ICARE CUSTOMER AND PROSPECT PRIVACY POLICY

 

This privacy policy has been drafted on: 28.9.2017.

This privacy policy has been modified latest on: 8.12.2023.

 

1. CONTROLLER

 

ICARE FINLAND OY (Business ID 1084502-3) (“iCare”)

Address: Äyritie 22, 01510 VANTAA, Finland

telephone: +358 9 8775 1150

email: [email protected]

The contact details may be amended from time to time and you can find current details in this privacy policy. This policy is always available at our website.

 

2. NAME OF REGISTER

 

  • Name of the register is iCare’s customer and prospect register.
  • This policy applies to the processing of personal data of persons who are employees or other representatives of A) iCare’s or B) CenterVue S.p.A.’s (“CV”) 1) customers, 2) prospective customers or 3) cooperation partners relating to customer relationships and prospective customer relationships.
  • The provision of personal data is In case you do not provide the data that is marked as obligatory when the data is requested, iCare is not able to provide you and the company you represent with the requested products and/or services or cooperate with the customer or prospective customer or the cooperation partner as intended.

 

3. PURPOSES FOR DATA PROCESSING AND LEGAL BASIS FOR PROCESSING

 

The personal data collected is used for the following purposes and based on the indicated legal basis:

(a) marketing of iCare’s or CV’s products and services; direct marketing and newsletters as allowed by law
a. legal basis for processing is iCare’s legitimate interest except when consent is required by law

(b) development of iCare’s or CV’s products and services
a. legal basis for processing is iCare’s legitimate interest and consent

(c) preventing criminal activities such as fraud
a. legal basis is iCare’s legitimate interest and the applicable law

(d) execution of a contract between 1) customers, 2) prospective customers or 3) cooperation partners relating to customer relationships and prospective customer relationships) or the fulfilment of pre-contractual commitments and fulfilment of commitment after expiry or termination of such contract
a. legal basis is 1) execution of a contract or 2) that processing is necessary for the purposes of the legitimate interests of iCare      or 3) applicable law

(e) use of iCare’s contractual rights
a. legal basis is the relevant contract

(f) taking care of regulated personal data obligations of iCare
a. legal basis is that the processing is necessary for compliance with legal obligations of iCare

(g) in order to provide a product and/or service to the customer, as ordered by the customer
a. legal basis is the relevant contract and iCare’s legitimate interest.

Where the processing is based on consent the data subject has the right to withdraw consent for the processing. To withdraw consent, please contact [email protected].

The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.

 

4. CONTENT OF REGISTER

 

  • data subject’s first name(s) and last name;
  • name of company or other organization that the data subject is in relation to and email address and postal address information of the same;
  • data subject’s title and position in the company;
  • data subject’s email address;
  • data subject’s telephone number;
  • information on products and services that the company or organization, that is in relation to the data subject, is interested in purchasing from iCare or CV;
  • information on products and services that the company or organization, that is in relation to the data subject, has purchased from iCare or CV;
  • log information on iCare electronic resources where above data is processed (IP addresses, cookies, pixels)

 

5. REGULAR SOURCES OF PERSONAL DATA

 

  • enquiry from the data subject, including but not limited to data submitted by the data subject via internet;
  • publicly available sources (such as from the company or organization’s website or industry association website where the data subject’s information is available and conference participation information);
  • data from iCare’s contracting partners such as distributors, cooperation partners, agents and representatives)
  • iCare’s affiliates: CV, iCare USA Inc, iCare World Australia Pty Ltd

 

6. REGULAR TRANSFEREES OF DATA

 

The personal data is transferred to following third parties for the following purposes:

  • iCare’s distributors and agents and sales representatives in order to market and sell iCare’s products and services to customers;
  • iCare’s affiliates: CV, iCare USA Inc, iCare World Australia Pty Ltd for all the purposes as stipulated in section 3 above.
  • iCare may transfer personal data to ICT and other service provider companies that process personal data for the purpose of providing services to iCare for iCare to be able to perform its business activities. The current processors are as follows: Cloudlife Oy; Hubspot Inc.; Microsoft Corporation; and Sales Communications Oy.

 

7. TRANSFER TO COUNTRIES OUTSIDE EU / EEA

 

iCare transfers personal data to the following countries outside the European Economic Area (EEA) and European Union (EU): (i) the USA; (ii) Australia; (iii) China and (iv) APAC region).

iCare’s ICT service providers and other processors may transfer personal data to the following countries outside the EU:

Hubspot Inc.: The United States, Australia, Singapore, Japan, Colombia, United Kingdom, Canada.

Microsoft Corp.: The United States, Serbia, Israel, India, China, Australia, Brazil, Canada, Chile, India, Israel, Japan, Republic of Korea, Malaysia, Mexico, Qatar, Singapore, South Africa, Taiwan, United Arab Emirates, United Kingdom.

The basis of a transfer outside the EU area is European Commission’s adequacy decision, EU-US Data Privacy Framework or the European Commissions’ Standard Contractual Clauses for the transfer of personal data to processors established in third countries, alternative data export mechanisms for lawful transfer of personal data (as recognized under EU data protection laws) or other legal basis. The contract text is available on the internet at the address:

https://commission.europa.eu/publications/standard-contractual-clauses-international-transfers_en

In addition to the transfer mechanism provided by law, additional safeguards shall be applied to transfer as required by law.

 

8. METHODS HOW PERSONAL DATA IS SECURED

 

The personal data is secured by using, for example, the following methods and principles:

(a) locks at iCare’s and its subcontractors’ premises;

(b) electrical surveillance systems of iCare’s and its subcontractors’ premises and equipment;

(c) Conditional access policies requiring company-managed device, digital identity and multi-factor authentication. Access to any device (computers, mobile phones) is granted only based on such policies.

(d) firewall, anti-malware and spam filtering systems of iCare’s and its subcontractors’ communication networks and other software and hardware that protect the security of communication networks;

(e) mandatorily required high quality passwords;

(f) personal user rights that can be traced in systems;

(g) limited number of superusers;

(h) professional knowledge of iCare’s personnel;

(i) training of iCare’s personnel;

(j) the content of the register is in electronic form except for
temporary special occasions; and

(k) iCare’s policies and guidelines relating to personal data matters.

 

9.  RETENTION PERIODS OF PERSONAL DATA

 

The personal data will be stored during the time period for which is necessary in relation to the purposes for which they are processed.

Personal data of the representatives of contracting parties is stored until contract is expired and terminated and all cooperation is seized between the parties, and thereafter until the debt relationship and liabilities directly relating to the personal data have expired.

iCare may store personal data for as long as it is needed for the establishment, exercise or defence of its legal claims.

iCare may store personal data as long as the relevant norms of law permit.

 

10. RIGHTS OF DATA SUBJECTS

 

RIGHT OF ACCESS

 

You, the data subject, have the right to get information on which data on you is being processed or information that no such data is being processed.

Where such personal data are being processed, iCare shall provide the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data are to be or have been disclosed, in particular to recipient in Third Countries;
  • the period for which the personal data will be stored;
  • the existence of the right to request from iCare rectification or erasure of your personal data or to object to the processing of such personal data;
  • the right to lodge a complaint to the supervisory authority and the contact details of the supervisory authority;
  • communication of the personal data undergoing processing and of any available information as to their source;
  • the significance and envisaged consequences of such processing, at least in the case of measures which produce legal effects concerning you or significantly affects you and which are based solely on automated processing intended to evaluate certain personal aspects relating to you or to analyse or predict in particular your performance at work, economic situation, location, health, personal preferences, reliability or behaviour; and
  • information on the regular sources of personal data.

Where you make the request in electronic form, the information shall be provided in electronic form, unless otherwise requested by you.

iCare shall provide a copy of your personal data undergoing processing. For any further copies requested by you, iCare may charge a reasonable fee based on administrative costs.

 

RIGHT TO RECTIFICATION AND RIGHT TO LODGE COMPLAINT TO SUPERVISORY AUTHORITY

 

iCare shall, at your request, without undue delay correct, erase or supplement personal data contained in its personal data register if the data is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing, including by way of supplementing a corrective statement.

If iCare refuses your request of the correction of the data, iCare will give you a written certificate regarding this. The certificate will also include the reasons for the refusal. In such event, you may bring the matter to be handled by the Data Protection Ombudsman.

You have the right to lodge a complaint to the supervisory authority. The contact details of the supervisory authority: www.tietosuoja.fi

 

RIGHT TO PROHIBIT PROCESSING

 

You have the right to prohibit iCare to process your personal data for purposes of direct advertising, distance selling, other direct marketing, market research, opinion polls, catalogue on persons or genealogical research.

You have the right not to be subject to a measure which produces legal effects concerning you or significantly affects you, and which is based solely on automated processing intended to evaluate certain personal aspects relating to you or to analyse or predict in particular your performance at work, economic situation, location, health, personal preferences, reliability or behaviour.

You have the right to object, on grounds relating to your particular situation, to the processing of personal data which is based on either of the following grounds for processing: (i) when processing has been found necessary for the purposes of the legitimate interests of iCare or (ii) when processing has been found necessary in order to protect your vital interests. You however do not have the right to object, if iCare demonstrates compelling legitimate grounds for the processing which override your interests or fundamental rights and freedoms.

 

RIGHT TO WITHDRAW CONSENT

 

Where the processing of your personal data is based on your consent you have the right to withdraw your consent for the processing.

You have the right to object to the processing of your personal data for direct marketing purposes. You can prevent the sending of direct marketing by clicking the adjacent link unsubscribe from marketing communications.

 

RIGHT TO BE FORGOTTEN AND RIGHT TO ERASURE

 

You have the right to obtain from iCare the erasure of personal data relating to you and the abstention from further dissemination of such data, where one of the following grounds applies:

  • the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw the consent on which the processing is based, or when the storage period consented to has expired, and where there is no other legal ground for the processing of the data;
  • you object to the processing of personal data pursuant to Section 10 of this policy; or
  • the processing of the data does not comply with lawful requirements for other reasons.

Instead of erasure, iCare shall restrict processing of personal data where:

  • their accuracy is contested by you, for a period enabling iCare to verify the accuracy of the data;
  • iCare no longer needs the personal data for the accomplishment of its task but they have to be maintained for purposes of proof; or
  • the processing is unlawful and you oppose their erasure and request the restriction of their use instead.

In cases of restriction of processing of personal data in cases defined above, the personal data may, with the exception of storage, only be processed for purposes of proof, or with your consent, or for the protection of the rights of another natural or legal person or for an objective of public interest.

Welcome to learn more about iCare’s unique technology for self-monitoring of intraocular pressure

Select your country or region to continue

 

If your country is not listed here or you are a healthcare professional, please go to the global website

Global site