Privacy Statement for users of the Nordhealth.fi service

This privacy statement describes how Nordhealth Oy processes the personal data of users of the Nordhealth.fi service.

Last modification February 5, 2024

Introduction

The following terms are used in this privacy statement:

Customer: therapists and other healthcare professionals as well as business customers who are customers of Nordhealth.

End User: Customers of Nordhealth such as patients.

End User Information: personal data as defined in the agreement between the Customer and Nordhealth e.g. patient information.

Service: Nordhealth.fi search and appointment booking service.

Service Users: anyone who visits the Service or uses the Service.

This privacy statement does not apply to Customers or End Users. We process End User Information on behalf of our Customers as data processors. If you are an End User and you have questions about how our Customer processes your information or wish to exercise your rights related to this information, you must contact the Customer with whom you have booked an appointment.

Privacy statement for Customers can be found from this page

1. Registrar

Nordhealth Oy (business ID 2162673-1)

Aleksanterinkatu 30-34

00100 Helsinki Finland

Tel. +358 19 425 1610

(later ”We”)

2. Contact information

Email:

dpo@nordhealth.com

3. What is the purpose and legal basis for processing personal data?

The purposes of processing personal data are:

  • Providing our services and products and fulfilling contracts and other promises and obligations to execute the contract,
  • managing customer relationships, sending customer communications, and providing customer support based on our legitimate interests,
  • Developing our services and products based on our legitimate interests,
  • Monitoring and analyzing your online behavior for the development of our Service based on our legitimate interests,
  • Preventing and correcting errors, security, and technical issues in our Service based on our legitimate interests,
  • Preventing misuse of our Service based on our legitimate interests,
  • Targeting advertising to our online services and other services and products with your consent.

4. What information do we process?

We process the following personal data in connection with the Service:

  • name, social security number, and contact information (such as email address and phone number)
  • information collected through cookies and forms such as language selection, browser and device type, IP address, browsing country, operating system, search terms, and information about activity on the page.

5. Where do we receive information from?

Personal data is collected directly from you when you use the Service.

6. To whom do we disclose information and do we transfer information outside the EU or the EEA?

We do not disclose registry information to external parties. We use subcontractors who process personal data on our behalf. Data is located within the EU but in case of fault situations, data such as communication and log information may be transferred outside the EU/EEA to support service providers. If personal data is transferred outside the EU/EEA, we ensure that the transfer occurs according to the EU Commission's adequacy decision or standard contractual clauses.

7. How do we protect the information and how long do we keep it?

Only our employees, who have the right to process data due to their work, have the right to use systems containing personal data. The data is technically protected. Access to data requires sufficient rights. Unauthorized use is also prevented by firewalls and technical protection. Only designated individuals have the right to process and maintain the data. Employees are bound by confidentiality. The information system is securely backed up and can be restored if necessary. Security checks are conducted regularly. We store data as required by applicable law. We regularly evaluate the need to store data considering applicable legislation. In addition, we take reasonable measures to ensure that incompatible, outdated, or incorrect personal data is not stored in the registry considering the purpose of the processing. We correct or delete such data without delay.

8. What are your rights as a registrant?

You have the right to access your personal data and to obtain a copy of your personal data, as well as the right to request the correction or, under certain conditions, deletion of your data. To the extent that processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the legality of processing based on consent before its withdrawal.

In certain situations, you have the right to transfer data from one system to another or to demand a restriction on the processing of your data.

For reasons related to your particular situation, you also have the right to object to the processing of your personal data when the basis for processing is a legitimate interest. In your request, you must specify the particular situation on which you base your opposition to the processing. We may reject objection requests for significant and justified reasons or for legal reasons.

You have the right to lodge a complaint with a supervisory authority.

9. Who can you contact?

All contacts and requests related to this privacy policy should be sent to the visiting address mentioned in section 1 or to the email address mentioned in section 2.

10. Cookies

More information about cookies and their use in the Service can be found in the cookie statement here.