Updated: April 19th, 2018
At Orion Corporation (“Orion”), we know you care about your personal privacy and about the terms and conditions that govern how we collect, use, disclose, transfer, and store your information. Because we are dedicated to serving your needs and respecting your preferences, we have adopted the policies and practices described in this Orion Corporation Privacy Statement. To read about Orion Corporation’s processing of personal data in relation to patient safety reporting, please see the Orion Corporation Patient Safety Reporting Privacy Statement. Our Privacy Statement is located on our homepage and is also available on webpages where personal data are requested.
Personal data is data on individuals that can be used to identify or contact the person. When you are using Orion websites, social media channels, services, downloading applications, or interacting with Orion by other means, you may be asked to provide your personal data, such as your name, mailing address, phone number and email address. The data may be used for the following purposes, as applicable for each website, social media channel, service, application, or other context:
The data may be used for the following purposes:
The legal basis for the processing of your personal data in relation to product quality is compliance with Orion’s legal obligations, and when answering your feedback or product related or other questions, the processing is based on the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.
The data may be used for the following purposes:
The legal basis of processing of the personal data is the consent of the user. We may also process your data based on the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.
The data may be used for the following purposes:
The legal basis of processing of the personal data is the consent of the user or performance of a contract with the user, or steps taken at the request of the user prior to entering into a contract with him or her. We may also process your data based on the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.
The data may be used for the following purposes:
The legal basis of processing of the personal data is the consent of the person or the legitimate interests of Orion. Please see below section “Legitimate Interests” to learn more about what we mean by legitimate interests, and when we process your data for our legitimate interests.
We may process your personal information for our legitimate business interests, e.g. fraud prevention/direct marketing/network and information systems security/data analytics/enhancing, modifying or improving our services/identifying usage trends/determining the effectiveness of promotional campaigns and advertising.
“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service or products and the best and most secure experience on our websites, services or applications. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you.
Orion collects personal data for the above-mentioned purposes. Personal data being collected concerns Orion’s customers and website visitors. Some of the data is collected directly from you when you use Orion websites, social media channels, applications or services. You have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary to provide an application or a feature in an application, you may not be able to use that application or feature.
Data may also be collected by Orion’s subcontractors to the extent required to operate, run and maintain the services or to perform other tasks (such as direct advertising) on Orion’s behalf related to the services. The subcontractors may be e.g. ICT-service providers, advertising partners and Orion’s group companies and third parties performing comparison, segmenting, analysis and profiling services on Orion’s behalf.
The data we collect depends on the context of your interactions with Orion, the choices you make, including your privacy settings, and the applications and features you use. The data we collect may include the following:
(c) first name
(d) last name
(e) age range
(h) locale (geographical indication)
(k) updated time
(n) user’s friends.
For purposes of certain services offered by Orion, Traffic Data is collected. “Traffic Data” means the information identifiable to the user of certain of Orion’s services and which are processed in certain services and communication networks in order to transfer, share or offer messages. The Traffic Data is processed in the following circumstances and in other circumstances allowed by law.
(i) The Traffic Data is processed to the extent required for the provision and usage of services and taking care of information security. For this purpose, the following types of Traffic Data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.
(ii) The Traffic Data is processed for technical development of the service. For this purpose the following types of Traffic Data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.
(iii) The Traffic Data is processed automatically for statistical analysis, because otherwise the analysis cannot be conducted without unreasonable effort. An individual person cannot be identified based on this analysis data.
(iv) The Traffic Data is processed in order to solve unauthorized use of the fee-based services, communication network or communication services forming part of the service.
(v) The Traffic Data is processed, if it is necessary to detect, prevent or correct a technical error or fault occurred in the transmission of communications.
Data can be transferred or disclosed to following third parties for the following purposes:
The personal data collected may be processed in your country of residence or transferred to another country where Orion, its affiliates, subcontractors or other recipients of personal data are located, both inside and outside the European Economic Area (EEA). This means that your personal data may be processed or stored in a country that has less stringent data protection standards than those of the European Union. We will ensure that your personal data will be treated in accordance with this Privacy Statement at all times even if it is being transferred outside the EEA. The personal data transferred outside the EEA is protected by the adequacy decision made by the EU Commission or by appropriate contractual arrangements (either by the signing of the Standard Contractual Clauses by the controller and the recipient(s) or by the recipient’s self-certification under the EU – US Privacy Shield). For more information, please contact Orion.
To help protect the privacy of personal data, we maintain physical, technical and administrative safeguards, such as locks, electrical surveillance systems, firewall, anti-malware and spam filtering systems, etc. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information for performing their work. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of the personal data.
We will retain your personal data for the period necessary to fulfill the purposes outlined in this Privacy Statement unless a longer retention period is required or permitted by law. For example, when answering your questions submitted on our webpages, we will retain your information until we have processed your question and answered to you. If you enter into one of our campaign contests, we will retain your information until the contest has been finalized and the possible awards have been delivered. If you have downloaded Orion’s application, we will retain your information as long as you have an active user account.
To provide location-based services, Orion may collect data on your location, which can be either precise or imprecise. Location data may be derived from available GPS, Bluetooth or IP address as well as by identifying nearby cell towers and Wi-Fi hotspots, and by using other available technologies determining your device’s approximate location.
Unless you provide consent, this location data is collected anonymously in a form that does not personally identify you.
Orion’s websites, social media channels, applications and services may include links to third party websites. Orion is not liable for processing of personal data on those websites.
Some parts of certain services may require specific terms for processing of personal data. You are informed of those third party terms and your consent is asked in connection with your use of such parts.
By allowing the creation of a user account and login by using the third party service, Orion does not assume liability for the third party service or any aspect of the same. List of third parties whose service is accepted by Orion for the creation of a user account and login:
Protecting the privacy of children is important. Orion does not intend to collect, process or use on our website any information relating to an individual whom we know to be under 18 years old without permission of the child’s parent or legal representative. Such legal representative has the right, upon request, to view the information provided by the child and/or to require that it be deleted. If your child has submitted personal information and you would like to request that such information be removed, please contact email@example.com.
Subject to legal exceptions, you have the right of access, after having supplied sufficient search criteria, to the data on yourself in Orion’s registers, or to a notice that the registers contain no such data. Orion shall also provide you with information of the sources of data, on the uses for the data and the destinations of disclosed data in the register.
If the basis for processing of your personal data is consent or the fulfilment of a contract between Orion and you, and in case the personal data is processed by automated means, then you have the right to data portability, i.e. the right to have your data, which you have provided to Orion, to be transferred to you in a structured and machine readable format, to the extent possible.
If you wish to have access to your personal data, you can make a request to this effect by a personally signed or otherwise comparably verified document and by verifying your identity by attaching a copy of an official identification document.
ORION CONTACT INFORMATION:
Orion Corporation (Business ID 1999212-6) (“Orion”)
Address: Legal Affairs / Data Protection, Orionintie 1, 02200 Espoo, Finland
Data Protection Officer: Heidi Arala
The contact information of Orion group companies are available at http://orion.fi/en/Orion-group/contacts/Locations-and-contact-persons/sites-and-offices/#pharmaceutical-sales-offices-in-europe
In case the legal basis for processing the personal data is consent, you have the right to withdraw the consent.
In case the legal basis for processing the personal data is the legitimate interests of Orion, you have the right to object to processing on grounds relating to your particular situation. You always have the right to object to processing of your personal data for direct marketing purposes.
In case you wish to use your above-mentioned rights, you can make a request to this effect by a personally signed or otherwise comparably verified document in writing to Orion’s postal or e-mail address referred to above. Please note that withdrawal of your consent does not render the processing of personal data performed prior to such withdrawal unlawful.
Orion as the data controller shall, on its own initiative or at your request, without undue delay rectify, erase or supplement personal data contained in this register if it is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing. Orion shall also prevent the dissemination of such data, if this could compromise the protection of your privacy.
You have the right to obtain from Orion restriction of processing, in case you have contested the accuracy of the processed personal data, if you have claimed that the processing is unlawful and you have opposed the erasure of the personal data and have requested the restriction of their use instead; if Orion no longer needs the personal data for the purposes of the processing, but the personal data is required by you for the establishment, exercise or defense of legal claims; or if you have objected to processing pursuant to the EU General Data Protection Regulation pending the verification whether the legitimate grounds of Orion or a third party override your interests or rights and freedoms. Where processing has been restricted based on the above grounds at your request, you will be informed by Orion before the restriction of processing is lifted.
If Orion refuses your request of the rectification of an error, you will be informed of this in writing. The notice shall also mention the reasons for the refusal. In this event, you may bring the matter to the attention of the Data Protection Ombudsman.
Orion shall notify the rectification to the recipients to whom the data have been disclosed and to the source of the erroneous personal data. However, there is no duty of notification if this is impossible or unreasonably difficult.
Requests for rectification shall be made to Orion’s address provided above.
If you have any questions about our Privacy Statement, or any concern about privacy at Orion Corporation, please contact us by e-mail at firstname.lastname@example.org.
We may update or revise this Orion Corporation Privacy Statement at any time. When we change the Statement in a material way, a notice will be posted on our website along with the updated Privacy Statement. Your right to data portability and/or restriction of processing, if applicable, will become applicable as of May 25th, 2018.