Privacy Policy
Oxygen Biosciences Oy
Last updated: 03/2026
Oxygen Biosciences Oy (“we”, “us”, “our”) is committed to protecting the privacy of individuals who contact us or interact with our website. This Privacy Policy explains how we process personal data in accordance with the EU General Data Protection Regulation (GDPR).
Company details:
Oxygen Biosciences Oy
Business ID: 3569131-5
Espoo, Finland
Email: info (at) to.oxygenbiosciences (dot) com
Website: https://oxygenbiosciences.com/
1. Data Controller (GDPR Art. 13(1)(a))
Oxygen Biosciences Oy is the controller of the personal data described in this Privacy Policy.
2. Categories of Personal Data (GDPR Art. 14(1)(d))
We process the following categories of personal data:
- Identification data: name, email address, company, job title
- Communication data: messages, inquiries, correspondence
- Technical data: IP address, browser information, device information, server logs
- Cookie data: essential cookies and any additional cookies described in our Cookie Policy
We do not process sensitive personal data.
3. Purposes of Processing (GDPR Art. 13(1)(c))
We process personal data for the following purposes:
- responding to inquiries and communication requests
- managing and developing business relationships
- cooperating with business partners
- internal business operations
- aggregated, non-personal analysis to improve our services
- ensuring website functionality and security
- fulfilling regulatory and record-keeping obligations
We do not perform profiling or personalized analytics.
4. Legal Bases for Processing (GDPR Art. 6)
4.1 Legitimate Interest (Art. 6(1)(f))
We process personal data based on our legitimate interest in:
- conducting business communication
- cooperating with business partners
- maintaining business records
- performing aggregated, non-personal analysis
- ensuring website security and functionality
4.2 Contractual Necessity (Art. 6(1)(b))
When communication is required to evaluate or fulfill business relationships.
4.3 Legal Obligation (Art. 6(1)(c))
For regulatory, audit, and statutory record-keeping requirements.
We rely on consent only for non-essential cookies (see Cookie Policy).
5. Data Sharing (GDPR Art. 13(1)(e))
We may share personal data with the following categories of recipients:
- logistics and distribution partners
- manufacturers and suppliers
- regulatory or compliance partners
- IT and security service providers
- professional advisors (e.g., legal or administrative support)
We do not disclose the names of our business partners.
We do not sell personal data.
All recipients are required to process data in accordance with GDPR.
5.1 Third‑Party Analytics and Technical Services
If enabled on our website, we may use third‑party analytics or technical services such as Google Analytics to collect aggregated information about website usage (e.g., page views, traffic sources, device information). These services may set cookies in your browser and process technical data such as IP address, device identifiers, and interaction data.
Google acts as an independent data controller for these services.
For more information on how Google processes personal data, see the Google Privacy Policy.
6. International Data Transfers (GDPR Art. 13(1)(f))
We primarily process personal data within the European Union. However, in certain cases, personal data may be transferred outside the EU/EEA when necessary for our business operations, such as cooperation with international business partners or service providers.
When personal data is transferred outside the EU/EEA, we ensure that an adequate level of data protection is maintained by applying one or more of the following safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Data transfer agreements incorporating GDPR-compliant obligations
- Confidentiality agreements (NDAs) and contractual safeguards
- Technical and organizational measures ensuring secure processing
We do not disclose the names of our business partners.
We do not transfer personal data to third countries without appropriate safeguards.
7. Data Retention (GDPR Art. 13(2)(a))
We retain business communication and inquiry records for up to 10 years due to:
- legitimate business interests
- regulatory and audit requirements
- long-term partner and supply chain documentation needs
Data is not deleted earlier unless legally required.
8. Cookies (ePrivacy Directive + GDPR Art. 13(1)(c))
We use essential cookies for website functionality and security. Additional details are provided in our Cookie Policy.
9. Your Rights Under GDPR (GDPR Art. 13(2)(b))
9.1 Right of Access (Art. 15)
You may request a summary of the personal data we hold about you. We verify identity before providing any information. Access is limited to your own data only.
We do not disclose:
- internal notes
- partner names
- aggregated analysis
- internal systems
- business strategy
- operational data
9.2 Right to Correction (Art. 16)
You may request correction of inaccurate personal data.
9.3 Right to Restriction (Art. 18)
Applies only to non-essential processing. Essential business processing cannot be restricted.
9.4 Right to Object (Art. 21)
Applies only to non-essential processing. You cannot object to processing necessary for:
- business communication
- partner communication
- aggregated, non-personal analysis
- regulatory or record-keeping obligations
9.5 Right to Deletion (Art. 17)
We do not delete business communication data before the 10-year retention period due to legitimate business and regulatory requirements.
10. Security (GDPR Art. 32)
We use industry-standard security measures, including:
- secure hosting within the EU
- access controls
- traffic filtering and firewall protections
- encrypted communication channels
- secure Google Services infrastructure
11. Contact
For privacy-related inquiries, please contact:
info (at) to.oxygenbiosciences (dot) com
