REGISTER DESCRIPTION

Bio365 privacy statement

Updated 25.04.2025

Bio365.fi is JM Goods' marketplace.

Register description in accordance with Section 10 of the Personal Data Act (523/1999).

In this privacy statement, we explain how Bio365 / JM Goods ("Data Controller") processes the personal data of its customers and users of its online services ("Customer") and how you can influence the processing of personal data.

Data controller

JM Goods, Business ID 3103562-8

Person responsible for register matters

 JM Goods / Mirko Pajunen

 asiakaspalvelu@bio365.fi

Name of the register

Bio365 online store customer register. The register consists of several sub-registers.

Purpose of use of the register

The purpose of the register is customer communication, maintaining and developing customer and business relationships, and use for statistical purposes. The Bio365 online store uses this and other information generated during the customer relationship for product and service offering planning and targeting.

Personal data is used within the limits permitted and required by the Personal Data Act. The register is not disclosed to external parties.

Information contained in the register

The customer register consists of several separate registers compiled according to the main purpose of use. Together, these customer details form the data sets stored about the customer as follows:

1) Customer contact details and information enabling ordering: first and last name, street address, postal code, post office, country, phone number, email address, date of birth, gender, and personal identity number. For corporate, association, and community customers, also the company name and Business ID.

2) Customer-reported interests, financial background information, and other customer-specific additional information.

3) Possible consent to send direct marketing to them.

4) Information about the customer's orders, deliveries, and returns.

5) Identifiers required for logging into the service.

6) Customer-specific information related to the loyalty program: membership level, purchase accumulation, collected, used, and available eco-points, customer's special requests.

The registered personal data will be deleted upon the user's request.

Regular sources of information

Contact and customer information in the register is obtained at the start and during the customer relationship from notifications made by the customer to the data controller. The customer relationship begins when the customer registers for the service, orders direct marketing, or makes a purchase.

Separate consent is requested from the customer for electronic direct marketing (email and text message marketing) in accordance with the Personal Data Act. Information on creditworthiness at the time of the customer's order is obtained from Svea Ekonomi's (Business ID 1774535-9) system.

Register protection

Access to the register requires internal network access rights to the Bio365 online store. Access is limited only to information necessary for the person's work duties and requires the use of personal user IDs. The customer register and the IT systems processing it are located in closed data centers. Data is regularly backed up by copying to prepare for disruptions. The system is protected by a firewall against external connections.

Confidentiality obligations bind employees handling customer register data. Information is disclosed or transferred to outsiders only due to a legal obligation to report, such as at the customer's own request or a legally based request from authorities.

We comply with applicable legislation and industry self-regulation in the processing of personal data, such as guidelines issued by the Customer Marketing Association and IAB Finland.

Processed personal data

We collect and process personal data only to the extent necessary to fulfill the purposes described in this privacy statement.

The personal data collected and the scope of its processing vary depending on the relationship between the Data Controller and the Data Subject, consents and prohibitions given for the processing of personal data and marketing, and the cookie and tracking settings of the browser used.

Customer and order information

  • basic information, such as name and contact details and date of birth
  • order and billing information, such as data on the payer and recipient of the order and changes to this information
  • customer service information, such as customer feedback and communication with customer service
  • consent information, such as data on marketing consents and other consents and prohibitions related to the use of personal data
  • information about responses to studies, surveys, and competitions conducted by Bio365 or its partners
  • customer-reported interests, financial background information, and other customer-specific additional information, such as special requests
  • data related to loyalty membership, for example membership level, purchase accumulation, points collected, used, and available

Data collected from the use of online services

  • information collected about the device or application used, such as browser version, device type, screen size, and IP address
  • information about the use of online services, such as data on page loads, time spent on online services, and navigation within online services
  • Information about web pages opened through newsletters

Derived and combined data

To serve our Customers better, we refine the collected personal data by analyzing it using various statistical methods and combining data collected from different sources.

Based on analyses, information can be derived about Customers concerning, for example, assumed interests, age group, income level, purchasing behavior, or other similar characteristics. The derived information is based on the Customer-provided and collected data mentioned in the previous section. To ensure the privacy of its Customers, we do not process or derive sensitive personal data.

Bio365 online store has the ability to combine information provided by the Customer about the use of online services with collected data if a connection can reasonably be assumed to relate to the same person. Bio365 online store may profile its Customers based on combined data, for example, to send timely information, offers, or benefits based on the Customer's interests or purchase history.

The Bio365 online store protects its Customers' privacy by conducting the data management and combination described above with special caution and uses the information obtained from combining data in a way that does not compromise the privacy of customers or registered users.

Purposes of personal data use and legal basis for processing

In this section, we explain the purposes of the personal data we collect, the legal basis for processing personal data, and the Customer's options to influence the processing of their personal data.

The purposes for which we use the personal data we collect can be divided into three groups as follows:

  1. Managing the customer relationship

We use our Customers' personal data for various necessary actions related to managing the customer relationship, such as:

  • Offering products and services and delivering orders
  • Maintaining the customer relationship and customer communication
  • Providing customer service and other customer support
  • Conducting competitions and prize draws

The processing of personal data for managing the customer relationship is based on the agreement between the Bio365 online store and the Customer regarding the delivery of a product or service or other action forming the customer relationship.

  1. Development of products and services

We use our customers' personal data to develop products and services and to improve the quality and offering of the service. Measures for product and service development may include product or content recommendations or personalization of services or communications.

Information collected in studies and surveys and the specific purpose of use and data storage are always explained in detail in connection with each study.

The processing of personal data for the development of products and services is based on the legitimate interest of the Bio365 online store to utilize data for the benefit of its customers.

  1. Sales and Marketing

We use our customers' personal data for marketing and advertising as well as other commercial activities, such as electronic direct marketing. The processing of personal data for commercial purposes is based on the customer's consent in the case of electronic direct marketing.

Sharing and Disclosure of Personal Data

We use personal data to fulfill the purposes described above in section 3. Additionally, we use third-party services, during which third parties may also process personal data. In such cases, we ensure the lawful processing of personal data through contractual arrangements and instruct the third party on the handling of personal data.

We may disclose personal data to third parties if it is necessary to implement the rights or security of the Bio365 online store and the customer or user, to investigate fraud, or to respond to official inquiries.

Transfer of Personal Data Outside the EU/EEA Area

As a general rule, we do not transfer or process personal data outside the European Union or the European Economic Area. If we exceptionally need to transfer data outside the EU/EEA area, we ensure that the protection of personal data meets an adequate level according to applicable legislation.

Use of Cookies

We use cookies to improve the user experience of our online services and to monitor and facilitate their use. Cookies allow short text-based information to be stored in the user's browser for later use.

Collection and Processing of Location Data

We use location data collected via IP address in our online store, for example, to display local offers and announcements. The accuracy of the location data we use is always at the municipality, city, or broader area level.

Retention of Personal Data

We retain personal data as long as necessary to fulfill the purposes defined in section 3. However, applicable legislation, such as accounting or other mandatory laws, may require retaining personal data even after the purpose of processing has ended. In such cases, retention periods defined in the applicable legislation will be followed.

Data collected from the use of online services is stored for about twelve (12) months from the time of collection in a form that allows the user to be identified. In predefined situations, we may retain data collected from the use of online services beyond this period in a form where individual users can no longer be identified.

Users and customers should note that, for example, product reviews and information written and published on social media services and other similar public services may remain visible online even after the purpose of processing personal data has ended.

Customer rights and options to influence

We are committed to protecting our Customers' privacy and rights under data protection legislation. Below we have listed the key rights and options our Customers have regarding the processing of personal data.

Requests regarding the exercise of these rights should be directed to our customer service. 

Bio365 | contact information

Our warehouse and office are located in Tampere. Unfortunately, we do not have customer facilities or pickup options on site.

Customer Service

asiakaspalvelu@bio365.fi

Bio365 / JM Goods

TAMPERE

Access, deletion, and transfer - Customers have the right to access their personal data and to review and correct their personal information. Additionally, customers have the right to request the deletion of their personal data to the extent permitted by other legislation. Customers also have the right to transfer their personal data to another data controller.

Direct marketing - Customers have the right to prohibit direct marketing and to object to the processing of their personal data (such as profiling) for direct marketing purposes. Customers can also influence which channels are used for direct marketing (mail, phone, email).

Targeting and profiling – Customers have the right to restrict the use of their personal data for profiling aimed at recommending products, services, and content. The main ways to influence this are generally limiting e-commerce cookies, browsing online in so-called private mode, and other technical measures.

Targeted advertising – Third-party advertising networks may target advertising on our website based on the Customer's web behavior. The Customer has the option to influence targeted advertising through these networks. However, blocking targeted advertising does not reduce the number of ads shown on the sites but prevents networks from showing ads likely to interest the Customer.

Targeted advertising on third-party platforms, such as Facebook, can be prevented through the advertising settings of each service.

If a user or customer believes that their statutory rights have been violated, they have the right to file a complaint with the national data protection authority or another data protection authority of the European Union or the European Economic Area. In Finland, the supervisory authority is the Data Protection Ombudsman. Contact details for the Data Protection Ombudsman can be found at http://www.tietosuoja.fi/fi/.

Data security

We ensure the secure processing of personal data with appropriate physical and technical security measures to protect personal data from loss, destruction, misuse, as well as unauthorized access and disclosure. We strive to ensure secure processing to guarantee the protection of personal data, for example by limiting access to data and ensuring that our employees and subcontractors use personal data according to given instructions and agreements.

Changes to the privacy policy

We reserve the right to update this privacy policy, for example due to the development of our services or mandatory legislation. We will inform about changes and updates to the privacy policy on our website and encourage you to review the privacy policy regularly.

Google reCaptcha

We use Google's reCaptcha service to determine whether a person or a computer is making a specific entry on our contact or newsletter form. Google uses the following information to determine if you are a human or a computer: the IP address of the device you are using, the website you are visiting where the captcha is integrated, the date and duration of the visit, identifiers about the browser and operating system type used, your Google account if you are logged into Google, mouse movements in the reCaptcha areas, and the tasks for which you need to identify images. The legal basis for this data processing is Art. 6(1)(f) of the General Data Protection Regulation. We have a legitimate interest in this data processing to ensure the security of our website and to protect ourselves from automated inputs (attacks).