Medical Pharmacy Group AS is a legal entity, registry code 12356191, located at 8 Ülikooli, Tartu, Republic of Estonia. Medical Pharmacy Group AS is a company operating on Estonian capital that produces vitamins, minerals and different health products.
Upon carrying out our activities, we collect and use your personal data to provide you with the best service, consultation and solutions, and to fulfil the agreements and contracts connected with you.
We protect your data and privacy in accordance with all applicable legal requirements.
In order to guarantee safe processing of the aforementioned personal data, Medical Pharmacy Group AS has established rules for processing the data, administrative regulations and other IT and physical data protection measures.
The measures for safe processing of personal data apply for all information systems, human activities performed by individuals including employees, suppliers, clients, service providers and other third parties that have access to the personal data processed by Medical Pharmacy Group AS.
WHY DO WE COLLECT AND USE YOUR PERSONAL DATA?
We collect and process your data to offer you the best advice and solutions, to implement contracts that are connected with you, and to fulfil any statutory obligations regarding the collection and storage of personal data.
This means that we collect and use your personal data if:
- you have entered into, or are considering, a contract with us;
- you have agreed we use your personal data;
- it is our legal obligation that may arise from the following acts of law:
- Law of Obligations Act;
- Taxation Act;
- Tax Information Exchange Act;
- Accounting Act;
- it is necessary in the legitimate interests of Medical Pharmacy Group AS, incl. to avoid offences or damages, increase the safety of IT systems of payments, or to serve the aims of direct marketing. We will only do so if our respective interest is significantly greater than your interest not having your personal data processed;
- you communicate with us as a representative of our Business Client. In such a case, dependent on the content and extent of our communication, we may process your personal data regarding the following aims:
- to fulfil our contractual obligations and to provide services to our Clients;
- to comply with valid legal provisions;
- for administrational purposes, incl. to safeguard, support and maintain our systems, platforms and other digital applications;
- to provide sufficient security upon visiting our premises;
- to carry out necessary checks to avoid crime.
WHICH DATA DO WE COLLECT AND USE?
In its everyday business activities, Medical Pharmacy Group AS processes different types of personal data, incl.:
- the personal data of its (current, former and future) employees;
- client data:
- name, telephone number and email address;
- delivery address;
- bank account;
- price for goods and services and payment-related data (purchase history);
- data related to the profile of the person ordering personal products;
- customer support data
- webpage visitors’ data;
- stakeholders’ data.
Special categories of personal data
In its economic activity, Medical Pharmacy Group AS does not collect such personal data that involves racial or ethnic origin, political views, religious or philosophical beliefs, being a member of a trade union, genetic data, biometric data needed for a single identification of a natural person, data related to the sexual behaviour or sexual preferences of a natural person.
Medical Pharmacy Group AS only collects to a small extend customer health information to offer you the best possible personal service that considers the needs and peculiarities of your body. We ask your explicit consent to process your health data, excl. in the cases the law allows us to process special categories of personal data without your prior consent (e.g. to exercise our legal demands).
We may also collect other categories of personal data if they are needed to provide you with some specific services or if it is required by the law.
Our capability to give you advice and offer the best solutions largely depends on how well we know you. Therefore, it is important that the information you provide us with is true and accurate, and that you keep us updated on any changes.
WHAT ARE THE PURPOSES OF COLLECTING AND USING YOUR PERSONAL DATA?
Medical Pharmacy Group AS processes personal data to:
- manage orders and deliver goods
- compile overviews of the products and services bought, to analyse customer preferences and web usage statistics;
- return customers their payments;
- solve the problems related to the providing of products and services (customer service);
- determine on which conditions to provide services and sell goods;
- make offers to Customers;
- conduct customer satisfaction surveys;
- provide clients with comfort services and to notify customers (e.g. campaigns, direct marketing);
- fulfil legal obligations;
- guarantee the realisation of legitimate interests that are in accordance with the data protection rules established in the European Union (EU).
We also collect and use data for other functions related to the providing of services, incl. for the following purposes:
- customer support;
- development and management of our services and activities;
- marketing of the services;
- debt collection;
- protecting you and Medical Pharmacy Group AS from fraud;
- responding to and satisfying any legal claims of third parties.
We collect data directly from you or by monitoring your activities, when you for example:
- submit documents to us either in paper format or via electronic correspondence;
- call us. We will notify you in case we record your phone call.
We shall retain your data only for as long as it is necessary for the purpose for which we have collected and used your data.
THIRD PERSONS AND YOUR PERSONAL DATA
Personal data obtained from third persons
We register and use personal data obtained from third persons, for example from:
- national registers, e.g. commercial register, population register or other public source or register. We collect and use such data to check the correctness of the data;
- credit agencies and payment default registers;
- the business partners of Medical Pharmacy Group AS if we have your consent to do so or the right arises from legal provisions.
Third party to whom we disclose your personal data
In some cases we may disclose your personal data to third party, provided that:
- you have asked us to do so;
- the law requires or allows it;
- you have given your prior consent for that;
- you do not fulfil your obligations to Medical Pharmacy Group AS. In such a case we may disclose your personal data to credit rating agencies and registers;
- it is necessary regarding the development, maintenance and continuity of IT systems.
On your consent to transfer your personal data to data processors in third countries (outside the European Union and European Economic Area), we ensure the protection of your rights and security of your personal data at a level that meets the criteria approved by the European Commission.
PROFILING AND AUTOMATED DECISION-MAKING
Profiling is a automated way of processing your data. Medical Pharmacy Group AS processes your data automatically and models your data to help you choose the vitamins, minerals and different health products that are the most suitable for the needs and peculiarities of your body.
Medical Pharmacy Group AS does not process your data automatically when it comes to assessing your personal data to make the decisions that may restrict your rights and freedoms.
Right to access your personal data
You can obtain access to the personal data we have collected about you, you can familiarise yourself with how we use them, what their sources are and what the aims of using them are. You have a right for the information related to how long we will retain your data for and to whom and in which extent we disclose them. Your right to access your personal data may be restricted by applicable legal provisions, the rights of other people to guarantee their privacy and our business needs. Our know-how, business secrets, internal evaluations and materials may also be part of the information you cannot access.
Right to object
You have a right to object to the processing of your personal data, incl. when we rely on our legitimate interests in the processing of data.
You also have a right to prohibit the use of your personal data for direct marketing purposes.
Rectification and erasure of data
If your data are inaccurate, incomplete or irrelevant, you have the right to demand rectification or erasure of the data, subject to any applicable legislative restrictions and data processing rights.
Restricting the use of data
If you consider the data we have collected about your are inaccurate, or if you have objected to the use of data, you may demand that the use of such data be restricted to storage only. The use can be restricted to storage only until it is possible to determine whether the data are correct or until it can be checked whether we can weigh our legitimate interests against your interests.
If you have a right to have the data deleted, you may instead demand that the use of data by us be restricted to storage only. If we need your personal data you only to exercise or protect our legal demands, you may prohibit the use of the data for any purpose other than storage. However, we may still have a right to use the data for other purposes should it be necessary to exercise the demands, or if you have given your consent to do so.
Withdrawal of consent
If it is necessary to have your consent to use the data, you may withdraw it at any time. We would like you to pay your attention to the fact that if you withdraw your consent we may not be able to provide you with some certain services. We also continue using your data to fulfil the contract we have made with you or according to the requirements arising from legal provisions.
If we use your data on your consent or according to an agreement, and if data processing is automated, you have a right to receive an electronic machine-readable copy of the data you have submitted.
The timing of the exercise of your rights in an aggregate table
|Rights||Time of exercise|
|Right to consent to data processing||The consent is asked immediately upon data collection (if the data are collected directly from you) or within one month (if the data were collected from a third person)|
|Right to withdraw the consent to data processing||Immediately, without an unreasonable delay|
|Right to access data||Within one month from submitting an application|
|Right to rectify data||Within one month from submitting an application|
|Right “to be forgotten”||Immediately, without an unreasonable delay|
|Right to restrict processing||Immediately, without an unreasonable delay|
|Right to data portability||According to the submitted application|
|Right to object||Proceedings are initiated after an objection has been received|
|Rights concerning automated processing of data or profiling||According to the submitted application|
As you visit the websites of Medical Pharmacy Group AS, our analytics and advertising partners (Google Analytics, Facebook, YouTube, etc.) may also be able to save their cookies in your device.
SECURITY OF PERSONAL DATA PROCESSING
Medical Pharmacy Group AS retains personal data only for as short of a period as possible. All personal data with an expired retention term will be destroyed using the best available practices.
Medical Pharmacy Group AS ensures the protection and appropriate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Access to personal data is only granted to authorised processors and only to the extent necessary for achieving the objectives arising from legitimate interests.
Medical Pharmacy Group AS declares that it complies with the applicable EU requirements on the protection of personal data. Medical Pharmacy Group AS shall make every effort to protect your personal data. We only process personal data for specific and lawful purposes and only to the extent necessary. We expect our cooperation partners to share the same values as they follow our rules for personal data processing.
In case of any incident connected to personal data, Medical Pharmacy Group AS shall take all appropriate measures to mitigate possible consequences and reduce similar risks in the future.
DIRECT MARKETING NOTIFICATIONS
Notifications are offers sent to subscribers via communication channels Medical Pharmacy Group AS considers as of interest to particular subscribers.
You can opt out of notifications at any time. Should the customer no longer want to receive direct marketing notifications, they shall choose the respective option from the email heading or contact our customer support.
If personal data is processed with the aim of direct marketing, the customer shall have a right to submit their objections related to the processing of such data. The objections can be submitted to the customer service at any time via email. The respective information shall be submitted clearly and separately from any other information.
The personal data used for direct marketing shall not be shared with third parties. Medical Pharmacy Group AS processes your personal data in accordance with the EU data protection rules and other privacy legislation.
If you have any questions, please contact: [email protected]
CONTACT DETAILS AND FILING OF COMPLAINTS
If you have any questions concerning your rights with regard to the processing of your personal data, or concerning the collection and use of personal data by us, or if you are not satisfied with the way we process your personal data, please contact us at:
Medical Pharmacy Group AS
Address: Ülikooli 8, Tartu, Tartumaa 51003
Telephone: +372 775 2225
Email: [email protected]
If you are not satisfied with the response of Medical Pharmacy Group AS to your application concerning your privacy, you can file a respective challenge with Medical Pharmacy Group AS or lodge a complaint with the following supervisory authority:
Data Protection Inspectorate
19 Väike-Ameerika, 10129 Tallinn
Tel.: 6 274 135, fax: 6 274 137
Email: [email protected]