REGISTRATION STATEMENT

Bio365 Privacy Statement

Updated 01.08.2024

Bio365.fi is JM Goods' trading platform.

Register statement according to Section 10 of the Personal Data Act (523/1999).

In this privacy statement, we explain how Bio365 / JM Goods ("Registrant") processes the personal data of its customers and users of its online services ("Customer") and how the processing of personal data can be affected.

Registrar

JM Goods, Y-ID 3103562-8

Yli-Tahlo rantatie 52, 33410 Ylöjärvi

Person handling registry matters

JM Goods / Mirko Pajunen

customer service@bio365.fi

Registry name

Bio365 online store customer register. The register consists of several sub-registers.

Purpose of the register

The purpose of the register is to maintain customer contact, maintain and develop customer and business relationships, and use for statistical purposes. The Bio365 online store uses this and other information generated during the customer relationship to plan the product and service offer and to target the offer.

Personal data is used within the framework permitted and required by the Personal Data Act. The register will not be handed over to outside parties.

Information contained in the register

The customer register consists of several separate registers compiled according to the main purpose of use. Together, these customer data form the data sets stored about the customer as follows:

1) The customer's contact information and the information that enables ordering: first and last name, street address, zip code, post office, country, phone number, email address, date of birth, gender and social security number. For corporate, association and community customers, in addition, the company's name and social security number.

2) Interests reported by the customer, financial background information and other customer-specific additional information.

3) Possible consent to send him direct marketing.

4) Information about the customer's orders, deliveries and returns.

5) Identifiers required for logging into the service.

6) Information related to the loyalty program, customer-specific information: membership level, purchase history, ecopoints collected, used and available, customer's special wishes.

The registrant's personal data will be destroyed at the user's request.

Regular sources of information

The register's contact and customer information is obtained from notifications made by the customer to the controller when and during the creation of the customer relationship. A customer relationship is created when the customer registers for the service, orders direct marketing or makes a purchase.

For electronic direct marketing (e-mail and text message marketing), the customer's consent is separately requested in accordance with the Personal Data Act. Information on the customer's creditworthiness at the time of the order is obtained from Svea Ekonomi's system (Y-ID 1774535-9).

Registry protection

Access to the register requires access to the internal network of the Bio365 online store. The right of use is limited only to the information necessary for the person's job duties and requires the use of personal usernames. The customer register and the information system equipment that processes it are located in closed computer rooms. In case of disturbances, the information is regularly verified by copying. The system is protected by a firewall against outside communications.

Employees handling customer register data are bound by the duty of confidentiality. Information is shared or disclosed to outsiders only due to a statutory reporting obligation, such as the customer's own request or an authority's statutory request.

When processing personal data, we comply with applicable legislation and industry self-regulation, such as the guidelines issued by the Association of Customer Marketing and IAB Finland.

Personal data to be processed

We collect and process personal data only to the extent that it is necessary to fulfill the purposes described in this privacy statement.

The personal data collected and the scope of their processing vary depending on the relationship between the Controller and the Registered, the permissions and prohibitions granted for the processing and marketing of personal data, and the cookie and tracking settings of the browser used.

Customer and order information

  • basic information, such as name and contact information and date of birth
  • order and invoicing information, such as information about the payer and recipient of the order and changes to this information
  • customer service information, such as customer feedback, communication with customer service
  • permission information, such as information about marketing permissions and other permissions and prohibitions related to the use of personal data
  • information about responses to surveys, surveys and competitions conducted by Bio365 or its partners
  • interests reported by the customer, financial background information and other customer-specific additional information, such as special wishes
  • information related to loyalty, for example membership level, accumulated purchases, collected, used and available points

Data collected from the use of online services

  • information collected from the device or application used, such as browser version, device type, screen size and IP address
  • information about the use of online services, such as information about page downloads, time spent in online services and movement in online services
  • information about websites opened through newsletters

Derived and combined data

In order to serve our customers better, we refine the collected personal data by analyzing them with various statistical methods and by combining information collected from different sources.

Based on the analyses, information can be derived from the Customers regarding, for example, assumed interests, age group, income level, purchasing behavior or other similar characteristics. The derived information is based on the information provided by the Customer and collected about the customer mentioned in the previous section. In order to ensure the privacy of our customers, we do not process or manage personal data that is considered sensitive.

The Bio365 online store has the option of combining information provided by the Customer with information collected from the use of online services, if such a connection can be established between the information that the information can reasonably be assumed to be related to the same person. The Bio365 online store can profile its Customers based on combined information, for example to send current information, offers or benefits based on the Customer's interests or purchase history.

The Bio365 online store secures the privacy of its customers by carrying out the management and combining of data described above with special care and using the information obtained from the combination in such a way that the privacy of customers or registered users is not compromised.

Purposes of use of personal data and legal basis for processing

In this paragraph, we explain the purposes of use of the personal data we collect, the legal basis for the processing of personal data, and the Customer's opportunities to influence the processing of his personal data.

The purposes of use of the personal data we collect can be divided into three groups as follows:

  1. Customer relationship management

We use our customers' personal data for various measures that are necessary for managing the customer relationship, such as for example:

  • offering products and services and delivering orders
  • customer relationship maintenance and customer communication
  • providing customer service and other customer support
  • conducting contests and sweepstakes

The processing of personal data for managing the customer relationship is based on an agreement between the Bio365 online store and the Customer on the delivery of a product or service or on another measure forming a customer relationship.

  1. development of products and services

We use our customers' personal data to develop products and services and to improve the quality and supply of the service. Measures taken to develop products and services may include, for example, product or content recommendations or personalization of services or communications.

The data collected in studies and surveys and the specific purpose of use and data storage are always explained in more detail in connection with each study.

The processing of personal data for the development of products and services is based on the legitimate interest of the Bio365 online store to use the data for the benefit of its customers.

  1. Sales and marketing

We use our customers' personal data for marketing and advertising as well as for other commercial measures, such as electronic direct marketing. The processing of personal data for commercial purposes is based on the Customer's consent in the case of electronic direct marketing.

Sharing and disclosure of personal data

We use personal data to fulfill the purposes described above in section 3. In addition, we use the services of third parties, in connection with the use of which third parties may also process personal data. In such cases, we ensure the legal processing of personal data through contractual arrangements and instruct the third party on the processing of personal data.

We may hand over personal data to third parties if it is necessary to implement the Bio365 online store and the rights or safety of the customer or user, to investigate fraud or to respond to official inquiries.

Transferring personal data outside the EU/EEA area

As a general rule, we do not transfer or process personal data outside the European Union or the European Economic Area. If we have to exceptionally transfer data outside the EU/EEA area, we ensure a sufficient level of personal data protection in accordance with the applicable legislation.

Use of cookies

We use cookies to improve the user experience of our online services and to monitor and facilitate use. Cookies enable short textual information to be stored in the user's browser for later use.

Collection and processing of location data

We use the location information collected with the help of the IP address in our online store, for example, to display local offers and announcements. The accuracy of the location information we use is always a municipality, a city or a wider area.

Retention of personal data

We keep personal data as long as it is necessary to fulfill the purposes defined in section 3. However, applicable legislation, such as accounting or other mandatory legislation, may oblige you to retain personal data even after the purpose of the processing has ended. In such situations, the storage periods specified in the applicable legislation are observed.

Information collected from the use of online services is stored for approximately twelve (12) months from the date of data collection in a form from which the user can be identified. In predefined situations, we may keep the information collected from the use of online services even after this in a form from which the individual user can no longer be identified.

The user and customer must note that, for example, Product reviews and information written and published on social media services and other similar public services may be visible online even after the purpose of personal data processing has ended.

The customer's rights and opportunities to influence

We are committed to taking care of our customers' privacy protection and the rights according to data protection legislation. Below we have listed our customers' most important rights and possibilities of influence in relation to the processing of personal data.

Requests regarding exercising these rights should be addressed to our customer service.

Bio365 | contact information

Our warehouse and office is located in Tampere.

Customer service

mon-fri 10-16

customer service@bio365.fi

+358 45 617 9330

Bio365 / JM Goods

TAMPERE

Inspection, deletion and transfer - The customer has the right to get access to his own personal data and the right to inspect and correct his personal data. In addition, the customer has the right to request the deletion of his personal data to the extent that it is possible within the framework of other legislation. The customer also has the right to transfer his personal data to another controller.

Direct marketing - The customer has the right to prohibit direct marketing and to object to the processing of their personal data (such as profiling) for direct marketing purposes. The customer also has the opportunity to influence in which channels direct marketing is carried out (post, phone, email).

Targeting and profiling – The customer has the right to limit the use of their personal data to profiling for recommending products, services and content. Possibilities of influence mainly include limiting cookies in online stores, browsing the web so-called in privacy mode and other technical measures.

Advertising targeting – Third-party advertising networks can target advertising on our website based on the Customer's online behavior. The customer has the opportunity to influence the targeting of advertising through these networks. However, blocking advertising targeting does not reduce the number of ads displayed on the sites, but prevents networks from showing advertising that is likely to be of interest to the Customer.

The targeting of advertising on third-party platforms, such as Facebook, can be prevented in the advertising settings of each service.

If the user or customer considers that their statutory rights have been violated, they have the right to file a complaint with the national data protection authority or another data protection authority of the European Union or the European Economic Area. In Finland, the supervisory authority is the Data Protection Commissioner. The contact information of the data protection officer can be found at http://www.tietosuoja.fi/fi/.

Information security

We take care of the secure processing of personal data with appropriate physical and technical data security measures to protect personal data from, for example, loss, destruction, misuse, and unauthorized access and disclosure. We strive to ensure data secure processing to guarantee the protection of personal data, for example by limiting access to data and ensuring that our employees and subcontractors use personal data in accordance with the given instructions and agreements.

Changes to the privacy statement

We reserve the right to update this privacy statement, for example due to the development of our services or mandatory legislation. We inform you about changes and updates to the privacy statement on our website and encourage you to familiarize yourself with the privacy statement regularly.

Google reCaptcha

We use Google's reCaptcha service to determine whether a person or computer makes a specific entry on our contact or newsletter form. Google uses the following information to determine whether you are a person or a computer: the IP address of the terminal you are using, the website you are visiting and where the captcha is integrated, the date and duration of the visit, identification information about the browser used and the type of operating system, Google account if you are logged in to Google, mouse movements reCaptcha areas and tasks for which you need to recognize images. The legal basis for the described data processing is Art. 6 paragraph. 1 lit. f General Data Protection Regulation. We have a legitimate interest in this data processing to ensure the security of our website and to protect us from automated feeds (attacks).