Logo

Privacy policy

This is Cardio-One AI’s register and privacy notice in accordance with the Finnish Personal Data Act (sections 10 and 24) and the EU General Data Protection Regulation (GDPR). Prepared on 7 October 2025. Last updated on 7 October 2025.

Data Controller

Cardio-One AI,
Jontikka 6 A 35, 40100 Jyväskylä, Finland

Contact Person Responsible for the Register

Dr. Haidar Fana
info@cardio-one.fi
+358 400 245 451

Name of the Register

Cardio-One AI customer register

Legal Basis and Purpose of Processing Personal Data

We use the personal data provided to us via the contact form to manage customer relationships.

Data is not used for automated decision-making or profiling.

Data Contained in the Register

The register may contain the following data: a person’s name, contact details (phone number, email address, address), billing information, and information on products or services sold.

We retain your personal data in our email archive and accounting records for seven years / for the period required by law.

Regular Sources of Data

Data stored in the register is obtained from the customer, for example from public registers, messages sent via web forms, email, telephone, social media services, agreements, customer meetings, and other situations in which the customer provides their data.

Regular Disclosures of Data

Data is not regularly disclosed to third parties. Data may be published to the extent agreed with the customer.

Principles of Data Protection

Due care is observed in processing the register, and data processed via information systems is appropriately protected. When register data is stored on internet servers, the physical and digital security of the equipment is ensured appropriately. The controller ensures that stored data, as well as server access rights and other critical information for the security of personal data, is handled confidentially and only by employees whose job duties require it.

Right of Access and Right to Request Rectification

Each person recorded in the register has the right to inspect the data stored about them and to request the correction of any inaccurate data or the completion of incomplete data. If a person wishes to inspect their data or request rectification, the request must be sent to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time limits set by the GDPR (generally within one month).

Other Rights Related to the Processing of Personal Data

A person recorded in the register has the right to request the erasure of their personal data from the register (“right to be forgotten”). Registered persons also have other rights under the GDPR, such as the right to restrict processing in certain situations. Requests must be sent to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time limits set by the GDPR (generally within one month).