Privacy Statement

Orion Corporation

 

Updated: April 19th, 2018

 

At Orion Corporation (“Orion”), we know you care about your personal privacy and about the terms and conditions that govern how we collect, use, disclose, transfer, and store your information. Because we are dedicated to serving your needs and respecting your preferences, we have adopted the policies and practices described in this Orion Corporation Privacy Statement. To read about Orion Corporation’s processing of personal data in relation to patient safety reporting, please see the Orion Corporation Patient Safety Reporting Privacy Statement. Our Privacy Statement is located on our homepage and is also available on webpages where personal data are requested.

 

Collection and Use of Personal Data

Personal data is data on individuals that can be used to identify or contact the person. When you are using Orion websites, social media channels, services, downloading applications, or interacting with Orion by other means, you may be asked to provide your personal data, such as your name, mailing address, phone number and email address. The data may be used for the following purposes, as applicable for each website, social media channel, service, application, or other context:

 

PURPOSES AND LAWFULNESS OF PROCESSING

Orion Websites for Product Feedback and Inquiries

The data may be used for the following purposes:

- to process feedback from customers relating to Orion’s websites, products and services;

- to develop and ensure quality of Orion’s services and products;

- to process notices regarding product quality or origin (please find further information on quality and safety related data processing in Orion’s Patient Safety Reporting Privacy Statement);

- when the processing is necessary for compliance with a legal obligation to which Orion is subject; and

- to detect and prevent fraud or misuse.

The legal basis for the processing of your personal data in relation to product quality is compliance with Orion’s legal obligations, and when answering your feedback or product related or other questions, the processing is based on the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests. 

 

Campaigns and other Interactions with Customers

The data may be used for the following purposes:

- If you participate in sweepstakes, contests or similar promotional activities, the data will be used to administer such activities and to deliver the rewards;

- Marketing of products and services, delivery of newsletters, direct marketing and electronic direct marketing based on the consent of the data subject and otherwise as permitted by law;

- Market research and product testing;

- Development of customer service and products, personalization of offered services and marketing;

- Implementation of direct marketing opt-outs in accordance with applicable data protection legislation; 

- Processing of feedback and other correspondence with the data subject;

- the data can be compared, segmented and analyzed and the user may be profiled, in order to provide the user with useful information, offers or recommendations by means of direct marketing regarding Orion’s own or its business partners’ products and services based on the consent of the data subject and to provide the user with other personalized content. Such business partners may include carefully selected pharmaceutical, healthcare and medtech companies. While the user may be profiled, Orion shall not make decisions which are based solely on profiling and have legal or otherwise significant effects on the user;

- To detect and correct technical problems and information security problems; and

- To send notices about changes of our terms of use or policies.

The legal basis of processing of the personal data is the consent of the user. We may also process your data based on the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.

 

Services and Mobile Applications

The data may be used for the following purposes:

- Communication with the users of the service, such as to guide the users in the usage of the service;

- As is necessary to operate and run the service according to the terms of use of the service;

- According to the terms of use of the service, to monitor, use, operate, publicly display, publish, reproduce, amend, modify, further develop, distribute and transfer the content (for example texts, comments or photographs) submitted by the users to the service, for the purposes of the service and in the marketing and publicity activities within and outside the service);

- The data can be compared, segmented and analyzed and the user may be profiled, in order to provide the user with useful information, offers or recommendations by means of direct marketing regarding Orion’s own or its business partners’ products based on the consent of the data subject and to provide the user with other personalized content. Such business partners may include carefully selected pharmaceutical, healthcare and medtech companies. While the user may be profiled, Orion shall not make decisions which are based solely on profiling and have legal or otherwise significant effects on the user;

- Marketing of products and services, direct marketing and newsletters based on the consent of the user and otherwise as permitted by law;

- For the performance of a possible contract with the user or in order to take steps at the request of the user prior to entering into the contract;

- To detect and correct technical problems and information security problems;

- To send notices about changes of our terms of use or policies;

- When the processing is necessary for compliance with a legal obligation to which Orion is subject; and

- To detect and prevent fraud or misuse.

The legal basis of processing of the personal data is the consent of the user or performance of a contract with the user, or steps taken at the request of the user prior to entering into a contract with him or her. We may also process your data based on the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.

 

Social Media Channels

The data may be used for the following purposes:

- Communication with the users of the social media site, such as to guide the users in the usage of the site and answering their questions;

- If you participate in sweepstakes, contests or similar promotional activities, the data will be used to administer such activities and to deliver the rewards;

- the data can be compared, segmented and analyzed and the user may be profiled, in order to provide the user with useful information, offers or recommendations by means of direct marketing regarding Orion’s own or its business partners’ products and services and to provide the user with other personalized content. Such business partners may include carefully selected pharmaceutical, healthcare and medtech companies. While the user may be profiled, Orion shall not make decisions which are based solely on profiling and have legal or otherwise significant effects on the user;

- marketing of products and services, market research and product testing, electronic direct marketing and newsletters based on the consent of the user and otherwise as permitted by law;

- to detect and correct technical problems and information security problems; and

- to detect and prevent fraud or misuse.

The legal basis of processing of the personal data is the consent of the person or the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.

 

Legitimate Interests

We may process your personal information for our legitimate business interests, e.g. fraud prevention/direct marketing/network and information systems security/data analytics/enhancing, modifying or improving our services/identifying usage trends/determining the effectiveness of promotional campaigns and advertising.

“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service or products and the best and most secure experience on our websites, services or applications. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you.

 

Personal Data We Collect

Orion collects personal data for the above-mentioned purposes. Personal data being collected concerns Orion’s customers and website visitors. Some of the data is collected directly from you when you use Orion websites, social media channels, applications or services. You have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary to provide an application or a feature in an application, you may not be able to use that application or feature.

Data may also be collected by Orion’s subcontractors to the extent required to operate, run and maintain the services or to perform other tasks (such as direct advertising) on Orion’s behalf related to the services. The subcontractors may be e.g. ICT-service providers, advertising partners and Orion’s group companies and third parties performing comparison, segmenting, analysis and profiling services on Orion’s behalf.

The data we collect depends on the context of your interactions with Orion, the choices you make, including your privacy settings, and the applications and features you use. The data we collect may include the following:   

- user’s/customer’s first name(s) and last name;

- user’s/customer’s email address;

- user’s/customer’s telephone number;

- browser mark and type;

- operating system and display resolution of the user’s device;

- key user interface actions

- application software version

- user name and password of the user’s user account;

- information on newsletter subscriptions of the user/customer;

- information on the times of use of different parts of the service, and on the intervals, times and duration of use;

- location information of the user of a service based on the user’s consent; and

- if the user has logged in by using a third party service (such as Facebook), the data received from such third party. Please see the list of these third parties as updated from time to time in section “Third Party Sites and Services”. The user is instructed to review the third party privacy terms. At the moment of the last update of this Privacy Statement, the information received from Facebook is:

(a) id

(b) name

(c) first name

(d) last name

(e) age range

(f) link

(g) gender

(h) locale (geographical indication)

(i) picture

(j) timezone

(k) updated time

(l) verified

(m) email

(n) user’s friends.

 

Traffic Data

For purposes of certain services offered by Orion, Traffic Data is collected. “Traffic Data” means the information identifiable to the user of certain of Orion’s services and which are processed in certain services and communication networks in order to transfer, share or offer messages. The Traffic Data is processed in the following circumstances and in other circumstances allowed by law.

(i) The Traffic Data is processed to the extent required for the provision and usage of services and taking care of information security. For this purpose, the following types of Traffic Data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.

(ii) The Traffic Data is processed for technical development of the service. For this purpose the following types of Traffic Data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.

(iii) The Traffic Data is processed automatically for statistical analysis, because otherwise the analysis cannot be conducted without unreasonable effort. An individual person cannot be identified based on this analysis data.

(iv) The Traffic Data is processed in order to solve unauthorized use of the fee-based services, communication network or communication services forming part of the service.

(v) The Traffic Data is processed, if it is necessary to detect, prevent or correct a technical error or fault occurred in the transmission of communications.

 

Disclosure to Third Parties

Data can be transferred or disclosed to following third parties for the following purposes:

- Orion can provide the data to Orion’s subcontractors, who process the data on Orion’s behalf for the purposes set out under section “Collection and Use of Personal Data”; these subcontractors may include media and marketing companies and IT companies helping Orion to develop its marketing technicques enabling Orion to provide its customers with targeted marketing;

- if you have logged in to Orion’s service by using a third party service (such as Facebook), the data automatically collected by the third party technology can be disclosed to such third party automatically. E.g. Facebook “likes” on a given service can be visible on Facebook according to its privacy policy. You are instructed to review the third party privacy terms. Please see the list of these third parties as updated from time to time under section “Third Party Sites and Services”;

- personal data can be disclosed if it is necessary to comply with laws and regulations or to enforce Orion’s legitimate interests, such as to detect, defend against or repair fraud, misuse or security problems;

- If ownership or control of Orion or all or any part of our products, services or assets changes, we may disclose your personal data to any new owner, successor or assignee.

 

Where We Store and Process Personal Data

The personal data collected may be processed in your country of residence or transferred to another country where Orion, its affiliates, subcontractors or other recipients of personal data are located, both inside and outside the European Economic Area (EEA). This means that your personal data may be processed or stored in a country that has less stringent data protection standards than those of the European Union. We will ensure that your personal data will be treated in accordance with this Privacy Statement at all times even if it is being transferred outside the EEA. The personal data transferred outside the EEA is protected by the adequacy decision made by the EU Commission or by appropriate contractual arrangements (either by the signing of the Standard Contractual Clauses by the controller and the recipient(s) or by the recipient’s self-certification under the EU – US Privacy Shield). For more information, please contact Orion.

 

Protection of Personal Data

To help protect the privacy of personal data, we maintain physical, technical and administrative safeguards, such as locks, electrical surveillance systems, firewall, anti-malware and spam filtering systems, etc. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information for performing their work. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of the personal data.

 

Retention of Personal Data

We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. For example, when answering your questions submitted on our webpages, we will retain your information until we have processed your question and answered to you. If you enter into one of our campaign contests, we will retain your information until the contest has been finalized and the possible awards have been delivered. If you have downloaded Orion’s application, we will retain your information as long as you have an active user account.  

 

Location-Based Services

To provide location-based services, Orion may collect data on your location, which can be either precise or imprecise. Location data may be derived from available GPS, Bluetooth or IP address as well as by identifying nearby cell towers and Wi-Fi hotspots, and by using other available technologies determining your device’s approximate location.

Unless you provide consent, this location data is collected anonymously in a form that does not personally identify you.

 

Third-Party Sites and Services

Orion’s websites, social media channels, applications and services may include links to third party websites. Orion is not liable for processing of personal data on those websites.

Some parts of certain services may require specific terms for processing of personal data. You are informed of those third party terms and your consent is asked in connection with your use of such parts.

By allowing the creation of a user account and login by using the third party service, Orion does not assume liability for the third party service or any aspect of the same. List of third parties whose service is accepted by Orion for the creation of a user account and login:

- Facebook

 

Personal Data of Children

Protecting the privacy of children is important. Orion does not intend to collect, process or use on our website any information relating to an individual whom we know to be under 18 years old without permission of the child’s parent or legal representative. Such legal representative has the right, upon request, to view the information provided by the child and/or to require that it be deleted. If your child has submitted personal information and you would like to request that such information be removed, please contact privacy@orion.fi.

 

Your Rights

Right of Access and Right to Data Portability

Subject to legal exceptions, you have the right of access, after having supplied sufficient search criteria, to the data on yourself in Orion’s registers, or to a notice that the registers contain no such data. Orion shall also provide you with information of the sources of data, on the uses for the data and the destinations of disclosed data in the register.

If the basis for processing of your personal data is consent or the fulfilment of a contract between Orion and you, and in case the personal data is processed by automated means, then you have the right to data portability, i.e. the right to have your data, which you have provided to Orion, to be transferred to you in a structured and machine readable format, to the extent possible.

If you wish to have access to your personal data, you can make a request to this effect by a personally signed or otherwise comparably verified document and by verifying your identity by attaching a copy of an official identification document.

ORION CONTACT INFORMATION:

 Orion Corporation (Business ID 1999212-6) (“Orion”)

Address: Legal Affairs / Data Protection, Orionintie 1, 02200 Espoo, Finland

Data Protection Officer: Heidi Arala

privacy@orion.fi

The contact information of Orion group companies are available at http://orion.fi/en/Orion-group/contacts/Locations-and-contact-persons/sites-and-offices/#pharmaceutical-sales-offices-in-europe

 

Right to Withdraw Consent / Right to Object to Processing

In case the legal basis for processing the personal data is consent, you have the right to withdraw the consent.

In case the legal basis for processing the personal data is the legitimate interests of Orion, you have the right to object to processing on grounds relating to your particular situation. You always have the right to object to processing of your personal data for direct marketing purposes.

In case you wish to use your above-mentioned rights, you can make a request to this effect by a personally signed or otherwise comparably verified document in writing to Orion’s postal or e-mail address referred to above. Please note that withdrawal of your consent does not render the processing of personal data performed prior to such withdrawal unlawful.

 

Rectification, Restriction of Processing and Erasure

Orion as the data controller shall, on its own initiative or at your request, without undue delay rectify, erase or supplement personal data contained in this register if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. Orion shall also prevent the dissemination of such data, if this could compromise the protection of your privacy.

You have the right to obtain from Orion restriction of processing, in case you have contested the accuracy of the processed personal data, if you have claimed that the processing is unlawful and you have opposed the erasure of the personal data and have requested the restriction of their use instead; if Orion no longer needs the personal data for the purposes of the processing, but the personal data is required by you for the establishment, exercise or defense of legal claims; or if you have objected to processing pursuant to the EU General Data Protection Regulation pending the verification whether the legitimate grounds of Orion or a third party override your interests or rights and freedoms. Where processing has been restricted based on the above grounds at your request, you will be informed by Orion before the restriction of processing is lifted.

If Orion refuses your request of the rectification of an error, you will be informed of this in writing. The notice shall also mention the reasons for the refusal. In this event, you may bring the matter to the attention of the Data Protection Ombudsman.

Orion shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.

Requests for rectification shall be made to Orion’s address provided above.

 

Questions Regarding the Privacy Statement

If you have any questions about our Privacy Statement, or any concern about privacy at Orion Corporation, please contact us by e-mail at privacy@orion.fi.

 

 

We may update or revise this Orion Corporation Privacy Statement at any time. When we change the Statement in a material way, a notice will be posted on our website along with the updated Privacy Statement. Your right to data portability and/or restriction of processing, if applicable, will become applicable as of May 25th, 2018.