Skip to content

Orion Corporation Privacy Statement

4 July 2025

At Orion Corporation (hereinafter “us”, “we” or “Orion”), we know you care about your personal privacy and about the terms and conditions that govern how we collect, use, disclose, transfer, and store your information. Because we are dedicated to serving your needs and respecting your preferences, we have adopted the policies and practices described in this Orion Corporation Privacy Statement. This statement contains information on the usage of our website (hereinafter the “Website“) provided by us and our services and mobile applications.

To read about Orion Corporation’s and our affiliates’ processing of personal data in relation to non-website related data processing and specific services, such as patient safety reporting, please see our register and service specific information notices. Our Privacy Statement, the Orion Corporation Patient Safety Reporting Privacy Statement and our other information notices are located on our homepage and  are also available on webpages where personal data are requested.

Contact Details

Data Controller: Orion Corporation and its subsidiaries
Data Protection Officer (DPO): Jyri Wesanko, privacy@orion.fi

Collection and Use of Personal Data 

Personal data is data on individuals that can be used to identify or contact the person. When you are using Orion websites, social media channels, services, downloading applications, or interacting with Orion by other means, you may be asked to provide your personal data, such as your name, mailing address, phone number and email address. The data may be used for the following purposes, as applicable for each website, social media channel, service, application, or other context.

Orion has different information notices for different personal data registers. This privacy statement includes information about our general data processing principles as well as information about our websites, customer communications and other purposes defined below. For more information about privacy and data protection on specific areas, please refer to our other information notices on our websites.

1 What data do we collect about you?

Personal data being collected concerns Orion’s customers and website visitors. Some of the data is collected directly from you when you use Orion websites, social media channels, applications or services. You have choices about the data we collect. When you are asked to provide personal data, you may decline. If you choose not to provide data that is necessary to provide an application or a feature in an application, you may not be able to use that application or feature.
The data we collect depends on the context of your interactions with Orion, the choices you make, including your privacy settings, and the applications and features you use. 

We may collect and process the following types of personal data:

  • Website usage information:

o   User’s or customer’s name; email address; telephone number; browser mark and type; operating system and display resolution of the user’s device; key user interface actions; application software version; user name and password of the user’s user account; information on newsletter subscriptions of the user/customer; information on the times of use of different parts of the service, and on the intervals, times and duration of use; location information of the user of a service based on the user’s consent

o   If the user has logged in by using a third party service (such as Facebook), the data received from such third party. Please see the list of these third parties as updated from time to time in section 5, “Third Party Sites and Services”. The user is instructed to review the third party privacy terms. At the moment of the last update of this Privacy Statement, the information received from Facebook is: 

§  id; name; first name; last name; age range; link; gender; locale (geographical indication); picture; timezone; updated time; verified; email; user’s friends.

  • Traffic Data: For purposes of certain services offered by Orion, Traffic Data is collected. “Traffic Data” means the information identifiable to the user of certain of Orion’s services and which are processed in certain services and communication networks in order to transfer, share or offer messages.

o   IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.

  • Service provider data: Various data may also be collected by Orion’s subcontractors to the extent required to operate, run and maintain the services or to perform other tasks (such as direct advertising) on Orion’s behalf related to the services. The subcontractors may be e.g. ICT-service providers, advertising partners and Orion’s group companies and third parties performing comparison, segmenting, analysis and profiling services on Orion’s behalf.
  • Feedback and Inquiry Data:

o   Your emails, SMS, letters and other feedback and inquiries relating to Orion’s products and services.

o   Contact details

  • Campaign Participation Data

o   User’s or customer’s name; email address; telephone number; home address.

  • Mobile Application Data

o   User’s or customer’s name; email address; telephone number; application software version; user name and password of the user’s user account; user’s location.

2 How do we use your data?          

We process your personal data for the following purposes: 

  • Product Feedback and Inquiries

o   To process feedback from customers relating to Orion’s websites, products and services;

o   To develop and ensure quality of Orion’s services and products;

o   To process notices regarding product quality or origin (please find further information on quality and safety related data processing in Orion’s Patient Safety Reporting Privacy Statement);

o   When the processing is necessary for compliance with a legal obligation to which Orion is subject;

o   To detect and prevent fraud or misuse.

  • Campaigns and lotteries

o   If you participate in sweepstakes, contests or similar promotional activities, the data will be used to administer such activities and to deliver the rewards.

  • Marketing

o   Marketing of products and services, delivery of newsletters, direct marketing and electronic direct marketing based on the consent of the data subject and otherwise as permitted by law;

o   Market research and product testing;

o   Development of customer service and products, personalization of offered services and marketing;

o   Implementation of direct marketing opt-outs in accordance with applicable data protection legislation;  

o   the data can be compared, segmented and analyzed and the user may be profiled, in order to provide the user with useful information, offers or recommendations by means of direct marketing regarding Orion’s own or its business partners’ products and services based on the consent of the data subject and to provide the user with other personalized content. Such business partners may include carefully selected pharmaceutical, healthcare and medtech companies. While the user may be profiled, Orion shall not make decisions which are based solely on profiling and have legal or otherwise significant effects on the user;

o   To detect and correct technical problems and information security problems;

  • Correspondance

o   Processing of feedback and other correspondence with the data subject

o   To send notices about changes of our terms of use or policies

  • Services and Mobile Applications

o   Communication with the users of the service, such as to guide the users in the usage of the service;

o   As is necessary to operate and run the service according to the terms of use of the service;

o   According to the terms of use of the service, to monitor, use, operate, publicly display, publish, reproduce, amend, modify, further develop, distribute and transfer the content (for example texts, comments or photographs) submitted by the users to the service, for the purposes of the service and in the marketing and publicity activities within and outside the service); 

o   The data can be compared, segmented and analyzed and the user may be profiled, in order to provide the user with useful information, offers or recommendations by means of direct marketing regarding Orion’s own or its business partners’ products based on the consent of the data subject and to provide the user with other personalized content. Such business partners may include carefully selected pharmaceutical, healthcare and medtech companies. While the user may be profiled, Orion shall not make decisions which are based solely on profiling and have legal or otherwise significant effects on the user;

o   For the performance of a possible contract with the user or in order to take steps at the request of the user prior to entering into the contract;

o   To detect and correct technical problems and information security problems;

o   To send notices about changes of our terms of use or policies; 

o   When the processing is necessary for compliance with a legal obligation to which Orion is subject;

o   To detect and prevent fraud or misuse.

  • Websites services

o   Processing of website user´s (e.g. doctors, nurses and other healthcare professionals) feedbacks, replying to the feedbacks and other communication with the website users;

o   Delivering materials ordered by the website user to the postal address provided by the user;

o   Processing of contact requests of the website users so that Orion representative may contact the user for example with regards to visits for sales presentation;

o   Managing the website users´ accounts;

o   Identifying website users as doctors, nurses or healthcare professionals in order to enable them to access restricted website content not available to other users. Identification can occur by means of a national professional code or by other means, such as, by registration;

o   The data can be compared, segmented and analyzed and the user may be profiled, in order to provide the user with useful information, offers or recommendations by means of direct marketing regarding Orion’s own or its business partners’ products based on the consent of the data subject and to provide the user with other personalized content. For this purpose Orion may combine the data subject´s information with data received from its partners or combine it with data collected from elsewhere. Such business partners may include carefully selected pharmaceutical, healthcare and medtech companies. While the user may be profiled, Orion shall not make decisions which are based solely on profiling and have legal or otherwise significant effects on the user;

o   Marketing of products and services, direct marketing and newsletters based on the consent of the user and otherwise as permitted by law;

o   To detect and correct technical problems and information security problems;

o   To send notices about changes of our terms of use or policies;

o   When the processing is necessary for compliance with a legal obligation to which Orion is subject;

o   To detect and prevent fraud or misuse.

  • Social Media Channels

o   Communication with the users of the social media site, such as to guide the users in the usage of the site and answering their questions.

o   If you participate in sweepstakes, contests or similar promotional activities, the data will be used to administer such activities and to deliver the rewards.

o   The data can be compared, segmented and analyzed and the user may be profiled, in order to provide the user with useful information, offers or recommendations by means of direct marketing regarding Orion’s own or its business partners’ products and services and to provide the user with other personalized content. Such business partners may include carefully selected pharmaceutical, healthcare and medtech companies. While the user may be profiled, Orion shall not make decisions which are based solely on profiling and have legal or otherwise significant effects on the user.

o   Marketing of products and services, market research and product testing, electronic direct marketing and newsletters based on the consent of the user and otherwise as permitted by law.

o   To detect and correct technical problems and information security problems.

o   To detect and prevent fraud or misuse.

  • Location-Based Services

o   To provide location-based services, Orion may collect data on your location, which can be either precise or imprecise. Location data may be derived from available GPS, Bluetooth or IP address as well as by identifying nearby cell towers and Wi-Fi hotspots, and by using other available technologies determining your device’s approximate location.

o   Unless you provide consent, this location data is collected anonymously in a form that does not personally identify you.

  • Traffic Data Processing 

o   The Traffic Data is processed to the extent required for the provision and usage of services and taking care of information security. For this purpose, the following types of Traffic Data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.

o   The Traffic Data is processed for technical development of the service. For this purpose the following types of Traffic Data are processed: IP address, data on the sender and recipient of a message, data on the location of the device (based on the user’s consent), information on the times of use of different parts of the service, and on the intervals, times and duration of use.

o   The Traffic Data is processed automatically for statistical analysis, because otherwise the analysis cannot be conducted without unreasonable effort. An individual person cannot be identified based on this analysis data.

o   The Traffic Data is processed in order to solve unauthorized use of the fee-based services, communication network or communication services forming part of the service.

o   The Traffic Data is processed, if it is necessary to detect, prevent or correct a technical error or fault occurred in the transmission of communications.

3. Legal Basis

We process your data based on the following legal grounds:

Consent of the data subject (EU General Data Protection Regulation Article 6.1.a) / 9.2.a) (special categories of data) 
  • Campaign Participation Data: Campaigns and Lotteries
  • Traffic Data: Location-based services
  • Website usage information: Social Media Channels
Performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract / (EU General Data Protection Regulation Article 6.1.b) 
  • Mobile Application Data: Services and Mobile Applications; Traffic Data Processing; Location-Based Services
Compliance with the controller’s legal obligations based on binding law / (EU General Data Protection Regulation Article 6.1.c) 
  • Feedback and Inquiry Data (e.g. when receiving drug adherse effect reports from customers): Product Feedback and Inquiries

Legitimate interests of the controller or a third party (the legitimate interest to be identified, such as direct marketing) (EU General Data Protection Regulation Article 6.1.f). 

“Legitimate Interests” means the interests of our company in conducting and managing our business to enable us to give you the best service or products and the best and most secure experience on our websites, services or applications. For example, we have an interest in making sure our marketing is relevant for you, so we may process your information to send you marketing that is tailored to your interests. It can also apply to processing that is in your interests as well. When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you.
  • Feedback and Inquiry Data (e.g. network and information systems security/data analytics): Correspondance; Website Services
  • Website usage information: Website Services; Marketing (e.g. fraud prevention, data analytics/enhancing, modifying or improving our services/identifying usage trends/determining the effectiveness of promotional campaigns and advertising.); Traffic Data Processing.
  • Traffic Data: Website Services; Traffic Data Processing
  • Service Provider Data: Website Services; Marketing; Social Media Channels.
  • Mobile Application Data: Services and Mobile Applications (e.g. network and information systems security, data analytics/enhancing, modifying or improving our services, identifying usage trends)

We only process personal data based on our legitimate interests, in case we have deemed, based on the balancing of interest test, that the rights and interests of the data subject will not override our legitimate interest.

4. How do we share your data?

We may share your data with the following recipients:

  • Orion’s subcontractors, who process the data on Orion’s behalf for the purposes set out under section 2. These subcontractors may include media and marketing companies and IT companies helping Orion to develop its marketing techniques enabling Orion to provide its customers with targeted marketing.
  • If you have logged in to Orion’s service by using a third-party service (such as Facebook), the data automatically collected by the third-party technology can be disclosed to such third party automatically. E.g. Facebook “likes” on a given service can be visible on Facebook according to its privacy policy. You are instructed to review the third-party privacy terms. Please see the list of these third parties as updated from time to time under section 5, “Third Party Sites and Services”
  • Personal data can be disclosed if it is necessary to comply with laws and regulations or to enforce Orion’s legitimate interests, such as to detect, defend against or repair fraud, misuse or security problems
  • If ownership or control of Orion or all or any part of our products, services or assets changes, we may disclose your personal data to any new owner, successor or assignee.

5. Third-Party Sites and Services

Orion’s websites, social media channels, applications and services may include links to third party websites. Orion is not liable for processing of personal data on those websites

Some parts of certain services may require specific terms for processing of personal data. You are informed of those third party terms and your consent is asked in connection with your use of such parts.

By allowing the creation of a user account and login by using the third party service, Orion does not assume liability for the third party service or any aspect of the same. List of third parties whose service is accepted by Orion for the creation of a user account and login:

  • Facebook

6. How long do we store your data?

We will retain your personal data for no longer than is necessary for the purposes defined in this Statement.

Type of data Retention period
Website Usage Information For the duration of the use of the services.
Mobile Application Data For as long as the user account is active.
Product Feedback and Inquiry Data

The controller stores personal data for a maximum of one year after receiving a question in order to record and respond to any query, feedback or adverse effect related to the product, as well as to send the customer additional information related to the topic.

In addition, the controller retains the data for as long as it is necessary to fulfil legal obligations, such as drug safety reporting duties. The personal data is pseudo-anonymised or destroyed in a secure manner when the data is no longer necessary. You can read more about our drug safety reporting practices here.
Service Provider Data For the duration of the use of the services.
Campaign Participation Data For the duration of the campaign and sending out the prizes, but for no longer than one (1) year after the end of the campaign.
Traffic Data For the duration of the use of the services.

7. Where do We Store and Process your Personal Data?

The personal data collected may be processed in your country of residence or transferred to another country where Orion, its affiliates, subcontractors or other recipients of personal data are located, both inside and outside the European Economic Area (EEA). This means that your personal data may be processed or stored in a country that has less stringent data protection standards than those of the European Union. We will ensure that your personal data will be treated in accordance with this Privacy Statement at all times even if it is being transferred outside the EEA. The personal data transferred outside the EEA is protected by an adequacy decision made by the EU Commission or by appropriate contractual arrangements such as, by the signing of the Standard Contractual Clauses by the controller and the recipient(s). For more information, please contact us.

8. What are your rights and options?

You have the right to:

  • Access your data: You can request information and a copy of your personal data that we have collected and stored in connection with our services / this information notice.
  • Rectify inaccurate data: In order to keep your data up-to-date and accurate, you can request us to modify your data by contacting us as descripted in chapter 12.
  • Erase your data: You can contact us if you think the processing of your personal data is unlawful and your data should be erased. We shall erase or anonymize your personal data without undue delay in accordance with the retention periods detailed in chapter 7 if the data in question is erroneous, unnecessary, incomplete or obsolete as regards the purpose of the processing.
  • Restrict processing: If you want to restrict our processing of your personal data, please contact us.
  • Object to processing: If you want to object to the processing of your data for Correspondence, Website Services, Marketing, Traffic Data Processing or Social Media Channel purposes, please contact us. When making the request, please specify the scope of your request.
  • Data portability: The data subject shall have the right to data portability, i.e. the right to receive his or her personal data, which the data subject has provided to the controller and that is being processed by automated means, in a structured and machine readable format and the right to transmit those data to another controller, where the basis for processing is consent or the fulfilment of a contract between the controller and the data subject.  
  • Withdraw consent: You can withdraw any consent that you may have given us for data processing activities. After withdrawing your consent, we will no longer process your personal data for purposes the consent was asked for. Please note that withdrawal of consent does not render the processing of personal data performed prior to such withdrawal unlawful.

9. Cookies and Tracking Technologies

We use cookies and similar technologies. For more information on how use cookies, please read our Cookie Policy.

10. Security Measures

We hold your personal data in secure computer storage facilities.

We have implemented appropriate measures to ensure the level of security around your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage to it.

We have put in place appropriate technical and organisational measures to ensure a level of security appropriate to the risk of harm that might result from unauthorised or unlawful processing, accidental or unlawful loss, destruction or alteration, unauthorised (or disclosure of) access or damage to your personal data including:

  • locks and security systems;
  • encryption
  • usernames and passwords;
  • virus checking;
  • auditing procedures and regular data integrity checks; and
  • recording of file movements.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They must only process your personal data on our instructions and subject to the access controls listed above. They are also subject to a duty of confidentiality.

We have agreed on security-related measures with the third parties we share your personal data with to ensure that it is treated by those third parties in a way that is consistent with how we safeguard your personal data.

We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority where we are legally required to do so.

11. Personal Data of Children

Protecting the privacy of children is important. Orion does not intend to collect, process or use on our website any information relating to an individual whom we know to be under 18 years old without permission of the child’s parent or legal representative. Such legal representative has the right, upon request, to view the information provided by the child and/or to require that it be deleted. If your child has submitted personal information and you would like to request that such information be removed, please contact privacy@orion.fi.

12. Changes to this Statement

We reserve the right to change this statement from time to time. We will review this statement periodically and update it accordingly if we change our processes materially. We may make changes to this statement when we believe it is reasonable to do so e.g. to comply with legal or regulatory requirements.

13. Contact Us

If you wish to use your rights as a data subject described in chapter 8, or if you have any questions or concerns, please contact us at privacy@orion.fi.

Please note that we will contact you to verify your identity in order to proceed with your request if you wish to use your data subject rights.