Data Protection Record of the Customer and User Data Filing System of Suomen Lääkevarmennus Oy (Finnish Medicine Verification Organisation (FiMVO) Ltd.) 

General

Suomen Lääkevarmennus Oy (Finnish Medicine Verification Organisation (FiMVO) Ltd.) (hereinafter also referred to as “Company” or “We”) is committed to ensure the confidentiality and data protection of personal data at its possession.

This data protection record is applied to personal data that we collect in relation to our customer and user data filing system (hereinafter also referred to as “Data Filing System”). The personal data and related processing are described in this data protection record. Additional information regarding the processing of personal data in the Data Filing System is provided by our contact person Maija Gohlke, info@fimvo.fi.

This data protection record may be updated from time to time, for example due to changes in applicable legislation. We endeavour to carry out reasonable means to inform you of any possible changes and their effects in due time beforehand. Therefore, we advise you to review this data protection record always after becoming aware of changes regarding the data protection record. This data protection record was last updated on 23 April 2024.

Data Controller

Name: Suomen Lääkevarmennus Oy (Finnish Medicine Verification Organisation (FiMVO) Ltd.)
Address: c/o Lääketeollisuus ry
Itämerentori 2
FI-00180 Helsinki 
Tel: +358 9 6150 4912
Business ID: 2801478-9

Whose Personal Data Do We Collect?

We process the personal data of customers and contact persons of user organisations of the pharmacovigilance system operated by our Company (hereinafter also referred to as “You”) in the Data Filing System. 

What Categories of Personal Data Do We Process? 

We process the following personal data of You in the Data Filing System:

  • Your name;
  • Your telephone number and email address; and
  • the company You are representing and Your position in the company.
     

Which Sources Do We Use to Collect Personal Data? 

Personal data are collected primarily from the data subjects himself/herself and from the customer contracts between the company You are representing and our Company.

Basis for, Purposes, and Impacts of Processing Your Personal Data


The basis for processing Your personal data is our legitimate interest based on our purposes of use determined below.

The purpose of the processing of Your personal data is the management and maintenance of our customer relationships. By processing Your personal data we are able to provide better services for You. The processing of Your personal data will have no other impact on You.

We do not further process Your personal data for other purposes than those described in this data protection record.

Regular Disclosures and Transfers of Your Personal Data to Third Parties 

Your personal data may be transferred to our business partners and subcontractors. Currently our business partners are Solidsoft Reply Ltd, Visma and Microsoft. 

Our business partners and subcontractors may process Your personal data only for measures relating to the maintenance or management of the customer relationship carried out on our behalf. We always ensure that our partners do not process the personal data transferred to them for any other purposes.

We may also be required to share Your personal data with competent authorities in accordance with data protection legislation.

Transfers of Your Personal Data Outside the EU or European Economic Area 

The subcontractor we use to process Your personal data, Visma, may transfer Your personal data to its own subcontractors located outside the European Union or the European Economic Area. Additionally, our subcontractor Solidsoft Reply Ltd and its subcontractors may transfer and process Your personal data outside the European Union or the European Economic Area. The transfer is subject to a decision by the European Commission that the recipient country in question ensures an adequate level of data protection or the conclusion of standard contractual clauses approved by the European Commission.

Principles for the Retention of Your Personal Data


Your personal data shall be retained in the Data Filing System for as long as the customer relationship exists. After the termination of the customer relationship Your personal data shall be retained for a maximum of one year following the termination of the customer relationship. 

Please note that Your personal data may be retained for a longer period of time if applicable legislation or our binding contractual obligations towards third parties require a longer retention period

Rights of a Data Subject in Relation to the Processing of Personal Data

  • As a data subject You have the right to, according to applicable data protection legislation, at any time:
    be informed about the processing of Your personal data;
  • obtain access to data relating to You and review Your personal data we process; 
  • require rectification and completion or erasure of inaccurate and incorrect personal data;
  • request the deletion of Your personal data;
  • object to the processing of Your personal data on grounds relating to Your particular situation in so far as the processing of Your personal data is based on our legitimate interest;
  • receive Your personal data in a machine-readable format and transmit those data to another controller (provided that You have delivered us such data Yourself, we process such personal data based on an agreement or Your consent and the processing of personal data is carried out by automated means); and 
    obtain a restriction of processing of Your personal data. 

You should present Your request for exercising any of the aforementioned rights in the manner described in the ‘Contacts’ Section of this data protection record. We may ask You to specify Your request in writing and to verify Your identity before processing the request. We may refuse to fulfil Your request on grounds set out in applicable data protection legislation.

You also have the right to lodge a complaint with the supervisory authority concerned or with the supervisory authority of the EU member state of Your habitual residence or place of work if You consider that we have not processed Your personal data in accordance with applicable data protection legislation.


Principles of Data Security  


We respect the confidentiality of Your personal data. Tangible material containing personal data shall be kept under lock and key in a space to which only separately appointed persons have access. Personal data processed digitally are protected and stored in our information system accessible to persons on a need-to-know basis only. Such persons have personal user credentials and passwords.

Personal data transmitted outside our Company shall be encrypted.


Contacts


All requests concerning the use of the rights mentioned above, questions about this data protection record and other contacts should be made by e-mail to Maija Gohlke to the address info@fimvo.fi. You may also contact us in person in our offices or in writing:

Suomen Lääkevarmennus Oy (Finnish Medicine Verification Organisation (FiMVO) Ltd.) 
Maija Gohlke
P.O. Box 206 (Itämerentori 2)
FI-00181 Helsinki