Our Privacy Policy

Effective as of May 2018

Controller and contact details

Nightingale Health Ltd. (the “Company”)

Business ID: 1750524-0

Address: Mannerheimintie 164a, 00300 Helsinki

Phone: +358 20 730 1810

Email: privacy@nightingalehealth.com

If you have any questions relating to the processing of your personal data or if you wish to exercise your rights, please contact us by email or the postal address indicated above.

Customers and other business contacts

This Privacy Policy describes how we collect and use personal data of our customers, potential customers and other business contacts.

The information we collect


We mainly process personal data obtained directly from you. We may collect your personal data whenever you contact us, use our resources or visit our website nightingalehealth.com (the “Site”). In addition, your personal data may be collected and updated from other sources, such as websites of associated companies, private and public registers, and other service providers (e.g. Suomen Asiakastieto Oy).

We mainly process the following types of information:

  • name, title, job description, company, postal address, email address, phone number;
  • customer history (e.g. contacts, assignments, feedback, information related to invoicing);
  • interests and profiling information to personalize our services;
  • information on the use of services, such as browsing and search history, cookies as stated in our cookie policy;
  • customer feedback and contacts;
  • direct marketing restrictions; and
  • any other information provided to us by our customers and business contacts or generated in the course of providing services.

Why we collect your data and legal basis for our processing

We process your personal data mainly for the following purposes based on your consent, our legitimate interest (e.g. customer relationship management, business development and marketing), a performance of a contract with you, or a legal obligation:

  • to develop the Site;
  • to provide newsletters and services and other communications which we think will be of interest to you;
  • to fulfill our contractual (and other) obligations;
  • to fulfill our legal responsibilities;
  • to manage and develop our business relationships, products and services;
  • to help us to identify new customers;
  • for direct marketing and statistical purposes, customer profiling and market surveys to personalize or otherwise improve our services and communications for the benefit of our customers.

How we protect your personal data

Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user.

Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.

Disclosures of personal data

We do not disclose or sell data to third-parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose. However, we may share information with our external service providers who are obliged to process the data on our behalf and for the abovementioned purposes, mainly to maintain our IT, customer and marketing systems.

Transfers of personal data outside of the EU/EEA

We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection, as required by the applicable data protection legislation.


How long we store your personal data


Your personal data will be stored for the purposes mentioned above as long as:

  • we have a meaningful business or other contact with you;
  • the data is necessary for the performance of a contract; or
  • as required by applicable laws and regulations.

However, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.

We regularly review the need for data storage and delete the data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.

What are your rights and how to exercise them

You have the right, with the restrictions that follow from legislation, to:

  • access the personal data we process about you and request a copy of the data;
  • request that we make corrections to any incorrect or incomplete personal data about you in our records and in some cases, the erasure of your personal data;
  • request that we restrict the processing of your personal data only to storage, e.g. if you contest the correctness of the data or the lawfulness of the processing;
  • object to the processing of your personal data when the processing is based on our legitimate interest;
  • receive, under certain preconditions, your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit the data to another controller; and
  • withdraw your consent, if we are processing your data based on your consent.

To exercise your rights, requests must be made in writing to the email or the postal address indicated above. You may exercise your rights free of charge. However, we reserve the right to charge a reasonable fee in accordance with the applicable data protection legislation.

In addition, you always have the right to refuse the use of your personal data for opinion surveys, direct marketing and profiling in connection to such marketing. A refusal can be made at any time by using the email or postal address indicated above, or by unsubscribing from our mailing list by following the instructions included in our marketing emails.

If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.

Recruitment candidates

This Privacy Policy describes how we collect and store personal data of our recruitment candidates for recruitment purposes.

The information we collect

We mainly collect and store information obtained directly from you. We do not collect data from any external sources (e.g. potential referees) without your prior consent, unless otherwise provided by law.

We mainly process the following information about you:

  • name, contact information, education, work experience and any other information you provide to us in your application and CV;
  • date of application and applied position; and
  • other information necessary for recruitment that you provide to us during the recruitment process.

Why we collect your data and legal basis for our processing

We collect personal information about you in the recruitment process to assess whether you could be a suitable candidate for an open position.

We process your personal data only for legitimate human resources and business management purposes based on your consent or request prior entering into an employment agreement, our legitimate interest (e.g. to comply with our employer obligations and to protect our legal position in the event of legal proceedings) or a legal obligation.

How we protect your personal data

Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user. If we need to process your personal data manually, it is stored in locked cabinets within office premises and protected by an access control system.

Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.

Disclosures of personal data

We do not disclose your personal data to third-parties, unless disclosure is required by the law, formalities of public authorities (e.g. employment authorities), or for some other justified purpose. However, we may share your information with our employees and external service providers who are obliged to process the data on our behalf and for the abovementioned purpose, mainly to assist us in the recruitment process (e.g. Azets Insight Oy) or maintain our IT systems (e.g. cloud hosting and storage services).

Transfers of personal data outside of the EU/EEA

We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.

How long we store your personal data

We store your application and any other information you have provided to us until the recruitment process has been completed and for a one (1) year period thereafter. On your consent, your information can be stored for as long as we consider your application relevant to us, a maximum period of two (2) years, in order to consider your application to a further job opportunity. Thereafter, we may retain a minimum amount of your personal data to record your recruiting activity with us.

In addition, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.

We regularly review the need for data storage and delete data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.

What are your rights and how to exercise them

You have the right, with the restrictions that follow from legislation, to:

  • access the personal data we process about you and request a copy of the data;
  • request that we make corrections to any incorrect or incomplete personal data about you in our records and in some cases, the erasure of your personal data;
  • request that we restrict the processing of your personal data only to storage, e.g. if you contest the correctness of the data or the lawfulness of the processing;
  • object to the processing of your personal data when the processing is based on our legitimate interest;
  • receive, under certain preconditions, your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and the right to transmit the data to another controller; and
  • withdraw your consent, if we are processing your data based on your consent.

In addition, you have the right to refuse the use of your personal data for direct marketing and profiling in connection to such marketing any time. We do not make any recruiting or hiring decisions based solely on automated decision-making.

To exercise your rights, please send your request in writing to the email or the postal address indicated above.

If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.

Changes to our Privacy Policy

If we make any changes to our Privacy Policy, the updated Privacy Policy can be found on our website with an indication of the amendment date. Please review this Privacy Policy from time to time to stay updated on any changes. If the changes are significant, we may also inform you about this by other means, for example by sending an email.

Last updated in September 2018.