Privacy policy regarding managers' transactions
This Privacy Policy describes how Nightingale Health Plc (the “Company”) collects and stores personal data of the Company’s managers (members of the Board of Directors, CEO and members of the Management Team) and their closely associated persons as required by the Market Abuse Regulation ((EU) 596/2014, “MAR”).
Controller and contact details
Nightingale Health Plc
Business ID: 1750524-0
Address: Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email: privacy@nightingalehealth.com
The information we collect
We collect the data from the managers and/or their closely associated persons, and public sources of information.
We collect the following information:
- name;
- the grounds for the disclosure obligation, i.e. status as a manager / the relationship between the closely associated person and the manager;
- date of birth (if a natural person) / Business ID (if a legal person);
- contact information (phone number and email address);
- starting date of status as a manager or closely associated person and
- transaction notifications received from a manager or closely associated person.
Why we collect your data and legal basis for our processing
We collect personal data about managers and their closely associated persons in order to comply with the obligations set forth in the MAR. According to MAR, the company is obliged to draw up a list of all persons discharging managerial responsibilities and persons closely associated with them. The company is also obliged to publish the transaction notifications received from a manager or a closely associated person as a company release.
How we protect your personal data
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user. If we need to process your personal data manually, it is stored in locked cabinets within office premises and protected by an access control system.
Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
Disclosures of personal data
We do not disclose data to third-parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose. However, we may share information with our external service providers who are obliged to process the data on our behalf and for the above mentioned purposes, mainly to maintain our IT systems.
Based on legislation, we may be obliged to disclose the data e.g. to the supervisory authorities, such as the Finnish Financial Supervisory Authority. Under MAR, the company is obliged to publish the transaction notifications received from a manager or a closely associated person as a company release.
Transfers of personal data outside of the EU/EEA
We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.
How long we store your personal data
Data is stored as long as necessary to comply with the laws and regulations (such as MAR) and rules and guidelines of authorities applicable to the Company’s operations.
In addition, we may retain the data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.
What are your rights and how to exercise them
You have the right, with the restrictions that follow from legislation, to:
- access the personal data we process about you and request a copy of the data;
- request that we make corrections to any incorrect or incomplete personal data about you in our records and in some cases, the erasure of your personal data;
- request that we restrict the processing of your personal data only to storage, e.g. if you contest the correctness of the data or the lawfulness of the processing;
To exercise your rights, please send your request in writing to the email or the postal address indicated above.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.