This Privacy Policy of Omply Health complies with the EU General Data Protection Regulation (GDPR). Prepared on 16 July 2025.
Omply Health, sokasaarentie 93, FI-87800, Kajaani, Finland
Tatu Lintukangas, tatu.lintukangas@omply.health
Omply Health maintains several registers for different purposes. These include: Customer Register, Marketing Register, Stakeholder Register, and Online Service User Register.
The legal basis for processing personal data under the GDPR is:
The data subject’s consent (documented, voluntary, informed, and unambiguous)
A contract in which the data subject is a party
The purpose of processing personal data is to maintain contact with customers, manage customer relationships, and conduct marketing activities.
Data is not used for automated decision-making or profiling.
Data stored in the register may include: name, title, company/organization, contact details (phone number, email address, postal address), website addresses, IP address of the network connection, details of services ordered and their changes, billing information, and other information related to the customer relationship and services ordered.
Website visitors’ IP addresses and cookies necessary for the technical functioning of the service are processed based on legitimate interest, for example to ensure information security and collect statistical data on website visitors. For third-party cookies, separate consent is requested when required.
Data is primarily obtained from the customer via messages sent through online forms, email, phone, social media services, contracts, customer meetings, and other situations in which the customer provides information.
Information on representatives of companies and organizations may also be collected from public sources such as websites, directory services, and from other companies.
Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer.
Data may be transferred outside the EU or EEA by the controller. Data will not be transferred to the United States without the explicit consent of the data subjects.
Personal data is processed with care and data processed by information systems is appropriately protected. When data is stored on internet servers, the physical and digital security of the hardware is ensured. The controller ensures that stored data, server access rights, and other critical information for the security of personal data are handled confidentially and only by employees whose job description requires it.
Every person in the register has the right to review their stored data and to request correction of any inaccurate or incomplete information. If an individual wishes to check their data or request a correction, the request must be sent in writing to the controller. If necessary, the controller may request proof of identity. The controller will respond within the time frame set by the GDPR (generally within one month).
A person in the register has the right to request the erasure of their personal data from the register (“the right to be forgotten”). Data subjects also have other rights under the GDPR, such as the right to restrict the processing of personal data in certain situations. Requests must be sent in writing to the controller. If necessary, the controller may request proof of identity. The controller will respond within the time frame set by the GDPR (generally within one month).
