Oriola Privacy Policy
This Oriola Privacy Policy tells you how we collect, use, disclose and in other ways process your personal data. Here, we also explain your rights, how to contact us and how we safeguard your data.
This Privacy Policy applies to all the personal data we process about you when you give us your personal data to be processed, place an order or use our services, visit our online services or otherwise interact with us. We process personal data in accordance with the provisions of the European Union General Data Protection Regulation (“GDPR”) and other applicable data protection legislation.
You can find more information about the processing of your personal data under each topic below. Please click the relevant section below for more information.
You can also read our Cookie policy here and manage your cookie settings here.
Your privacy is important to us
Data Controller
Oriola Oyj
Business ID: 1999215-0
Address: Orionintie 5 02200 ESPOO, FINLAND
P.O. Box 8, FI-02101 ESPOO, FINLAND
Data Protection Officer
If you don’t find what you’re looking for in this policy, you may contact the Oriola Corporation Data Protection Officer: GDPR-DPO@oriola.com or Oriola Data Protection Officer, P.O. Box 8, FI-02101 ESPOO, FINLAND.
How to use your rights
You will always receive a confirmation of the action we have taken on your request (for example, confirmation of deletion). We will let you know if we cannot fulfil a request you have made, and the reasons behind such decision. Making a personal data request is free of charge once every six (6) months. For additional requests during this time frame, we may charge a reasonable fee to cover the administrative costs involved. We reserve the right to reject requests that are unreasonably repetitive, excessive, or clearly unfounded.
Right to access
You have the right to access and be informed about the personal data we process about you. You can view some data directly in our digital channels, and you may request a copy of your personal data from our Data Protection Officer: GDPR-DPO@oriola.com or Oriola Data Protection Officer, P.O. Box 8, FI-02101 ESPOO, FINLAND. We will provide you with it unless we have lawful reasons not to share this data or if sharing the data would adversely affect the rights and freedoms of others.
Right to correction
You have the right to rectify or update inaccurate or incomplete personal data we have about you. You can update some of your personal data through our digital channels, and you have the right to request a correction of your contact details or other personal data by contacting us.
Right to erasure
You may ask us to delete your personal data, and we will erase such data without undue delay, unless we have a lawful reason to continue processing the data, such as for delivering the requested services or if there is a legal requirement or lawful right for us to retain personal data.
Right to restrict and to object
You may ask us to restrict the processing of your personal data, for example when your request to correct or remove your data is pending, or if you have objected to the processing of your personal data and the clarification of the grounds for such processing is pending.
You have the right, at any time, to prohibit us from using your personal data for direct marketing purposes, which includes profiling related to such direct marketing. You can unsubscribe from marketing communication via the “unsubscribe” link or by other means included in each marketing message.
Right to withdraw your consent
You have the right to change your mind and withdraw any consent you have previously given to us. If you are a Oriola Consent Wallet account holder, you can withdraw your consent in your Consent Wallet account profile.
Right to data portability
You have the right to receive the personal data you have given to us in a structured and commonly used electronic format, and to independently transmit those data to a third party.
Lodging a complaint
If you feel we have not handled your personal data correctly, you can contact the data protection supervisory authority and lodge a formal complaint.
How we protect your data
Oriola takes appropriate technical and organisational measures to ensure the security of your personal data and protect it against loss or unlawful use. Access to your personal data is restricted on a need-to-know basis and by access controls, and the processing of personal data is logged. Our IT environment is appropriately protected and monitored, with regular updates, testing, validation and assessment to ensure ongoing security. Our personnel are continuously trained to comply with applicable data protection legislation as well as the applicable Standard Operational Procedures (SOP) and instructions.
International data transfers
Your personal data may be transferred and processed outside of your home country and outside of the European Economic Area. The laws of these countries may not afford the same level of protection to your personal data.
In these cases, we have taken steps to ensure that appropriate and suitable safeguards are in place in order to comply with the requirements for international transfers of personal data under applicable law, such as using the European Union Commission Standard Contractual Clauses as a safeguard for the transfer of personal data outside the European Economic Area.
If something should go wrong
We do our best to keep your data secure. If, however, there was a personal data breach that should endanger your privacy, we will inform you in accordance with the data protection legislation.
Your actions matter as well
To protect your own privacy, please avoid sharing your personal data, such as login information with others or on social media. Please avoid sending copies of your identification documents or sensitive personal data to us by unsecured email; instead, use web forms or order portals provided by Oriola.
Customer and service data
Customer contact data
We collect and process basic contact information, such as
- name
- email address
- telephone number
- address
- billing address
Communication data
We may collect and process your communication with us. This can include customer service phone call recordings, chat history, emails, SMS messages and social media posts (controllership of social media data may rest jointly with the social media platform provider). We may also process your information in connection with satisfaction surveys and feedback forms. We may process your direct marketing-related consents and opt-outs (unsubscriptions).
Data collected in our digital touchpoints
When you log into or navigate our digital services, we will process your login details, service usage and certain information about devices and connections of users, such as IP address.
Special categories of personal data
In some of our services we may collect special categories of personal data such as information about your health data given by your consent.
In connection with your special service requests, we may need to process this type of information, for example in medical studies and patient support programs. We will process your sensitive personal data with additional safeguards, such as de-centralizing personal identifiers from sensitive data.
Based on our contract with you
Providing our services
To create an order, we need the personal information of contact persons.
To provide services to you, your data will be processed in our ERP and distribution systems at our warehouses.
In order to help you with any questions, collect your feedback, handle your complaints or claims we use your personal data as necessary. We may also use your data to provide you with better service in disruption situations.
We may save your information, contacts and content of contacts in a customer account to be able to provide relevant customer service. This information may also be used to identify the customer when getting in touch with us. To keep you informed about possible service disruptions in our services, we will need to reach out to you using your contact details and process your contact details.
Based on our legitimate interest
Communication and engagement
We may process your personal data to send you service-related informational communications related to services you have ordered or registered for.
We may engage with you to voluntarily participate in developing our services. If you have participated in a survey, the results are used for analytics and can also be combined with other data in our database for customer experience improvement purposes. You may be contacted after the survey for providing additional information. We may also contact a selected or limited group of persons or customers to participate in testing our new products and services.
When processing personal data, we rely on our legitimate interest in maintaining business relationships and communicating with you about our operations and our events.
Digital touchpoints
Personal data, such as login details and site usage logs, are processed in connection with providing you services in our digital touchpoints, to ensure your identity, to identify you across the different touchpoints and to record usage. Functional cookies are employed to collect data from sessions to ensure the functioning of our online services. For more information on how we use cookies, please see our Oriola cookie policy.
Personalisation of services
Aiming to continuously improve the customer experience and to make our offering more relevant to you, we may offer personalised service and content based on an individual transaction, for example offering services related to your customer role. We may also perform customer segmentation, for instance for offering personalised advertisement and retail products relevant to the customer through our digital touchpoints. We may also obtain other information from the individual transactions, such as the web shop order.
By identifying the customer and customer engagement history, we can identify previous communications, purchased services and other information. Accordingly, we can recognise the specific customer needs and pay special attention to certain elements of the customer experience and interactions. To identify the customer and create one unique customer profile, multiple records need to be linked, both for the same and across different transactions.
Background processes
As part of running our business, we may process personal data when carrying out certain background processes. For distribution other orders, we need to make sure orders are created and processing is done in compliance with Gxp, relevant laws and Oriola Standard Operational Procedures. These processes cover, for example, monitoring of fraudulent activities, such as credit card theft, false bookings, fraudulent claims, and auditing of fares and taxes.
For developing and improving our services further and to analyze our business performance, we follow traffic flows, commercial and operational performance and related customer behaviours. Transactional data is used in operational situations to determine, for example, how many people will be upgraded or offloaded.
Based on your consent
Expert services
If you have enrolled in our expert services, we will process the data provided during your registration or from other registers with your consent in order to provide the requested service.
Direct marketing
If you have given us your consent, we will send you direct marketing messages. For instance, if you have subscribed to our Oriola newsletter or other direct marketing material, your contact details will be processed to send you the requested messages. Customers have the right to unsubscribe or opt out of receiving marketing messages at any point.
We may also send you direct marketing related to Oriola services based on applicable legislation on privacy in electronic communications, if you are an existing Oriola customer or a representative of our supplier, partner or subcontractor and have not unsubscribed (opted out) from receiving direct marketing.
Digital touchpoints
In addition to enabling our online services, we use cookies for collecting personal data for the purposes of providing service analytics, personalisation and advertising based on your consent. For more information on how we use cookies, please see our cookie policy.
Processes including special categories of personal data
If the processing of your health-related data is necessary, explicit consent will be requested from you. You may be asked to provide additional information, such as a medication you use. Once consent has been received, the data will be processed, for example, by patient support, Real World Data studies, only to the extent necessary. Based on your consent, we may also process data obtained e.g. from healthcare providers and national registers, if this is necessary for the service offered to you.
Keeping required records
Based on accounting legislation, we are required to store our transactions and other accounting material for the time period defined by the law.
Storage period
We keep your personal data only for as long as necessary for us to fulfil the purpose for which it was collected, or in so far as data storage is necessary for compliance with legal obligations and for solving potential claims or disputes.
Sources of data
We receive your data directly from you when you purchase our products or register our services in one of our channels, when you make an order at service.oriola.com or at when you sign up for our Patient Support programs.
We automatically collect personal data when you use our digital touchpoints or certain services.
We may get information from the authorities or third parties. We might also get your data from other partners, such as partners who are involved in realising the distribution services or our other services, for example Oriola Corporation subsidiaries.
Sharing your data
We may share your personal data with Oriola Corporation companies and other third parties for the following purposes:
For Oriola Corporation internal purposes
We may share personal data collected with the help of cookies on Oriola’s digital services to members of the Oriola Corporation.