Solita Oy (Business ID 1060155-5), Peltokatu 26, 33100 Tampere, Finland (later “Solita”, “we” or “company”).
Contact person for the register
Tel. +358 (0)29 170 3300
Name of the register
Oravizio customer register
- When you use the service, there are certain Personal Data that we receive, collect, and process, in order to provide you with the service.
- We are processing all the Personal data in compliance with applicable data protection legislation.
- We only process and save minimum amount of Personal Data required to provide you the service, and/or as required by the applicable laws.
- When you use the service and enter patient data (such as the birth year, height, weight, sex, the joint to be operated, primary cause, ASA value, diagnoses, information of drugs, and laboratory values), we act as a Data Processor and your organization acts as a Data Controller for such data. Our use of such patient data is subject to Oravizio Terms and Conditions.
- We use on-demand cloud computing platform offered by Amazon Web Services (AWS) and all the Personal Data is stored in servers located in the EU.
- We might use sub-contractors to provide us a part of the service, and in such a case share the minimum amount of your Personal Data with them (for example: when we need to inform you about a new version of the service, we might use a 3rdparty email delivery service to reach you).
- We use the necessary protections and processes to protect your Personal Data.
- We do not use any 3rdparty Cookies in our service.
Oravizio is a CE marked regulated medical device software service, manufactured by Solita. Oravizio is available at https://tool.oraviz.io.
We are dedicated to processing the Personal Data in compliance with the European Union’s General Data Protection Regulation and other applicable privacy laws (together as “data protection legislation”). Solita is committed to being transparent about how it collects and uses Personal Data and to meeting its data protection obligations.
2. What data is collected, stored and processed?
Solita receives, collects, stores and processes a range of Personal Data about Data Subjects, including:
|Categories of Personal Data||Examples of data content|
|Necessary information related to customer relationship in order to provide the Oravizio service.||Name of the organization; country; contact person’s name; billing data; preferred language.|
|Necessary information of the Oravizio user to access the services.||Name of the user; email address; password hash.|
|Automatically collected information in order to better understand the usage of Oravizio and to improve services.||User IP address and geolocation derived from it; user device operating system, resolution and language; name and version of the user’s browser and language.|
|Unique statistical information on the usage of Oravizio in order to understand the intensity of the use and to ensure the quality of the services, and the adequacy of resources.||The number and timing of the risk assessments; the number and timing of the user’s sessions; what parameters are used in the risk assessment.|
|Analyticsused on our website generating third-party web analytics. We use the data collected by the tool to develop our online service.||The information collected by the third-party service provider in our websites.|
To the extent patient related data submitted to Oravizio by users of the service contains Personal Data, the Customer acts as data controller under the data protection legislation and we process such Personal Data on behalf of the Customer as data processor. The processing of such patient related data is subject to Oravizio Terms and Conditions.
Personal Data processed by Solita is mainly collected directly from the Data Subjector through our Customer having a direct relationship with the Data Subject (such as employment). In addition, the Personal Data may also be collected automatically when the Data Subject uses the Oravizio service.
While the provision of certain Personal Data is necessary for the use of Oravizio, certain Personal Data may from time to time be provided voluntarily.
3. Why does Solita process Personal Data?
We process Personal Data of Data Subjects to offer the Oravizio service. In this context, Personal Data may be processed for the following purposes:
- user registration and delivery of the Oravizio service
- invoicing (including debt collection), recalls, warranties, customer service, feedback and related communications
- contacting the Data Subject and to provide information on the service
- business planning and service development
- complying with and fulfilling our legal duties and obligations such as tax law and accounting
- ensuring security of the Oravizio service and preventing abuses
- ensuring security of our IT environments and protection of data
- presenting legal claims and/or responding to and defending against legal claims.
We process Personal Data on the following basis:
- for the purposes of performance of a contract to which the Customer or Data Subject is party or in order to take steps at the request of the Customer or Data Subject prior to entering into a contract,
- for the purposes of our legitimate interest to inform you about our services, to deliver and maintain our services, ask you for feedback, and to maintain the customer relationship. Where Solita relies on legitimate interests as a reason legal basis for processing Personal Data, it has considered whether or not those interests are overridden by the rights and freedoms of Data Subject’s and has concluded that they are not, or
- to comply with legal obligations applicable to us (such as medical device regulation, corporate and accounting).
4. Who has access to data?
The Oravizio service is produced using on-demand cloud computing platform offered by Amazon Web Services (AWS) and all the Personal Data is stored in servers located in the EU.
- List of the processors and other recipients can be provided upon request.
Transfer outside EU/EEA:
Personal Data is not transferred outside the European Union and the European Economic Area (“EU/EEA”).
In addition, we may share the Personal Data in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our business and in connection with other similar arrangements.
Personal Data are also disclosed to third parties if required under any applicable law or regulation or order by competent authorities, and to investigate possible infringing use of the Oravizio service as well as to guarantee the safety of Oravizio.
5. How does Solita protect data?
Personal Data is kept technically protected. Physical access to Personal Data is blocked by access control and other security measures. Access to Personal Data requires adequate rights, as well as multi-stage recognition. Unauthorised access is also prevented by firewalls and other technical protection. Only Solita and designated persons can access the stored data. Solita employees are bound by the confidentiality obligation. The stored data is backed up safely and can be returned as needed. The level of security is audited at recurring intervals by carrying out either an external or internal audit.
6. For how long is data kept?
- Detailed retention times can be provided upon request.
We evaluate the necessity and accuracy of the Personal Data on a regular basis and endeavor to ensure that the incorrect and unnecessary Personal Data are corrected or deleted.
7. Your rights
As a Data Subject, you have a number of rights under applicable data protection legislation. You can:
- access the Personal Data processed
- obtain a copy of your Personal Data on request in a structured, commonly used and machine-readable format insofar as the processing is based on contract, and insofar as you have provided the information to Solita
- require Solita to change incorrect or incomplete Personal Data
- object to the processing of your data where Solita is relying on its legitimate interests as the legal ground for processing. For example,you may object to your Personal Data being used for marketing purposes at any time.
- ask Solita to restrict processing Personal Data for a period if data is inaccurate or there is a dispute about whether or not your interests override Solita’s legitimate grounds for processing data.
Data Subject may exercise the aforementioned rights by sending a written request email@example.com to the Contact person for the register specified first above.
If you believe that Solita has not complied with applicable data protection laws when processing your Personal Data, you can lodge a complaint with a supervisory authority. In Finland, that is the Data Protection Ombudsman.
Cookies can also be used to determine whether your computer has previously had access to our site. Only the cookie on your computer will be recognised.
Cookies can be used to determine whether you have visited our website before. This is done by recognising the cookies on your computer. The cookies show from where you came to our website, which of our www-pages you have browsed and when, what browser you are using, the display resolution, operating system and IP address of your computer or what information you send from the internet address. The information will not tell us the name of the user or other Personal Data, and the user cannot be identified by the cookies alone.
|Version number||Change description||Date|
|Version 1.0||Initial version||June 4th 2019|
|Version 1.01||Solita’s address changed||Dec 16th, 2020|