REGISTER DESCRIPTION

Bio365 privacy statement

Updated 25.04.2025

Bio365.fi is the marketplace of JM Goods.

Register description according to Section 10 of the Personal Data Act (523/1999).

In this privacy statement, we explain how Bio365 / JM Goods ("Data controller") processes the personal data of its customers and users of its online services ("Customer") and how one can influence the processing of personal data.

Data controller

JM Goods, Business ID 3103562-8

Person responsible for register matters

 JM Goods / Mirko Pajunen

 asiakaspalvelu@bio365.fi

Name of the register

Bio365 online store customer register. The register consists of several sub-registers.

Purpose of the register

The purpose of the register is customer communication, maintaining and developing the customer and business relationship, and use for statistical purposes. The Bio365 online store uses this and other data generated during the customer relationship for planning product and service offerings and targeting the offerings.

Personal data is used within the limits permitted and required by the Personal Data Act. The register is not disclosed to external parties.

Information contained in the register

The customer register consists of several separate registers compiled according to the main purpose of use. These customer data together form the data sets stored about the customer as follows:

1) Customer contact information and data enabling ordering: first and last name, street address, postal code, post office, country, phone number, email address, date of birth, gender, and personal identity code. For corporate, association, and community customers, also the company name and business ID.

2) Interests reported by the customer, financial background information, and other customer-specific additional information.

3) Possible consent to send direct marketing to them.

4) Information about the customer's orders, deliveries, and returns.

5) Identifiers required for logging into the service.

6) Information related to the loyalty program, customer-specific data: membership level, purchase accumulation, collected, used, and available eco-points, customer's special requests.

The registered personal data is deleted upon the user's request.

Regular sources of information

The register's contact and customer information is obtained at the beginning and during the customer relationship from notifications made by the customer to the data controller. The customer relationship begins when the customer registers for the service, subscribes to direct marketing, or makes a purchase.

Separate consent is requested from the customer for electronic direct marketing (email and text message marketing) in accordance with the Personal Data Act. Information on creditworthiness at the time of the customer's order is obtained from Svea Ekonomi's (Business ID 1774535-9) system.

Register protection

Access to the register requires internal network access rights to the Bio365 online store. Access rights are limited only to information necessary for the person's job duties and require the use of personal user IDs. The customer register and the hardware of the information system processing it are located in closed data centers. Data is regularly backed up by copying to prepare for disruptions. The system is protected by a firewall against external contacts.

Confidentiality binds employees handling customer register data. Information is disclosed or transferred to outsiders only due to a legal obligation to report, such as at the customer's own request or a legally based request from an authority.

We comply with applicable legislation and industry self-regulation in the processing of personal data, such as the guidelines issued by the Customer Marketing Association and IAB Finland.

Processed personal data

We collect and process personal data only to the extent necessary to fulfill the purposes described in this privacy statement.

The personal data collected and the extent of its processing vary depending on the relationship between the Data Controller and the Data Subject, consents and prohibitions given for the processing of personal data and marketing, and the cookie and tracking settings of the browser used.

Customer and order information

  • basic information, such as name and contact details and date of birth
  • order and billing information, such as details of the payer and recipient of the order and changes to this information
  • customer service information, such as customer feedback, communication with customer service
  • consent information, such as information about marketing consents and other consents and prohibitions related to the use of personal data
  • information about responses to studies, surveys, and competitions conducted by Bio365 or its partners
  • customer-reported interests, financial background information, and other customer-specific additional information, such as special requests
  • information related to loyalty membership, for example membership level, purchase accumulation, collected, used, and available points

Data collected from the use of online services

  • information collected about the device or application used, such as browser version, device type, screen size, and IP address
  • information about the use of online services, such as data on page loads, time spent on online services, and navigation within online services
  • information about web pages opened through newsletters

Derived and combined data

To serve our Customers better, we process collected personal data by analyzing it using various statistical methods and combining data collected from different sources.

Based on analyses, information can be derived about Customers, such as assumed interests, age group, income level, purchasing behavior, or other similar characteristics. The derived information is based on the data provided by the Customer and collected about the customer as mentioned in the previous section. To ensure the privacy of its Customers, we do not process or derive sensitive personal data.

The Bio365 online store has the ability to combine information provided by the Customer about the use of online services with collected data, if a connection can be reasonably assumed to relate to the same person. The Bio365 online store can profile its Customers based on combined data, for example, to send timely information, offers, or benefits based on the Customer's interests or purchase history.

Bio365 online store safeguards the privacy of its Customers by conducting the data management and merging described above with special caution and uses the information obtained from merging in a way that does not compromise the privacy protection of customers or registered users.

Purposes of personal data and legal basis for processing

In this section, we explain the purposes of the personal data we collect, the legal basis for processing personal data, and the Customer's opportunities to influence the processing of their personal data.

The purposes of the personal data we collect can be divided into three groups as follows:

  1. Managing the customer relationship

We use our Customers' personal data for various necessary actions related to managing the customer relationship, such as:

  • offering products and services and delivering orders
  • maintaining the customer relationship and customer communications
  • providing customer service and other customer support
  • conducting competitions and lotteries

The processing of personal data for managing the customer relationship is based on the agreement between Bio365 online store and the Customer regarding the delivery of a product or service or other action forming the customer relationship.

  1. development of products and services

We use our Customers' personal data to develop products and services and to improve the quality and offering of the service. Measures for product and service development may include, for example, product or content recommendations or personalization of services or communications.

Information collected in studies and surveys, as well as more detailed purposes of use and data storage, are always explained in more detail in connection with each study.

The processing of personal data for the development of products and services is based on Bio365 online store's legitimate interest in utilizing data for the benefit of its Customers.

  1. Sales and marketing

We use our Customers' personal data for marketing and advertising as well as other commercial activities, such as electronic direct marketing. The processing of personal data for commercial purposes is based on the Customer's consent in the case of electronic direct marketing.

Sharing and disclosure of personal data

We use personal data to fulfill the purposes described above in section 3. Additionally, we use third-party services, during which third parties may also process personal data. In such cases, we ensure the lawful processing of personal data through contractual arrangements and instruct the third party on the processing of personal data.

We may disclose personal data to third parties if it is necessary to implement the rights or security of the Bio365 online store and the customer or user, to investigate fraud, or to respond to official inquiries.

Transfer of personal data outside the EU/EEA area

As a rule, we do not transfer or process personal data outside the European Union or the European Economic Area. If we exceptionally need to transfer data outside the EU/EEA area, we ensure an adequate level of protection for personal data in accordance with applicable legislation.

Use of cookies

We use cookies to improve the user experience of our online services and to monitor and facilitate usage. Cookies allow the storage of short text information in the user's browser for later use.

Collection and processing of location data

We use location data collected via IP address in our online store, for example, to display local offers and announcements. The accuracy of the location data we use is always at the municipality, city, or broader area level.

Retention of personal data

We retain personal data as long as necessary to fulfill the purposes defined in section 3. However, applicable legislation, such as accounting or other mandatory laws, may require retaining personal data even after the purpose of processing has ended. In such cases, retention periods defined in the applicable legislation are followed.

Data collected from the use of online services is stored for about twelve (12) months from the collection of the data in a form that allows the user to be identified. In predefined situations, we may retain data collected from the use of online services even after this period in a form where individual users can no longer be identified.

Users and customers should note that, for example, product reviews and information written and published on social media services and other similar public services may remain visible online even after the purpose of processing personal data has ended.

Customer rights and opportunities to influence

We are committed to protecting our Customers' privacy and rights under data protection legislation. Below we have listed the key rights and opportunities for our Customers to influence the processing of personal data.

Requests to exercise these rights should be addressed to our customer service. 

Bio365 | contact information

Our warehouse and office are located in Tampere. 

Customer service

Mon-Fri 10-16

asiakaspalvelu@bio365.fi

+358 45 7874 4655

Bio365 / JM Goods

TAMPERE

Inspection, deletion, and transfer - The customer has the right to access their personal data and the right to inspect and correct personal data concerning themselves. Additionally, the customer has the right to request the deletion of personal data concerning themselves to the extent permitted by other legislation. The customer also has the right to transfer personal data concerning themselves to another data controller.

Direct marketing - The Customer has the right to prohibit direct marketing and to object to the processing of their personal data (such as profiling) for direct marketing purposes. The Customer also has the opportunity to influence which channels direct marketing is conducted through (mail, phone, email).

Targeting and profiling – The Customer has the right to restrict the use of their personal data for profiling aimed at recommending products, services, and content. Means of influence generally include restricting e-commerce cookies, browsing the web in so-called private mode, and other technical measures.

Advertising targeting – Third-party advertising networks can target advertising on our websites based on the Customer's online behavior. The Customer has the opportunity to influence advertising targeting through these networks. However, preventing advertising targeting does not reduce the number of ads shown on the sites but prevents networks from showing advertising likely to interest the Customer.

Targeting of advertising on third-party platforms, such as Facebook, can be prevented from the advertising settings of each service.

If a user or customer believes that their statutory rights have been violated, they have the right to file a complaint with the national data protection authority or another data protection authority of the European Union or the European Economic Area. In Finland, the supervisory authority is the Data Protection Ombudsman. Contact information for the Data Protection Ombudsman can be found at http://www.tietosuoja.fi/fi/.

Data security

We ensure the secure processing of personal data with appropriate physical and technical security measures to protect personal data from, for example, loss, destruction, misuse, as well as unauthorized access and disclosure. We strive to ensure secure processing to guarantee the protection of personal data, for example by limiting access to data and ensuring that our employees and subcontractors use personal data in accordance with given instructions and agreements.

Changes to the privacy policy

We reserve the right to update this privacy policy, for example due to the development of our services or mandatory legislation. We will inform about changes and updates to the privacy policy on our website and encourage you to review the privacy policy regularly.

Google reCaptcha

We use Google's reCaptcha service to determine whether a person or a computer is making a certain entry on our contact or newsletter form. Google uses the following information to determine whether you are a human or a computer: the IP address of the device you are using, the website you are visiting and where the captcha is integrated, the date and duration of the visit, identifier information about the browser and operating system type used, Google account if you are logged into Google, mouse movements in the reCaptcha areas, and tasks for which you need to identify images. The legal basis for the described data processing is Art. 6 para. 1 lit. f of the General Data Protection Regulation. We have a legitimate interest in this data processing to ensure the security of our website and to protect us from automated inputs (attacks).