Information security
Data description
Typically address data is delivered to Thermidas Oy (Data Processor) by podiatrist, physiotherapists, nurses, or doctors (Data Controllers).
The purpose of processing data is that Data Controllers must be able to store, analyse and share thermal images and patient data. In order to do this effectively data can be collected with Thermidas Oy’s developed products, send to cloud and viewed, downloaded and shared with parties that have the correct credentials. Because Thermidas Oy develops and maintains such thermal image and patient data capturing and analysing solutions, it must have access to data.
Personal data saved in Thermidas Oy’ cloud consists of the following data items:
- Name
- Social security number
- Date of Birth
Data location
There are basically two types of Thermidas Oy’s installations. The location of the saved data depends on the installation type of the system.
Cloud-based installation
Thermidas Oy data in Europe is saved in Microsoft Azure Cloud. Thermidas Oy cloud instances are located in Azure Northern Europe Region and physically in Stockholm, Sweden or Dublin, Ireland.
In-house hosted installation
Thermidas Oy data is saved in a local server and database infrastructure and managed by the Data Controller in their premises.
Breach Notification
In the case of a data breach, Thermidas Oy will notify their customers, the controllers, immediately after becoming aware of the breach.
Right to Access
The data subjects have a right to get a copy of their personal data, free of charge, in an electronic format by written request.
Right to be Forgotten
The data subjects have a right to request deletion of their personal data and discontinuation of further processing of the data by written request.
Data Portability
The data subjects have a right to request transmission of their personal data to another controller. The transmission will be performed upon written request.
Privacy by Design
Data Protection Officer
Raimo Mansikkaoja, CEO