Privacy statement

As a responsible organisation, we ensure that personal data is processed appropriately. This page describes how we process our customers’ personal data. If you have any feedback or questions about the register, please send them to our customer service and we will reply to you within a week.

1 Controller

Pharmaca Health Intelligence Ltd (hereinafter “Pharmaca”)
Business ID 9003268-9
Korkeavuorenkatu 35, 5th floor, 00130 Helsinki, Finland

2 Contact person in matters concerning the registers

Jaana Honkonen,

3 Name of the register

Customer register of Pharmaca.

4 Purpose of personal data processing

The justification for the processing of personal data is a contractual relationship between the customer and Pharmaca, a legitimate interest of Pharmaca, the customer’s consent, an assignment by the customer or other reasonable context. The customers of Pharmaca are both the contact persons of the customer companies and the health care professionals who use online services.

Personal data may be processed for the following purposes:

  • Managing, executing, developing and monitoring a customer relationship and customer service and the associated communications and marketing.
  • Analysis, grouping and reporting of customer relationships, implementing a customer programme and other purposes associated with the development of overall customership and Pharmaca’s business operations.
  • Targeting the notifications on pharmaceuticals and the content of Pharmaca’s services.
  • Collecting and processing customer feedback and customer satisfaction information.
  • Carrying out market research and opinion polls.
  • Recording phone calls to the customer service centre in order to verify service events and ensure legal protection, safety and security, and for the purpose of training the customer service staff and improving the quality of customer service.

More detailed profiling purposes are listed in item 10 of this privacy policy. The processing tasks may be outsourced to the group companies of Pharmaca and/or external service providers in accordance with data protection legislation and withing the limits imposed by it.

5 Data content of the register

The following types of data necessary for the purpose of the register may be stored of the data subject:

Basic information

  • first and last names, calling name
  • customer number
  • contact data (address, country of residence, work phone number, mobile phone number, personal email address, work email address and other necessary contact data)
  • employer’s name, line of business and contact data
  • title and position
  • tasks at the workplace
  • degree
  • special diet
  • gender
  • language
  • place of study and year when studies started (medical students)
  • SV number or registration number (physicians / veterinarians / dentists)
  • specialty and special qualifications (physicians / dentists)

Information associated with customership, use of services and other reasonable contexts

  • Start and end date of the reasonable context.
  • Service access data (such as customer number, usernames and passwords, alias) and identifying information used in electronic communications.
  • Data about the use and purchase of services.
  • Data associated with invoicing and recovery.
  • Transaction and user analysis data.
  • Data on the implementation of marketing and communication and the utilisation of such data in different service channels, such as online services and newsletters
  • Automatic services, including recording of calls from the customer service centre
  • Content produced by the data subject themselves and material associated with the data subject, such as customer feedback, as well as additional information provided by the data subject about themselves, such as customer wishes, satisfaction information, interests or other such information (for example content and communication produced in social media associated with the controller).
  • Information about people who have served the data subject. Professionals, services, operational units as well as other requests or notes concerning other matters.
  • Prohibitions, restrictions, consents and other choices (such as direct marketing permissions and data associated with the targeting of marketing).
  • Other data associated with the customer and data collected and derived from the use of the services that can be associated with the customer, such as behavioral information based on information collected with cookies and online analytics (such as time of visit, visit duration, visited pages, network address from which the user came to the website, and server from which the user came to the website).
  • Information on the device used by the person, such as the type of the terminal device, the user’s IP address, the browser used (such as Internet Explorer, Chrome), the operating system.
  • Data required by the identification and certification tools and services.
  • Data associated with data processing, such as the date of storage and the data source. Changes in the data specified above.

6 Period of storage of the personal data

Pharmaca retains its customers’ basic data as well as personal data related to the customer relationship in a customer register until the customer relationship between the data subject and Pharmaca can be considered to have ended. The ending time is determined by adding two years to the data subject’s last service contact or other contact.

Pharmaca will store personal data associated with notifications made via the Vnr Service for 8 years.

Some data may have to be stored longer for legal reasons. The data may be erased upon the customer’s request or due to the termination of the customer relationship.

Pharmaca stores functional cookies collected during the use of the services for the duration of the session. Pharmaca retains other cookies, such as statistical, content-targeting and marketing cookies for 2 years.

7 Regular sources of information

Personal data is collected from the data subject themselves or the party who placed an order (such as registration for training, subscription of a service, creating a username) on behalf of the data subject by telephone, post, email or similar means, and from Pharmaca’s systems during sign-up and use of the services as well as from other similar notifications made to Pharmaca during the customer relationship. If the customer has signed up to an online service or mobile application of Pharmaca or one of its group companies, the so-called observed data collected with cookies and other similar technologies can be combined with the personal data obtained from the customer in another context. In addition, personal data can be collected, for example, from social media related to the activities of Pharmaca, which contain information about the registered person.

Updates to name, address and death data are obtained on the basis of the activity of customers and their entities. A direct marketing ban is stored on the basis of separate notifications submitted by the customer to Pharmaca.

Personal data can also be collected and updated from registers of Pharmaca and other companies belonging to the same group as Pharmaca, publicly available information sources such as corporate websites, the population information system, and other public or private registers and data sources providing similar information services (such as Suomen Asiakastieto Oy) as well as from the partners of Pharmaca. Information about belonging to a particular group of professionals may be obtained from an external partner.

8 Regular disclosure of data and transfer of data outside the EU or the European Economic Area (EEA)

Pharmaca may disclose customer data to partners selected by the controller for marketing purposes as well as for other parties, but in compliance with the restrictions and obligations laid down in the legislation in force, with the consent of the data subject. The partners of event and training services regularly get data of the people who participated in the event or training.

Pharmaca may use subcontractors for processing the data.

Pharmaca compiles statistics on the use of its services which it discloses to its customer companies. However, the personal data of the service users is anonymised in the statistics so that the service users cannot be identified from the statistics.

Pharmaca does not transfer personal data outside the European Union or the European Economic Area.

Pharmaca may disclose customer contact information for research purposes (such as academic studies and service design studies) in accordance with the legislation in force. Pharmaca will ensure that its subcontractors comply with the data protection legislation.

Pharmaca regularly uses the following service providers:

  • Microsoft (CRM, email, cloud services)

9 Protection of the register

Pharmaca strictly complies with the statutory obligation of professional secrecy. Data on an individual customer will only be disclosed when a statutory reporting obligation exists, such as the customer’s own request or a legitimate request by an authority.

Manual data is stored in locked premises that may only be accessed by specially authorised people.

The databases and systems in which the register data is stored are protected by a firewall and other technical means in order to secure the connections to the system from outside Pharmaca. The databases and their backups are located in locked premises. Digital material may only be accessed by authorised people or partners with a personal user ID and password. There are different levels of access rights and the rights granted to each user are sufficient to complete the task, but nevertheless as restricted as possible.

10 Profiling

As part of the processing of personal data stored in the customer register, Pharmaca can also use the data for profiling purposes. The profiling is implemented by creating a customer ID for the data subject, which will allow the combination of different pieces of data concerning data subject that arise during the use of the service. The profile created as described above can then be compared with profiles created from other data subjects, for example.

The purpose of the profiling is to improve the usability of the services, tailor the content of the services to match their users’ interests and specialisations, and to study customer behaviour.

11 Right of the data subject to object to the processing of personal data (right to prohibit)

The data subject has the right to object, on grounds relating to his or her particular situation, to processing of personal data concerning him or her and other processing operations performed by Pharmaca on the data subject’s personal data in so far as the processing of the data is based on a customer relationship between Pharmaca and the data subject.

The data subject may present his or her objection to the processing of his or her data in accordance with section 13 of this privacy policy. When presenting the objection, the data subject must specify the particular situation based on which he or she objects to the processing. Pharmaca may refuse to consent to an objection on the grounds laid down by law.

12 Other rights of the data subject associated with the processing of personal data

12.1 Right of access by the data subject

The data subject has the right to check what information about him or her has been stored in Pharmaca’s customer register. The request for a check must be made as specified in section 13 of this privacy policy. The right to check the data may be denied on the grounds laid down by law. As a rule, exercising the right to check the data is free of charge.

12.2 The data subject’s right to request rectification, erasure or restriction of processing

To the extent that the data subject or user can act on their own, after becoming aware of an error or after discovering an error by themselves, the data subject must, without undue delay, on their own initiative rectify, erase or complete incorrect, unnecessary, incomplete or outdated data in the register.

To the extent that the data subject cannot correct the data by themselves, the data subject may demand the rectification, erasure or restriction of the processing of inaccurate, unnecessary, incomplete or outdated data. The rectification request must be made as specified in section 13 of this privacy policy.

The data subject also has the right to demand that the controller restrict the processing of his or her personal data, for example, when the data subject is waiting for Pharmaca to reply to a request for the rectification or erasure of his or her data.

12.3 The data subject’s right to data portability

In so far as the data subject has themselves provided to the customer register data that is processed under the consent or commission given by the data subject, the data subject has the right to receive such data in a machine-readable form as a general rule and the right to transfer the data to another controller.

12.4 The data subject’s right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with a competent supervisory authority if the controller has not complied with the applicable data protection regulation in its operations. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman,

12.5 Other rights

If personal data is processed on the basis of the data subject’s consent, such as for marketing purposes, the data subject has the right to withdraw their consent by informing Pharmaca as specified in section 13 of this privacy policy.

13 Contacts

In all questions related to the processing of personal data and in situations related to the exercise of a data subject’s rights, the data subject must contact Pharmaca in Pharmaca’s online service, by e-mail, by post Pharmaca Health Intelligence Ltd / Asiakasrekisteri, Korkeavuorenkatu 35, 00130 Helsinki, Finland or book an appointment in advance in the company’s office at Korkeavuorenkatu 35, 5th floor, 00130 Helsinki, Finland.

If necessary, Pharmaca may ask the data subject to specify their request in writing, and the identity of the data subject may be verified if necessary before taking any other measures.

14 Cookies

We use cookies in our online services. When using an online service, the user (visitor) can consent to the use and storage of cookie files associated with the online service, as set out below.

Cookies are used, for example, for measuring and research purposes to determine the type and volume of use of the online service. A cookie is a small text file that is sent to and stored on the user’s computer to help Pharmaca identify frequent visitors to the website, to make it easier for visitors to log on to the website, and to make it possible to create aggregate data about visitors. This feedback enables us to continuously improve the content of our online services. Cookies do not harm the users’ computer or files. Cookies do not allow us to view or copy data from the storage media, such as a hard drive, of the user’s terminal device.
We use cookies in ways that enable us to provide our customers with information and services that meet their individual needs. Cookies other than those necessary for the proper operation of the service are only used with the consent of the visitor.

For more information about cookies, see

For more information about our cookie policy, visit Cookie Policy

Cookies can also be used for direct marketing to companies or for marketing based on user lists and remarketing.

Updated on: 8 June 2023