We never share your data with outsiders.

We use appropriate security measures to protect your data and store it only as long as needed.

About Orla DTx

Orla DTx is a Finnish company that develops digital therapeutics solutions. You can contact us in privacy or security related matters via email at . In other matters, please contact us using the contact information on our Contact page.

Your Data on OrlaDTx.com and PEF.fi Websites

On our websites we collect and process data related to your browsing of the website for the purpose of collecting statistics and allowing prospective users to contact us.

We use appropriate security measures to protect your data and store it only as long as needed. Individual site usage data is stored for two months. Data submitted through the contact form is often relevant for business development and marketing purposes for a long time, and may be stored indefinitely unless you explicitly request otherwise.

Methods and Reasons for Data Collection

We obtain the data through your interaction with the websites. The legal basis for processing your data on our websites is our legitimate interest in collecting statistics of website use and allowing prospective customers to contact us.

Your Data Rights

You can request to receive information about or a copy of the personal data we hold about you. You can also request that we correct or erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can also request us to limit our processing of your data, or object to our processing of your data based on legitimate interest. Note that these requests require you to prove your identity so that others cannot use them to access your data.

Collected Data

Cookies

Our websites use cookies to improve your experience while you navigate through the website. We also use third-party cookies that help us analyze and understand how people use the website. These cookies may share information about your use of our website with our social media, advertising and analytics partners.

Contact Forms

If you submit the contact form, the form contents will be checked through a third party automated spam detection service and emailed to us. We will use the submitted information to help you, and for business development and marketing purposes. We will never disclose your submitted information to other companies.

Embedded Content

Articles on our websites may include embedded content (e.g. videos, images, fonts, etc.) from other websites. These websites may use cookies or other tracking mechanisms to monitor your interaction with the embedded content.

IP Addresses

Our websites may record your IP address in security logs. We only use that information to resolve security incidents. Your IP address may also be used to determine your city-level location for statistical purposes.

Your Data as an Orla Customer Contact or Key Opinion Leader

We collect and process contact information, discussion notes and sales and marketing information related to customer contacts and key opinion leaders. We use this information for discussions and notifications related to providing the service, and for sales and marketing purposes. We use appropriate security measures to protect your data and store it only as long as needed. However, data is often relevant for sales and marketing purposes for a long time, and may be stored indefinitely unless you explicitly request otherwise.

Methods and Reasons for Data Collection

We obtain data directly from you, from marketing data providers such as Global Data Plc and LinkedIn, and from company web pages. When we communicate with you in order to provide a service for which there is already contract in place, the legal basis for processing your data is performance of contract. If there is no contract in place, the legal basis for processing your data is our legitimate interest to market and sell our products. Finally, for discussions related to security and privacy, legal obligation may also apply as the legal basis.

Your Data Rights

You can request to receive information about or a copy of the personal data we hold about you. You can also request that we correct or erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. You can also request us to limit our processing of your data, or object to our processing of your data based on legitimate interest. Note that these requests require you to prove your identity so that others cannot use them to access your data.

Your Data in Remote Patient Monitoring

In remote patient monitoring we collect and process data related to remote measurement programs, such as contact information, measurement schedules, measurements, and medicine dosage data. We also collect log information about use of the system.

We process your data only in accordance to our agreements with the healthcare providers and as directed by the healthcare providers. We protect your data with appropriate security measures and store it until the healthcare provider instructs us to delete it.

Methods and Reasons for Data Collection

We collect data on behalf of healthcare providers through the patient mobile application and the professional’s web application. The legal basis for data processing in remote patient monitoring is usually performance of contract, but in some cases legal obligation or protecting the vital interests of the data subject may also apply.

Your Data Rights

Since we only process patient and professional user data on behalf of healthcare providers, you cannot directly exercise your data rights through us. Rather, you should contact your healthcare provider, who will then instruct us to take the necessary actions.

Collected Data

Patient Data

We collect patient data for the purpose of enabling patients to be remotely monitored. This data includes patient contact information, medicine dosage information, measurement program information and measurement data.

Professional User Data

We collect professional user data for the purpose of enabling professional users to monitor the health of patients remotely. This data includes the professional’s contact information and information about what patient data the professional has accessed (audit log).

Log Data

We collect system log data for security monitoring purposes and to ensure that the system is operating correctly. System logs do not contain health data, but may include IP addresses and other identifiers that can be traced to a person. System log data is periodically deleted. However, we also maintain a separate, legally mandated audit log which we store until the healthcare provider instructs us to delete it.

Information Security in Remote Patient Monitoring

Orla is committed to safeguarding your data and complying with information security requirements regarding the processing of personal data and patient data. We constantly strive to improve information security.

Remote patient monitoring data is processed in server rooms located in Finland, which are monitored for security. We use appropriate security measures, such as password-based access control and data encryption. Our server environment is fortified with firewalls and appropriate anti-malware software, and management connections require two-factor authentication.

Please also pay attention to your own security when using the Orla professional user interface by using a strong password that is not used in any other service. When using the Orla mobile application, enable the screen lock on your phone and secure it with a password, PIN code or face recognition. This protects your phone and the Orla Etämittaus application from unauthorized use.

Complaints

Please contact us if you have complaints or improvement suggestions about our processing of your data. You can find our contact information on our Contact page. In privacy and security related matters you can contact us via email at . You can also make an appeal concerning data protection or processing of personal data to the Data Protection Ombudsman.