Privacy Statement for Visitors and Users of the Nordhealth.fi Website
This privacy statement explains how Nordhealth Oy processes the personal data of Users of the Nordhealth.fi website when they visit the website or use the search and booking service.
Last Modified 16.6.2025
Introduction
The following terms are used in this privacy statement:
Customer: therapists and other healthcare professionals, as well as representatives and contacts of customer organizations such as clinics, who are customers of Nordhealth.
End User: Customers of Nordhealth's Customers, such as patients.
End User Data: personal data as defined in the agreement between the Customer and Nordhealth, e.g., patient data.
Service: Nordhealth.fi search and booking service.
Service Users: anyone who visits or uses the Service.
This privacy statement does not apply Customers and End Users. We process End User Data on behalf of our Customers as a data processor. If you are an End User and have questions about how our Customers process your data or wish to exercise your rights regarding this data, you must contact the Customer with whom you have booked an appointment.
The privacy statement for Customers (i.e., healthcare professionals and customer organizations) can be found here.
1. Data Controller
Nordhealth Therapy Oy (3486722-7)
Bulevardi 21
00180 Helsinki Finland
Tel. +358 19 425 1610
(hereinafter "we")
3. What is the purpose and legal basis for processing personal data and what data do we process?
Purpose of Processing | Personal Data | Legal Basis |
|---|---|---|
Creating and maintaining a user account when logging in with online banking credentials. From the user account, you can view your previous bookings from different clinics and book appointments at different clinics or professionals using the Nordhealth.fi service. Clinics own the information related to the booking and are the data controllers for this information. | Name Personal identity code Contact information (phone number, email address) | Contract |
| Developing our services and website | Data collected through cookies and forms, such as IP address, language preference, browser and device type, browsing country, operating system, search terms, search history, visited pages, visit frequency, and information about activity on the page | Legitimate interest to improve and provide better Services and website experience |
| Preventing and correcting technical issues and errors on our services and website | Data collected through cookies and forms, such as IP address, language preference, browser and device type, browsing country, operating system, and information about activity on the page | Legitimate interest to maintain the proper functioning of our Services and website |
| Ensuring the security of our services and preventing misuse | Log data Information collected through cookies, such as IP address, browser and device type, browsing location, operating system | Legitimate interest to maintain the integrity of our Services |
4. Where do we receive information from?
Personal data is collected directly from you when you use the Service.
5. To whom do we disclose information and do we transfer information outside the EU or EEA?
We do not disclose registry information to external parties. We use subcontractors who process personal data on our behalf. The data is located in the EU, but in case of malfunctions, information such as communication and log data may be transferred outside the EU/EEA to support service providers. If personal data is transferred outside the EU/EEA, we ensure that the transfer is based on the EU Commission's adequacy decision or standard clauses.
6. How do we protect information and how long do we retain it?
Only our employees who have the right to process data as part of their job have the right to use the system containing personal data. The data is technically protected. Access to the data requires sufficient rights. Unauthorized use is also prevented by firewalls and technical protection. Only designated individuals have the right to process and maintain the data. Employees are bound by confidentiality obligations. The information system is securely backed up and can be restored if necessary. Security checks are performed regularly. We store data as required by applicable legislation. We regularly assess the need to store data, taking into account applicable legislation. Additionally, we take reasonable steps to ensure that incompatible, outdated, or incorrect personal data is not stored in the registry, considering the purpose of processing. We promptly correct or delete such data.
7. What are your rights as a data subject?
You have the right to access your personal data and obtain a copy of your personal data, as well as the right to request the correction or, under certain conditions, the deletion of data. To the extent that processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the legality of processing that occurred before the withdrawal.
In certain situations, you have the right to transfer data from one system to another or to request the restriction of your data processing.
Due to your specific situation, you also have the right to object to the processing of personal data when the legal basis for processing is a legitimate interest. In connection with your request, you must specify the specific situation on which you base your objection to processing. We may reject an objection request for a significantly important and justified reason or for legal reasons.
We do not use your personal data to make automated decisions, such as profiling, that have legal effects on you or otherwise significantly affect you.
You have the right to file a complaint with the supervisory authority. The supervisory authority in Finland is the Office of the Data Protection Ombudsman: http://www.tietosuoja.fi.
8. When can we update the privacy statement?
We regularly review the compliance of the privacy statement and update it as necessary. The privacy statement may be updated, for example, if our processing activities change, or if applicable data protection laws or guidelines change. We publish the updated version of the privacy statement on our website. If the changes are significant, we will also notify you in other ways, such as by sending an email or posting a notice on our website.
9. Who can you contact?
All contacts and requests regarding this privacy policy should be submitted to the address mentioned in section 1 or the email address mentioned in section 2.
10. Cookies
More information about cookies and their use in the Service can be found in the cookie statement.