Privacy policy

Privacy statement Duodecim Medical Publications Ltd

Data controller

Duodecim Medical Publications Ltd
Kaivokatu 10 A
00100 Helsinki, Finland
tel. +358 9 618 851

Contact information

Issues related to data protection are handled at Duodecim’s customer service

Data subjects

  • customers (contact persons)
  • potential customers
  • stakeholders

Purpose of the processing of personal data

The register is used for

  • taking care of customer relationships
  • communicating Duodecim Medical Publications Ltd’s services and novelties as well as fair events
  • developing Duodecim Medical Publications Ltd’s services
Data subject Reason for processing
Duodecim Medical Publications Ltd’s customers agreement, consent
Duodecim Medical Publications Ltd’s potential
legitimate interest
Newsletter subscribers of the Newsroom Duodecim agreement
Newsletter subscribers consent
Media contacts legitimate interest
Stakeholders legitimate interest

Contents of the registers

The following information may be recorded in the register

  • name
  • email address
  • title, belonging to the organisation
  • role of the contact person (e.g. IT contact person, chief physician, etc.)
  • purchase history

Regular data sources

Data subjects Regular data sources
Duodecim Medical Publications Ltd’s customers Contact information is collected from customers in connection with singing the agreement and information concerning the organisation’s contact persons are updated from public sources, if necessary.
Duodecim Medical Publications Ltd’s potential The data subject provides their information while participating in competitions and lotteries at fairs.
Newsletter subscribers The user provides their information when subscribing to the newsletter.
Media contacts Data are collected and updated from public sources and from the registers of a data controller providing address services.
Stakeholders The contact information lists of stakeholders are collected in connection with meetings and they may be collected or updated from public sources.

Retention period of data

The data in the register will be retained as long as we use the data for maintaining our customer relationships, as described in this statement, or for communication and product development purposes. We assess the necessity of retained data regularly every year and take all reasonable and possible measures in order to ensure that data, which is incorrect or out of date considering the purpose of the processing, will be updated or erased.

A newsletter subscriber may unsubscribe from the subscriber list.

Recipients of data

Data shall not be disclosed to external parties.

We have ensured that all our service providers who process personal data in our registers comply with the data protection regulations. We regularly use IT service suppliers, mail preparation firms and printers as data processors.

Transfer of data outside the EU and the European Economic Area

Data is processed in secure data centres that are located in the EU area.

Principles of data security

It is important for us to process data securely. We have implemented appropriate technical and organisational measures to protect the personal data of our data subjects. We retain personal data both in electronic and paper format.

Using systems that include personal data requires a personal user code and password. Registers are located on servers in a secure data centre where there is no entry for unauthorised persons. Access of data and information security have been taken into account in data centres and they are equipped with appropriate access control, video surveillance and fire and burglary prevention devices.

Printed data is stored in Duodecim’s office in a locked facility. Data is processed only by employees who need access to it for their work.

People registered to the Oma Duodecim service can access and update their own data in the Oma Duodecim service. In order to access their own data in the Oma Duodecim service, people must register themselves as Duodecim account users with the activation code received from Duodecim. The Duodecimin työpöytä service will be activated for the user by the person responsible for Duodecim’s content production work.

Rights of the data subject

The rights of the data subjects are listed below. Requests related to these rights must be submitted to

Right of access and rectification

You have the right of access to your personal data that we have saved. If you observe any errors or deficiencies in your information, you may request us to correct or supplement your data.

Right to be forgotten and right to restrict processing

If you think that the processing of your data is not necessary for performing our tasks, you have the right to request us to erase the data concerned. We process your request and either erase your data or provide you with a justified reason as to why we cannot erase your data. If you disagree with our solution, you have the right to lodge a complaint to the Data Protection Ombudsman. You have the right to request that we restrict the processing of the disputed data until the complaint is resolved.

Right to object the processing of data

You have the right to object to the processing of your personal data if you think that we have processed your personal data unlawfully or that we have no right to process some of your personal data.

Right to transfer data between systems

You have the right to receive the data that you have provided us, for those parts that are processed based on the agreement, in a machine readable format, as a rule, so that you can transfer the data to another data controller.

Right to lodge a complaint

You have the right to lodge a complaint to the Data Protection Ombudsman ( if you think that we have breached the existing data protection legislation when processing your personal data.


Privacy statement update on 24 May 2018