top of page

Privacy policy

Updated May 20th 2020

Controller and Control Information

Head Instruments Oy
Kasarmintie 13 D
90130 Oulu

Contact person

Lassi Laitinen

Legal basis and purpose of processing personal data

Head Instruments Oy does not store any user or patient data related to software (Head MDM). All data is stored on local memory of the used device.

The processing of personal data is based on (i) performance of the rights and obligations of a lease and/or service agreement between a controller and a customer, or a data controller and its partner, for a supplier agreement, and performance of the preliminary measures required for the agreement, (ii) and/or for the purposes of the legitimate interests of the controller or of a company belonging to the same group. Personal data is used forproviding medical reports, handling orders and invoicing, managing, developing and maintaining the customer (including potential customer) relationship between the controller and the customer, and the related analysis, compilation of statistics, customer communication, organizing of events, customer experience evaluation, identification of the customer’s users, user management, troubleshooting of electronic services, and management of relationships between the cooperation partners. In addition, personal data is used for direct marketing by the controller and its group companies (including electronic newsletters),targeting and profiling of online advertising, and for designing and development of the controller’s products and services.

What information is stored

The data register may contain personal information such as first and last names, phone numbers and email addresses. We may also store your employers name, address and other contact information as well as details about your position in your company. Among the information stored may also be summaries of our conversations and meetings with you together with the relevant dates and times.


Sources of data

Data is collected regularly about the data subject by telephone, email, on theinternet, in meetings, and in conjunction with concluding agreements and contractual relations and patient data sent by the customers of the Controller.Personal data can also be collected and updated from public and private registers, such as the population register, other authorities, credit information companies, contact information providers, and other similar trustworthy parties.

Access to data

A limited number of our staff have access to your data. All staff having access to such data are bound by confidentiality obligations.

3rd party services that work as data processors are processing the data according to the GDPR rules and following the principles set by the controller-processor contract.

Your data is not shared to any other internal or external personnel or parties without your permission.

Please note that there can be exceptions based on your country due to local laws or authorities and that we may be obligated to disclose your data to authorities or third parties pursuant to applicable law or an order of a regulatory or statutory authority.

Where is your data hosted

We host your data on a cloud based customer relationship management service primarily in the European Union. The cloud service may replicate the data to servers outside the European Union. In these cases the required means, defined by the applicable data protection laws and regulations including the General Data Protection Regulation 2016/679, are carried out to protect the data.

What are Your rights

Right to review: You have a right to review your personal data collected to our register.

Right to prohibition: You have a right to prohibit the use of your personal data for direct advertising, remote sale or other direct marketing as well as for marketing and attitude surveys.

Right to correct incorrect data: If the data registered about you is incorrect, you have the right to correct the information.

Right to be forgotten: You have a right to request for us to erase all your personal data from all our systems unless it is needed for completing legal or contractual obligations.

Written request to execute any of these rights, shall be submitted to

Changes to this Privacy Policy

We may modify or update this Privacy Policy from time to time, therefore you should review our website periodically for the up-to-date version. When we change the Privacy Policy, we will update the ‘updated’ date at the top of this page.

bottom of page