This privacy policy describes how Cactos Oy (“Cactos” or the “Controller”) processes personal data in connection with the use of the Cactos Spine software (“Service”) provided by it. The privacy policy informs the user of the Service what personal data is collected, for what purposes personal data is processed and to whom personal data may be disclosed, as well as how you can influence the processing of your personal data. In all processing of personal data, Cactos complies with applicable data protection legislation, including the General Data Protection Regulation (EU 2016/679) and the Data Protection Act (1050/2018). The data protection terms not defined in this privacy policy are interpreted in accordance with data protection legislation.
User register of Cactos Oy (Cactos Spine)
Cactos Oy
Business ID: 3249847–2
Kuortaneenkatu 2, 00510 Helsinki
Contact person: Oskari Jaakkola, CEO
Email: oskari@cactos.fi
As the data controller, Cactos processes the personal data of its customer representatives collected in connection with logging into and using the Cactos Spine service.
Cactos collects and processes the following personal data:
The Controller or its authorized service provider uses the personal data in the register for the following purposes in accordance with applicable data protection legislation:
In addition, Cactos may use anonymized personal data for the collection of statistical and analytical data and for the development of the service.
The processing of personal data is based on Cactos’s legitimate interest to process personal data based on the customer relationship for the realization of the purpose of the processing.
Personal data is collected directly from the data subject during use of the Service and from the contracting party of the Service. Some personal data may also be derived data. For example, Cactos may combine, supplement, and analyze data in its possession to create new data.
As a rule, personal data is not disclosed to third parties.
However, data may be transferred for processing to Cactos’s partners for the realization of the purposes of the processing. In such cases, Cactos ensures through contractual measures that personal data is processed and protected appropriately, in accordance with applicable laws and this privacy policy.
Additionally, personal data may be disclosed to authorities insofar as compliance with legal obligations requires such disclosure.
Personal data is not transferred outside the EU or EEA.
Personal data is retained for as long as necessary for the purposes for which the personal data is processed. However, the data will be deleted no later than five (5) years after the termination of the contract concerning the delivery of the Service, unless there is a reason for longer retention, such as a legal obligation or need to establish a legal claim.
Cactos follows good information management practices, high diligence obligations, and strict data security measures in the processing of personal data. In addition, the system’s data security and the confidentiality, integrity, and availability of personal data are ensured through appropriate technical and organizational measures.
Access to the data is granted only to persons employed by Cactos Oy or to its authorized agents, whose duties require the processing of personal data. Personal data is protected with personal usernames and passwords. We require our staff and partners to commit to the confidentiality of customer data.
More information about Cactos’s Data security policy can be found here.
The data subject has the rights described in this section in accordance with data protection legislation. Please note that the specific application of these rights in each individual case depends on the purpose and situation of personal data processing.
The data subject is requested to send requests concerning their rights via email to the address stated in Section 3 “Contact information regarding the register”. The controller must respond to data subjects’ requests without undue delay and at the latest within one month of receiving the request. In its response, the controller must state the actions it has taken due to the request.
As a rule, Cactos does not charge the data subject a fee for handling the request. However, if the data subject’s requests are clearly unfounded or unreasonable, such as being repeatedly made, Cactos may charge a reasonable fee based on the administrative costs of handling the request.
The data subject has the right to receive confirmation as to whether their personal data is being processed, and the information on the processing of personal data as defined in data protection legislation. In addition, the data subject has the right to obtain a copy of the personal data being processed.
The data subject has the right to review the data concerning them stored in the register. The data subject has the right to request correction of inaccurate or incorrect personal data.
The data subject has the right to have their personal data erased without undue delay and to request the restriction of processing under the conditions defined in data protection legislation.
The data subject has the right to object to the processing of data on grounds relating to their particular personal situation, where the processing is based on legitimate interest. In such a case, the controller will cease processing the data unless the processing is permitted on the basis of an exception under the GDPR.
In addition, the data subject has the right to object to direct marketing at any time without separate grounds.
The data subject has the right to receive the personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller, if technically feasible.
The data subject has the right to lodge a complaint with the supervisory authority if the data subject considers that the processing of their personal data violates applicable data protection regulation.
We continuously develop our services and may therefore need to amend and update this privacy policy. Changes may also result from changes in legislation. We recommend reviewing the contents of the privacy policy regularly. The latest version is always available on our website.
Version History
Version 1, last updated 19.06.2025