Information security

The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe. Thermidas Oy complies with applicable GDPR regulations as a data processor.

Data description

Typically address data is delivered to Thermidas Oy (Data Processor) by podiatrist, physiotherapists, nurses, or doctors (Data Controllers).

The purpose of processing data is that Data Controllers must be able to store, analyse and share thermal images and patient data. In order to do this effectively data can be collected with Thermidas Oy’s developed products, send to cloud and viewed, downloaded and shared with parties that have the correct credentials. Because Thermidas Oy develops and maintains such thermal image and patient data capturing and analysing solutions, it must have access to data.

Personal data saved in Thermidas Oy’ cloud consists of the following data items:

  • Name
  • Social security number
  • Date of Birth

Data location

There are basically two types of Thermidas Oy’s installations. The location of the saved data depends on the installation type of the system.

Cloud-based installation

Thermidas Oy data in Europe is saved in Microsoft Azure Cloud. Thermidas Oy cloud instances are located in Azure Northern Europe Region and physically in Stockholm, Sweden or Dublin, Ireland.

In-house hosted installation

Thermidas Oy data is saved in a local server and database infrastructure and managed by the Data Controller in their premises.

Breach Notification

In the case of a data breach, Thermidas Oy will notify their customers, the controllers, immediately after becoming aware of the breach.

Right to Access

The data subjects have a right to get a copy of their personal data, free of charge, in an electronic format by written request.

Right to be Forgotten

The data subjects have a right to request deletion of their personal data and discontinuation of further processing of the data by written request.

Data Portability

The data subjects have a right to request transmission of their personal data to another controller. The transmission will be performed upon written request.

Privacy by Design

Thermidas Oy will hold and process only the data absolutely necessary for the completion of its duties (data minimization), as well as limiting the access to personal data to those needing to act out the processing.

Data Protection Officer

Raimo Mansikkaoja, CEO