Data file name
Customer data file
Based on Sections 10 and 24 of the Personal Data Act (523/1999).
Line of business:
Description of the line of business
HyTest Ltd. offers solutions for assay development and research applications by providing high-quality immunological reagents in such areas as cardiac markers, markers of metabolic syndrome, infectious, neuroscience, autoimmune disease and veterinary reagents.
Queries related to the registry
Email address and details on where to send the rectification requests.
Queries related to registry can be sent via email to: email@example.com
Controller’s line of business
HyTest Ltd’s line of business is IVD raw materials producer.
Data file used in the operations
HyTest Ltd. customer data file contains the contact data of the company’s customers and also potential customers. The customers are private, public or third sector organizations. The data subjects are employees or responsible persons of these companies.
Purpose of the processing of personal data
The data is processed for providing the agreed products and services to the customer, invoicing, managing and improving the customer relationship. The data is also used for statistical purposes.
The data is also used for advertising, marketing, direct marketing and targeting marketing content to customers. However, identification data in communications is only used with the customer’s consent. The customer has the right to prohibit direct marketing targeted to them.
Furthermore, the controller uses the data file for ensuring the data subjects’ right to be informed and the right to inspect their own data.
HyTest Ltd. reserves the right to remove any data it deems unnecessary from the data file.
Data content of the data file
First name and surname
Name and business ID of company
Contact telephone number
Contact email address
Direct marketing prohibitions and consents
Customer history (e.g. communication with the customer)
Title of the contact person
Service contract details
Details concerning invoicing and collection
Description of the category of data subjects and the data categories in the data file
The data file only includes data and contact details of persons who are current or potential customers of HyTest Ltd.
Disclosure of data
No data from the data file is disclosed to outsiders.
Description of the principles of protecting the data file and access monitoring
The data file is maintained at the controller’s facilities with appropriate security and access control systems. The prevention of misuse and intrusion attempts is implemented with technical and application solutions of various levels. The data banks are backed up appropriately.
All login events can be verified with a personal user name and password.
HyTest Ltd employees have a restricted right to process the data in the data file. The processing rights are limited to service maintenance and administrative tasks.
Rights of the data subject
Each data subject has the right to inspect the data concerning them in the register. The related request must be submitted in writing to the person responsible for the data file.
The data subjects are informed of the processing of data by making this privacy notice available at the company’s premises and on its website.
The controller shall, at its own initiative or at the request of a data subject or the data subject’s employer, erase, rectify or complete any inaccurate, unnecessary, incomplete or outdated data without undue delay. The related request must be submitted in writing to the person responsible for the data file.
With regard to the rectification, completion or erasure of data, an essential aspect is the purpose of using the data, which is managing the customer relationship.
The data subject has the right to prohibit the processing of their data for the purposes of direct marketing, profiling, distance selling and marketing and opinion research. The related request must be submitted in writing to the person responsible for the data file.
Disclosure of data outside the EU and EEA
No data is disclosed from the data file.
In case any data is transferred outside the European Union or the European Economic Area, the transfer requires that the destination country ensures an adequate level of data protection or the controller provides, with contractual clauses or by other means, sufficient guarantees to protect the privacy and rights of individuals or the data subject has given their explicit consent to the transfer.
Sources of data
Data subjects: contact details
Employers of data subjects: details on companies’ responsible persons