Privacy Statement for customers and potential customers of the Nordhealth.fi Service

This Privacy Statement details how Nordhealth Oy handles the personal information of the customers and potential customers as well as the contact persons of customer companies and potential customer companies in the Nordhealth.fi Service ("Service").

Latest edit: August 18th, 2023

Are you a professional using the service? See privacy statement here

1. Registrar

Nordhealth Oy (business ID 2162673-1)

Aleksanterinkatu 30-34

00100 Helsinki Finland

Tel. +358 19 425 1610

(later ”We”)

2. Contact information

Email:

dpo@nordhealth.com

3. What is the purpose of and legal premise for handling personal information?

The purpose of handling personal information is:

  • to provide our products and the Service as well as to fulfill our contractual and other promises and obligations in order to execute the Agreement;
  • to manage customer relations, to send customer communications, to provide customer support and to develop our products and Service on the basis of our legitimate interests;
  • to analyze your online behavior in order to develop our webpages on the basis of our legitimate interests;
  • to target electronic direct marketing to you, such as emails or telemarketing, on the basis of our legitimate interests; and
  • to target marketing to our web services and other services and products per your permission.

4. What information do we handle?

We will handle the following personal information if you are a customer:

  • basic information*, such as name, the registration number of the healthcare professional, personal identification number;
  • contact information*, such as your email address and phone number;
  • possible bans and permits for direct marketing and electronic marketing;
  • information relating to the customer relationship and the Agreement, such as previous and existing agreements and subscriptions;
  • the user profile created on the basis of the customer relationship, including a photo;
  • recorded telephone conversations and other correspondence;
  • information collected via cookies, such as language choice, browser and device types, IP address, country of browsing, operating system and information on actions performed on the page;
  • other possible information collected with permission.

We will handle the following personal information in relations to the Service if you are a potential customer or the contact person for a company that is a customer or for a company that is a potential customer:

  • name, contact information, and correspondence;
  • possible bans and permits for direct marketing and electronic marketing;
  • information collected via cookies, such as language choice, browser and device types, IP address, country of browsing, operating system and information on actions performed on the page;
  • possible other information collected with your permission.

Personal information marked with an asterisk is required for the Agreement and/or the customer relationship. Without the required information we cannot offer you the product and/or the Service.

5. From where do we receive information?

Primarily we receive information from you as our customer. Personal information to be used as described in this Privacy Statement can also be collected from and updated per public sources and on the basis of information received from authorities and third parties, within the limits of applicable laws and degrees. Such updating of information will be performed either manually or automatically.

6. Who will we surrender information to and will we transfer information outside the EU/EEC?

We do not surrender any information to outside parties. We do use subcontractors who handle information for us. The information will be stored inside the EU, but in fault situations information such as communication and log information may be transferred to support providers outside the EU/EEC. If personal information is transferred outside the EU/EEC, we will ensure that the transfer is done in accordance with an adequate degree or standard degree by the EU Commission.

7. How do we protect information and how long will we retain it?

Only those of our employees who have the right to handle customer information as per their task will be allowed to use a system containing customer information. The information will be protected using technical means. Access to the information will require adequate access rights. Unauthorized access will also be prevented by using firewalls and technical encryption. Only specified individuals will have the right to handle and manage information. The information system will be backed up securely and information can be recovered if needed. Security checks will be performed at regular intervals. We will store the information for the duration of the customer relationship and in accordance with applicable laws. We will evaluate the need to store information regularly and taking into account applicable laws. In addition we will take such reasonable measures which will ensure that no incompatible, outdated or erroneous personal information will be stored in the register, taking into account the purpose of handling the information. We will correct or remove such information with out delay.

8. What are your rights as a registered person?

You have the right to view your personal information and to receive a copy of them as well as the right to demand corrections to the information or the removal of the information, within certain conditions. You can edit or remove information in your user profile yourself. As far as handling the information is based on consent, you also have the right to retract or modify your consent. Retracting you consent will not affect the legality of the handling of the information done prior to the retraction.

In certain situations you have the right to transfer the information from one system to another or to demand restricting the handling of your information.

In extraordinary circumstance you also have the right to object to the handling of personal information, when the legal basis of the handling is a legitimate interest. When making your request you must identify the extraordinary circumstance on the basis of which you object to the handling of the information. We may reject the objection request for a notably important and justified reason or for a legal reason.

You have the right to object to handling personal information for the purpose of direct marketing, without any other justification.

You have the right to file a complaint with the supervisory authority.

9. Whom may you contact?

All contacts and requests relating to this Privacy Policy must be done at the address mentioned in section 1 or the email address mentioned in section 2.

10. Cookies

Additional information on cookies and how they are used in the Service can be found in the cookie statement.