Bittium MedicalSuite™ Terms of Use

Bittium MedicalSuite™ Terms of Service

1. Registry name

MedicalSuite Analytics

2. Controller

Bittium Oyj, Ritaharjuntie 1, 90590 Oulu
+358 40 344 2000, [email protected]

3. Contact person(s)

Tuomainen Mika

4. Purpose of processing personal data

Bittium Biosignals (BBS) is a controller for data which is stored in Bittium servers from users and patients in MedicalSuite platform.

5. Lawful basis for processing personal data

Contract

6. Types of personal data being processed

Types of personal data processed has been described in document Processing of personal data 9404570EEC0248.

7. Retention time

Bittium processes the personal data as long as the legal basis of the collection of personal data exists and the purpose of the collection of personal data is valid or the data subject prohibits the processing of personal data related to the data subject.Bittium processes the personal data as long as the legal basis of the collection of personal data exists and the purpose of the collection of personal data is valid or the data subject prohibits the processing of personal data related to the data subject.

8. Source(s) of information

Registered person and MedicalSuite service.

9. Recipient(s) of personal data

Bittium Biosignals support and maintenance.

10. Transfers of personal data out of EU or EEA

No.

11. Rights of data subject

Right to obtain information on the processing of their personal data

The data subject shall have the right to be informed of the collection and processing of their personal data. The processing of personal data shall be done in a transparent manner. Right to obtain information on the processing of their personal data applies with all legal bases. Reference: Article 12 GDPR Article 13 GDPR Article 14 GDPR

12. Right to access

The data subject shall have the right to obtain from Bittium confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data. Right of access applies with all legal bases. Reference: Article 15 GDPR

13. Right to rectification

The data subject shall have the right to obtain from Bittium without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Right to rectification applies with all legal bases. Reference: Article 16 GDPR

14. Right to erasure

The data subject shall have the right to obtain from Bittium the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay provided that the legal grounds apply. For example, the employer’s obligation to retain personal data related to the employee may limit the rights of the data subject. Right to erasure applies when processing is based on consent, processing is based on contract, processing is based on the vital interests of the data subject or another individual or processing is based on the controller’s legitimate interest. Reference: Article 17 GDPR

15. Right to restriction of processing

The data subject shall have the right to obtain from Bittium restriction of processing provided that the legal grounds apply. Right of access applies with all legal bases. Reference: Article 18 GDPR

16. Right to object

The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on, for example legitimate interests of Bittium or direct marketing. Right to object applies when the processing is based on a task carried out in the public interest or the exercise of public authority or when when the processing is based on the controller’s legitimate interest. Reference: Article 21 GDPR

17. Right to data portability

The data subject shall have the right to receive the personal data which he or she has provided to Bittium, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from Bittium when the processing is based on consent and the processing is carried out by automated means. Right to data portability applies when the processing is based on a consent or a contract. Reference: Article 20 GDPR

18. Automated individual decision-making, including profiling

The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Right not to be subjected to automated decision-making applies (with minor differences) when the processing is based on a consent or a contract, processing is based on the controller’s legal obligations or processing is based on a task carried out in the public interest or the exercise of public authority. Reference: Article 22 GDPR

19. Right to lodge a complaint with a supervisory authority

The data subject shall have the right to lodge a complaint with a supervisory authority. Reference: Article 77 GDPR