
Checking, updating and removing the personal data
Person has the right to check the personal data which Inion Oy holds of him/her. Upon the person’s request, Inion Oy will correct, complete or remove personal data which is incorrect, unnecessary, incomplete or outdated for the purpose of the data. Person can check, update or ask for removal of his/her personal data by contacting Inion Oy IT staff (see below Register Controller/Data Protection Officer). As the person makes the request to check, update or ask for removal of his/her personal data, extra checks will be conducted by Register Controller/Data Protection Officer to verify the person’s identity.
Should you consider that Inion Oy processes your personal data in violation of applicable legislation, you have the right to lodge a complaint with a data protection supervisory authority.
Register Controller/Data Protection Officer