Effective as of May 2018
Controller and contact details
Nightingale Health Ltd.
Business ID: 1750524-0
Address: Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
If you have any questions relating to the processing of your personal data or if you wish to exercise your rights, please contact us by email or the postal address indicated above.
The information we collect
We mainly process personal data obtained directly from you. We may collect your personal data whenever you contact us, use our resources or visit our website nightingalehealth.com (the “Site”). In addition, your personal data may be collected and updated from other sources, such as websites of associated companies, private and public registers, and other service providers (e.g. Suomen Asiakastieto Oy).
We mainly process the following types of information:
- name, title, job description, company, postal address, email address, phone number;
- customer history (e.g. contacts, assignments, feedback, information related to invoicing);
- interests and profiling information to personalize our services;
- information on the use of services, such as browsing and search history, cookies;
- customer feedback and contacts;
- direct marketing restrictions; and
- any other information provided to us by our customers and business contacts or generated in the course of providing services.
Why we collect your data and legal basis for our processing
We process your personal data mainly for the following purposes based on your consent, our legitimate interest (e.g. customer relationship management, business development and marketing), a performance of a contract with you, or a legal obligation:
- to develop the Site;
- to provide newsletters and services and other communications which we think will be of interest to you;
- to fulfill our contractual (and other) obligations;
- to manage and develop our business relationship with you and our other customers;
- to help us to identify new customers;
- for direct marketing and statistical purposes, customer profiling and market surveys to personalize or otherwise improve our services and communications for the benefit of our customers.
How we protect your personal data
Whenever we process your personal data for the abovementioned purposes we honor and take account of your privacy rights under the applicable data protection legislation.
We don’t disclose or sell data to third-parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose. However, we may share information with our external service providers who are obliged to process the data on our behalf and for the abovementioned purposes.
Some of our external service providers or servers used may be located (or store data) outside of the European Union/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.
Our internal organization is structured to meet these requirements under the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, and unauthorized access, disclosure, alteration and destruction. Only authorized employees of Nightingale Health Ltd. (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user. As a part of our quality management system, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
How long we store your personal data
Your personal data will be stored for the purposes mentioned above as long as:
- we have a meaningful business or other contact with you;
- the data is necessary for the performance of a contract; or
- as required by applicable laws and regulations.
However, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defence of legal claims.
We regularly review the need for data storage and delete the data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.
What are your rights and how to exercise them
You have the right, with the restrictions that follow from legislation, to:
- access the personal data we process about you and request a copy of the data;
- request that we make corrections to any incorrect or incomplete personal data about you in our records and in some cases, the erasure of your personal data;
- request that we restrict the processing of your personal data only to storage, e.g. if you contest the correctness of the data or the lawfulness of the processing;
- object to the processing of your personal data when the processing is based on our legitimate interest; and
- receive, under certain preconditions, your personal data you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit the data to another controller.
To exercise your rights, requests must be made in writing to the email or the postal address indicated above. You may exercise your rights free of charge. However, we reserve the right to charge a reasonable fee in accordance with the applicable data protection legislation.
In addition, you always have the right to refuse the use of your personal data for opinion surveys, direct marketing and profiling in connection to such marketing. A refusal can be made at any time by using the email or postal address indicated above, or by unsubscribing from our mailing list by following the instructions included in our marketing emails.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.
Last updated in June 2018.