Privacy Policy

Bio365 Privacy Policy

Updated 25.04.2025

Bio365.fi is a marketplace of JM Goods.

A register description in accordance with Section 10 of the Personal Data Act (523/1999).

In this privacy policy, we explain how Bio365 / JM Goods ("Controller") processes the personal data of its customers and users of its online services ("Customer") and how one can influence the processing of personal data.

Data Controller

JM Goods, Business ID 3103562-8

Person handling registry matters

JM Goods / Mirko Pajunen

asiakaspalvelu@bio365.fi

Name of the register

Customer register of Bio365 online store. The register consists of several sub-registers.

Purpose of the register

The purpose of the register is customer communication, maintaining and developing customer and business relationships, and use for statistical purposes. Bio365 online store uses these and other information generated during the customer relationship for planning product and service offerings as well as targeting the offerings.

Personal data is used within the limits allowed and required by the Personal Data Act. The register is not disclosed to external parties.

Information contained in the register

The customer register consists of several separate registers compiled according to their main purpose. The customer information in these together forms the data sets stored about the customer as follows:

1) Customer contact information and information enabling ordering: first and last name, street address, postal code, city, country, phone number, email address, date of birth, gender, and personal identity code. For business, association, and community customers, also the company name and business ID. 

2) Customer-reported interests, financial background information, and other customer-specific additional information.

3) Possible consent to send direct marketing to them.

4) Information about the customer's orders, deliveries, and returns.

5) Identifiers required to log in to the service.

6) Customer-specific information related to the loyalty program: membership level, purchase accumulation, collected, used, and available eco-points, special requests of the customer.

The registered personal data is deleted at the user's request.

Regular sources of information

Contact and customer information in the register is obtained when the customer relationship is established and during it from notifications made by the customer to the data controller. A customer relationship is established when the customer registers for the service, subscribes to direct marketing, or makes a purchase.

For electronic direct marketing (email and text message marketing), separate consent is requested from the customer in accordance with the Personal Data Act. Information about creditworthiness at the time of the customer's order is obtained from Svea Ekonomi's (Business ID 1774535-9) system.

Protection of the Register

Access to the register requires permissions to use the internal network of the Bio365 online store. Access is limited only to information necessary for the performance of a person's work tasks and requires the use of personal user IDs. The customer register and the computer systems that process it are located in closed server rooms. As a precaution against disruptions, the data is regularly backed up by copying. The system is protected by a firewall against external connections.

Confidentiality binds employees who handle customer register information. Information is disclosed or provided to outsiders only due to a legal reporting obligation, such as at the customer's own request or on the basis of a request made by an authority according to the law.

We comply with applicable legislation in the processing of personal data as well as industry self-regulation, such as the guidelines issued by the Customer Marketing Association (Asiakkuusmarkkinointiliitto ry) and IAB Finland ry.

Personal data to be processed

We collect and process personal data only to the extent necessary to carry out the purposes described in this privacy policy.

The personal data collected and the scope of their processing vary depending on the relationship between the Data Controller and the Data Subject, the consents and objections given for the processing and marketing of personal data, and the cookie and tracking settings of the browser used.

Customer and order information

  • basic information, such as name and contact details as well as date of birth
  • order and billing information, such as information about the payer and recipient of the order and changes to this information
  • customer service information, such as customer feedback, communication with customer service
  • consent information, such as information about marketing consents and other consents and prohibitions related to the use of personal data
  • information about responses to studies, surveys, and competitions conducted by Bio365 or its partners
  • customer-reported interests, financial background information, and other customer-specific additional information, such as special requests
  • loyalty program-related information, for example membership level, purchase accumulation, collected, used, and available points

Data collected from the use of online services

  • data collected from the device or application being used, such as browser version, device type, screen size, and IP address
  • data on the use of online services, such as information on page loads, time spent in online services, and navigation within online services
  • data on web pages opened via newsletters

Derived and Combined Data

To serve our Customers better, we process the personal data collected by analyzing it using various statistical methods and combining information collected from different sources.

Based on the analyses, it is possible to derive information about Customers concerning, for example, assumed interests, age group, income level, purchasing behavior, or other similar characteristics. Derived data is based on the information provided by the Customer and the information collected about the Customer mentioned in the previous section. To ensure the privacy of our Customers, we do not process or derive personal data that is considered sensitive.

The Bio365 online store has the ability to combine information provided by the Customer with information collected about the use of online services, if a connection can be made between the data such that it can reasonably be assumed to relate to the same person. The Bio365 online store may profile its Customers based on the combined information, for example, to send relevant information, offers, or benefits based on the Customer's interests or purchase history. 

The Bio365 online store protects the privacy of its Customers by exercising special caution in carrying out the above-described derivation and combination of data, and uses the information obtained from the combination in such a way that the privacy of customers or registered users is not compromised.

Purposes of personal data use and the legal basis for processing

In this section, we explain the purposes for which we collect personal data, the legal basis for processing personal data, and the Customer's possibilities to influence the processing of their personal data.

The purposes for which we collect personal data can be divided into three groups as follows:

  1. Managing the customer relationship

We use our Customers' personal data for various measures necessary for managing the customer relationship, such as:

  • offering products and services and delivering orders
  • maintaining customer relationships and customer communication
  • providing customer service and other customer support
  • conducting competitions and raffles

Processing personal data for managing the customer relationship is based on the agreement between the Bio365 online store and the Customer regarding the delivery of a product or service or another action that forms the customer relationship.

2. development of products and services

We use our Customers' personal data to develop products and services and to improve the quality and offering of the service. Measures taken to develop products and services may include, for example, product or content recommendations or personalization of services or communication.

The information collected in studies and surveys, as well as more detailed information on the purpose of use and data storage, is always explained in more detail in connection with each study.

The processing of personal data for the development of products and services is based on Bio365 online store's legitimate interest in using the information for the benefit of its Customers.

3. Sales and Marketing

We use our Customers' personal data for marketing and advertising, as well as for other commercial activities, such as electronic direct marketing. The processing of personal data for commercial purposes, in the case of electronic direct marketing, is based on the Customer's consent.

Sharing and Disclosure of Personal Data

We use personal data to carry out the purposes described above in section 3. In addition, we use the services of third parties, during the use of which third parties may also process personal data. In such cases, we ensure the lawful processing of personal data through contractual arrangements and instruct the third party on the handling of personal data.

We may disclose personal data to third parties if it is necessary to implement the rights or security of the Bio365 online store and the customer or user, to investigate fraud, or to respond to official inquiries.

Transfer of personal data outside the EU/EEA

As a rule, we do not transfer, nor process, personal data outside the European Union or the European Economic Area. If we exceptionally need to transfer data outside the EU/EEA area, we ensure the protection of personal data at an adequate level in accordance with applicable legislation.

Use of Cookies

We use cookies to improve the user experience of our online services as well as to monitor and facilitate usage. Cookies allow the storage of short text-based information in the user's browser for later use.

Collection and processing of location data

We use location data collected through IP addresses on our online store, for example, to display local offers and announcements. The accuracy of the location data we use is always at the municipality, city, or broader area level.

Retention of personal data

We retain personal data as long as necessary to fulfill the purposes defined in section 3. However, applicable legislation, such as accounting or other mandatory laws, may require retaining personal data even after the purpose of processing has ended. In such cases, the retention period follows the retention times defined in the applicable legislation.

Information collected from the use of online services is retained for approximately twelve (12) months from the collection of the data in a form in which the user can be identified. In predefined situations, we may retain information collected from the use of online services even after this period in a form in which an individual user can no longer be identified.

Users and customers should note that, for example, product reviews and information written and published on social media services and other similar public services may remain visible online even after the purpose of processing personal data has ended.

Customer rights and opportunities to influence

We are committed to protecting our Customers' privacy as well as the rights provided under data protection legislation. Below, we have listed the main rights and opportunities of our Customers regarding the processing of personal data.

Requests to exercise these rights should be directed to our customer service.

Bio365 | contact information

Our warehouse and office are located in Tampere.

Customer service

asiakaspalvelu@bio365.fi

Bio365 / JM Goods

Inspection, deletion, and transfer - The customer has the right to access their personal data and the right to inspect and correct personal data concerning themselves. In addition, the customer has the right to request the deletion of personal data concerning themselves to the extent permitted by other legislation. The customer also has the right to transfer personal data concerning themselves to another data controller.

Direct marketing - The customer has the right to prohibit direct marketing and to object to the processing of their personal data (such as profiling) for direct marketing purposes. The customer also has the ability to influence which channels are used for direct marketing (mail, phone, email).

Targeting and profiling – The customer has the right to restrict the use of their personal data for profiling aimed at recommending products, services, and content. The main options for influence are generally limiting cookies on online stores, browsing the web in so-called private mode, and other technical measures.

Advertising targeting – Third-party advertising networks can target advertisements on our websites based on the customer's online behavior. The customer has the option to influence the targeting of advertising through these networks. However, preventing targeted advertising does not reduce the number of ads displayed on the sites but prevents the networks from showing ads that are likely to be of interest to the customer.

Targeting of advertising on third-party platforms, such as Facebook, can be prevented from the advertising settings of each service.

If a user or customer believes that their statutory rights have been violated, they have the right to lodge a complaint with the national data protection authority or another data protection authority of the European Union or the European Economic Area. In Finland, the supervisory authority is the Data Protection Ombudsman. Contact details for the Data Protection Ombudsman can be found at http://www.tietosuoja.fi/fi/.

Information Security

We take care to handle personal data securely with appropriate physical and technical security measures to protect personal data, for example, from loss, destruction, misuse, as well as unauthorized access and disclosure. We aim to ensure secure handling to guarantee the protection of personal data, for example, by limiting access to information and ensuring that our employees and subcontractors use personal data in accordance with the provided instructions and agreements.

Changes to the Privacy Policy

We reserve the right to update this privacy policy, for example, due to the development of our services or mandatory legislation. We inform about changes and updates to the privacy policy on our website and encourage regular review of the privacy policy.

Google reCaptcha

We use Google's reCaptcha service to determine whether a person or a computer is making a particular entry on our contact or newsletter form. Google uses the following information to determine whether you are a human or a computer: the IP address of the device you are using, the website you are visiting and to which the captcha is integrated, the date and duration of the visit, identification information about the browser used and the type of operating system, Google account if you are logged into Google, mouse movements in the reCaptcha areas, and tasks for which you need to identify images. The legal basis for the described data processing is Art. 6 section 1 lit. f of the General Data Protection Regulation. We have a legitimate interest in this data processing to ensure the security of our website and to protect ourselves from automated inputs (attacks).