These Terms of Service (“Terms”) set forth the terms for purchasing and using the My Nightingale service (“Service”).
By placing an order, you agree to be bound by these Terms and use the My Nightingale Service in accordance with these Terms. By placing an order, you warrant that you are at least 18 years old. If you are buying the Service for someone else, you warrant that the user of the Service is at least 18 years old.
The Service is valid and can be used for 12 months from the purchase, or in case of gift card voucher, from redeeming the gift card voucher. The gift card voucher is valid until the expiry date indicated on the gift card voucher before which it must be redeemed.
We may revise these Terms from time to time in our sole discretion. The version of the Terms which exists at the time you place your order will be the terms which govern the Service. Please check this page before you submit an order for Services, as this version may be different from the version(s) which applied to previous order(s) for Services you submitted.
My Nightingale is a health service that provides comprehensive blood-based information to help you maintain and improve your health and wellbeing.
The Service consists of:
a) Blood test at Nightingale Nest;
b) measuring and analysing your blood sample using Nightingale’s proprietary technology; and
c) providing the results via My Nightingale app.
The price of the Service is the price indicated on the order page of the My Nightingale site (“Site”) when you placed your order. Payment of the price of the Service shall be made at the time you place the order.
After payment, we will send you email to confirm your purchase.
You have a right to a refund within 14 days of purchase. However, if you take the blood test before the end of the 14-days cancellation period, a refund is no longer possible.
Your My Nightingale blood test results (“Results”) include the Nightingale Health Index, a number of health indicators and biomarkers, which are parameters of metabolic health.
We aim to provide your Results within two to seven working days of the blood test. We will make every reasonable effort to ensure that your Results are delivered within the estimated timescale.
The Results are provided to you via My Nightingale app (“App”). To book time for blood test and to receive Results through My Nightingale app, you must create an account on the My Nightingale Site. You are solely responsible for keeping your password and account details confidential and are fully responsible for all activities that occur under your password or account.
The health indicators are based on scientific research findings on how the blood test results in some large studies correlate with common chronic diseases as well as overall health. The health indicators give you indicative information about your wellbeing. The health indicators cannot be considered as a diagnosis and as such cannot be used as a basis for diagnosis.
Ketosis is reflected by a raised level of beta-hydroxybutyrate, the main ketone bodies circulating in your blood. Ketosis result is based on reference values as found in scientific literature or commonly used in laboratories giving you indicative information about your body’s ketosis state. Ketosis result cannot be considered as a diagnosis and as such cannot be used as a basis for diagnosis or for other diagnostic purposes.
Any intervention or other action you decide to do based on your Results is entirely at your own risk.
You acknowledge and agree that Nightingale owns all intellectual property rights related to the Service.
Nightingale’s maximum liability for any responsibility under these Terms is limited to the amount you paid (or someone paid on your behalf) for the Service or one hundred (EUR 100) euros, where no amount is paid to us. Nightingale is not liable for any indirect damage.
Nightingale is committed to the high standards of data protection and privacy set forth by the GDPR. Nightingale has implemented measures and systems to ensure the confidentiality of your data.
For a full description of data protection, see our Privacy Policy.
Nightingale is entitled to use subcontractors to fulfil any of its obligations without separate permission from you.
You may not transfer your rights or your obligations under these Terms without our prior written consent.
Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are invalid, illegal or unenforceable, the remaining paragraphs will remain in full force and effect.
These Terms constitute the entire agreement relating to the Service, and no other communications, whether oral or written, are considered as part of the Terms.
These Terms are governed by the laws of Finland, excluding its regulations regarding the choice of law.
Any dispute relating to these Terms can be settled by the Consumer Disputes Board (for more information: kuluttajariita.fi) or the district court of Helsinki or the district court of your domicile.
Effective from 27 May 2020
These Terms of Service (“Terms”) set forth the terms for purchasing and using the Nightingale Covid Risk service (“Service”).
By placing an order, you agree to be bound by these Terms and use the Service in accordance with these Terms. By placing an order, you warrant that you are at least 18 years old. If you are buying the Service for someone else, you warrant that the user of the Service is at least 18 years old.
The Service is valid and can be used for 6 months from the purchase.
We may revise these Terms from time to time in our sole discretion. The version of the Terms which exists at the time you place your order will be the terms which govern the Service. Please check this page before you submit an order for Services, as this version may be different from the version(s) which applied to previous order(s) for Services you submitted.
Nightingale Covid Risk is a health service that estimates your risk of developing severe COVID-19 symptoms in case of infection. The Service consists of
a) Blood test at Nightingale Nest, if not otherwise agreed;
b) measuring and analysing your blood sample using Nightingale’s proprietary technology; and
c) providing the results via Nightingale Covid Risk app.
If the Service is purchased on the Nightingale Covid Risk site (“Site”), the price of the Service is the price indicated on the order page of the Site when placing the order. Payment of the price of the Service shall be made at the time of placing the order.
After payment, we will send an email to confirm the purchase.
You have a right to a refund within 14 days of purchase. However, if you take the blood test before the end of the 14-days cancellation period, a refund is no longer possible.
Your Nightingale Covid Risk blood test results (“Results”) describe if you are at increased risk of developing severe COVID-19 symptoms in case of an infection (“Covid Severity Score”). We estimate your Covid Severity Score based on a molecular profile in your blood.
Your Results are based on our scientific research findings from the UK Biobank COVID-19 data. Our analysis has identified a unique molecular profile in the blood which is common among those who get severely ill due to COVID-19. The Covid Severity Score is calculated based on the blood test only. It does not take into account other risk factors you may have.
We aim to provide your Results within two to seven working days of the blood test. We will make every reasonable effort to ensure that your Results are delivered within the estimated timescale.
Your Results are provided to you via Nightingale Covid Risk app (“App”). To book time for blood test and to receive Results through App, you must create an account on the Site. You are solely responsible for keeping your password and account details confidential and are fully responsible for all activities that occur under your password or account.
Please note that your Results:
Any intervention or other action you decide to do based on your Results is entirely at your own risk.
You acknowledge and agree that Nightingale owns all intellectual property rights related to the Service.
Nightingale’s maximum liability for any responsibility under these Terms is limited to the amount you paid (or someone paid on your behalf) for the Service or one hundred (EUR 100) euros, where no amount is paid to us. Nightingale is not liable for any indirect damages.
Nightingale is committed to the high standards of data protection and privacy set forth by the GDPR. Nightingale has implemented measures and systems to ensure the confidentiality of your data.
For full description of data protection, see our Privacy Policy [].
Nightingale is entitled to use subcontractors to fulfil any of its obligations without separate permission from you.
You may not transfer your rights or your obligations under these Terms without our prior written consent.
Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are invalid, illegal or unenforceable, the remaining paragraphs will remain in full force and effect.
These Terms constitute the entire agreement relating to the Service, and no other communications, whether oral or written, are considered as part of the Terms.
These Terms are governed by the laws of Finland, excluding its regulations regarding the choice of law.
Any dispute relating to these Terms can be settled by the Consumer Disputes Board (for more information: kuluttajariita.fi) or the district court of Helsinki or the district court of your domicile.
Effective from 5 October 2020
By visiting our website nightingalehealth.com (the “Site”) you agree to the following Terms and Conditions. Please note that you must not use the Site, if you object to any of the following Terms and Conditions. These Terms and Conditions, including any legal notices and disclaimers contained on the Site, constitute the entire agreement between “Nightingale Health Ltd” and you in relation to your use of the Site, and supersede all prior agreements and understandings with respect to the same.
This Site uses cookies. By using this Site and agreeing to these Terms and Conditions, you consent to our use of cookies as stated in our Cookie policy.
Unless otherwise stated, Nightingale Health Ltd owns the intellectual property rights of the Site and all of its published content. All material on the Site is subject to copyright protection (including but not limited to: corporate symbols, brand names, product names, trademarks, text, images and audio-visual elements), with all intellectual property rights reserved. Reproduction, transfer, distribution or storage (whether partial or full) of the content in any form, without our prior written permission, is prohibited, except in accordance with the following:
You are expressly restricted from:
Use of any external websites through links on the Site are subject to their own separate terms and conditions. We have no control over the contents or properties of such websites, and assume no liability for any matters arising out of your use of them. Unless specifically stated to the contrary, we do not endorse any website we link to, nor the owners, operators, contents or other related properties.
Certain areas of the Site may have restricted access. We may further restrict your access to any areas of the Site, at any time, in its sole and absolute discretion.
Any user ID and passwords you may have for the Site are confidential and you are responsible for maintaining the confidentiality of such information.
In these Terms and Conditions, “Your Content” shall mean any audio, video, text, images or other material you choose to display on the Site. With respect to Your Content, by displaying it you grant Nightingale Health Ltd a non-exclusive, worldwide, irrevocable, royalty-free, sublicensable license, to use, reproduce, adapt, publish, translate and distribute it in any and all media. Your Content must be your own and must not be unlawful, unfit for publication, or infringing on any third-party’s rights. We reserve the right to remove any of Your Content from the Site at any time, for any reason, and without prior notice.
The Site is provided “as is,” and on an “as available” basis. Nightingale Health Ltd makes no express or implied representations or warranties, of any kind related to the Site and its material.
Without prejudice Nightingale Health Ltd does not warrant the following:
In no event shall Nightingale Health Ltd, or any of its directors or employees, be liable to you for anything arising out of, or in any way connected with, your use or the inability to use this Site. We share no liability for any inaccuracies, delays, failures contained on the Site, or for any direct, indirect, consequential or special liability arising out of your use of it.
You hereby indemnify Nightingale Health Ltd for any damage Nightingale Health Ltd may incur and any third party claims against Nightingale Health Ltd, in relation to the material you submit.
Nightingale Health Ltd maintains a high level of protection of your privacy. We process your personal data in accordance with the applicable Finnish and European Union personal data legislation. We may need to collect personal data through the Site for the information services you need and for marketing, sales and business development purposes. You may at any time request us to correct, update or delete your personal data. We may transfer personal data only to our trusted partners and as required by the law or formalities of public authorities. More information about protecting personal data and information security can be found in our Privacy Policy.
If any provision of these Terms and Conditions is found to be unenforceable or invalid under law, such unenforceability or invalidity shall not render these Terms and Conditions unenforceable or invalid as a whole, and such provisions shall be deleted without affecting the remaining provisions herein.
We are permitted to revise these Terms and Conditions at any time as we see fit without prior notification.
We are permitted to assign, transfer, and subcontract our rights and/or obligations under these Terms and Conditions without any notification or consent required. However, you shall not be permitted to assign, transfer, or subcontract any of your rights and/or obligations under these Terms and Conditions.
These Terms and Conditions, including any legal notices and disclaimers contained on this Website, constitute the entire agreement between Nightingale Health Ltd and you in relation to your use of this Website, and supersede all prior agreements and understandings with respect to the same.
These Terms and Conditions will be governed by and construed in accordance with the laws of Finland, without regard to the principles governing conflicts of any jurisdiction.
Nightingale Health Ltd. (the “Company”)
Business ID: 1750524-0
Address: Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email: privacy@nightingalehealth.com
If you have any questions relating to the processing of your personal data or if you wish to exercise your rights, please contact us by email or the postal address indicated above. We have privacy policies for the following categories:
This Privacy Policy describes how we collect and use personal data of our customers, potential customers and other business contacts.
We mainly process personal data obtained directly from you. We may collect your personal data whenever you contact us, use our resources or visit our website nightingalehealth.com (the “Site”). In addition, your personal data may be collected and updated from other sources, such as websites of associated companies, private and public registers, and other service providers (e.g. Suomen Asiakastieto Oy).
We mainly process the following types of information:
We process your personal data mainly for the following purposes based on your consent, our legitimate interest (e.g. customer relationship management, business development and marketing), a performance of a contract with you, or a legal obligation:
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user.
Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
We do not disclose or sell data to third-parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose. However, we may share information with our external service providers who are obliged to process the data on our behalf and for the abovementioned purposes, mainly to maintain our IT, customer and marketing systems.
We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection, as required by the applicable data protection legislation.
Your personal data will be stored for the purposes mentioned above as long as:
However, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.
We regularly review the need for data storage and delete the data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.
You have the right, with the restrictions that follow from legislation, to:
To exercise your rights, requests must be made in writing to the email or the postal address indicated above. You may exercise your rights free of charge. However, we reserve the right to charge a reasonable fee in accordance with the applicable data protection legislation.
In addition, you always have the right to refuse the use of your personal data for opinion surveys, direct marketing and profiling in connection to such marketing. A refusal can be made at any time by using the email or postal address indicated above, or by unsubscribing from our mailing list by following the instructions included in our marketing emails.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.
If we make any changes to our Privacy Policy, the updated Privacy Policy can be found on our website with an indication of the amendment date. Please review this Privacy Policy from time to time to stay updated on any changes. If the changes are significant, we may also inform you about this by other means, for example by sending an email.
Last updated in September 2018.
This Privacy Policy describes how we collect and store personal data of our recruitment candidates for recruitment purposes.
We mainly collect and store information obtained directly from you. We do not collect data from any external sources (e.g. potential referees) without your prior consent, unless otherwise provided by law.
We mainly process the following information about you:
We collect personal information about you in the recruitment process to assess whether you could be a suitable candidate for an open position.
We process your personal data only for legitimate human resources and business management purposes based on your consent or request prior entering into an employment agreement, our legitimate interest (e.g. to comply with our employer obligations and to protect our legal position in the event of legal proceedings) or a legal obligation.
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user. If we need to process your personal data manually, it is stored in locked cabinets within office premises and protected by an access control system.
Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
We do not disclose your personal data to third-parties, unless disclosure is required by the law, formalities of public authorities (e.g. employment authorities), or for some other justified purpose. However, we may share your information with our employees and external service providers who are obliged to process the data on our behalf and for the abovementioned purpose, mainly to assist us in the recruitment process (e.g. Azets Insight Oy) or maintain our IT systems (e.g. cloud hosting and storage services).
We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.
We store your application and any other information you have provided to us until the recruitment process has been completed and for a one (1) year period thereafter. On your consent, your information can be stored for as long as we consider your application relevant to us, a maximum period of two (2) years, in order to consider your application to a further job opportunity. Thereafter, we may retain a minimum amount of your personal data to record your recruiting activity with us.
In addition, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.
We regularly review the need for data storage and delete data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.
You have the right, with the restrictions that follow from legislation, to:
In addition, you have the right to refuse the use of your personal data for direct marketing and profiling in connection to such marketing any time. We do not make any recruiting or hiring decisions based solely on automated decision-making.
To exercise your rights, please send your request in writing to the email or the postal address indicated above.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.
Nightingale Health Ltd. (business ID 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email of the Data Protection Officer: privacy@nightingalehealth.com
The register has been set up for My Nightingale -service (the “Service”) provided by Nightingale Health Ltd.. We process your data for the following purposes:
The processing of the personal data is based on laws and regulations, such as:
We are processing the following personal data:
Basic information:
Health data necessary for the Service:
Data related to the customer history:
The personal data stored in the register is primarily collected from you and the blood sample you have given. Information can be updated from public registers, such as the Population Register.
Your health data is confidential. Persons processing the health data are bound by confidentiality obligation. Health data can be disclosed with a customer’s written consent or as provided by law. A consent to disclose health data can be restricted or withdrawn at any time.
Based on legislation, we have either the right or the obligation to disclose data e.g. to the supervisory authorities, such as Regional State Administrative Agencies, Office of the Data Protection Ombudsman, National Supervisory Authority for Welfare and Health, municipalities’ social welfare authorities, and judicial authorities.
We use external service providers to manage our IT, marketing, patient data, and customer information systems. We conclude data processing agreements with all service providers and require them to process personal data only to the extent necessary to provide such service.
We do not transfer your patient data outside the EU or the EEA. However, our external service providers may process your other personal data outside the EU or the EEA. In that case, we will provide adequate and appropriate safeguards in accordance with the applicable data protection legislation.
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We apply the appropriate physical, technical, and administrative safeguards to protect data from misuse. These safeguards include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to the personnel participating in the personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Personal data are processed only by those persons, who need the personal data to perform their job duties. Confidential patient data and records are stored in a patient data system, to which access rights are granted based on the role described in the employees’ job description. Manual material is archived in a locked area accessible only to restricted persons according to EN ISO 13485 Quality Management System.
Material on a paper format is stored in a locked area accessible only to persons who are processing such matters or documents.
To ensure the implementation of data protection, we conclude data processing agreements with our subcontractors who are processing personal data on our behalf.
Patient data are retained for as long as necessary, subject to compliance with the retention periods stipulated by the applicable laws and regulations (such as the Act on the Status and Rights of Patients and the Decree of the Ministry of Social Affairs and Health on Patient Records). As a rule, the retention period is 12 years from the patient’s death, or, if such information is not available, 120 years from the patient’s birth. After the measurement, the blood samples are stored for three months for quality control purposes, after which they are either anonymized or disposed of according to the process of EN ISO 13485 Quality Management System. Otherwise, the personal data are retained for as long as necessary for the purposes mentioned in section 2, after which they are either deleted or anonymized.
As a data subject, you have the following rights:
You may exercise your rights by submitting a free-form written request by email or letter to the addresses mentioned in section 1 above. The requests are always processed on a case-by-case basis.
In addition, you have a right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU General Data Protection Regulation.
Nightingale Health Oy (y-tunnus 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Puh. +358 20 730 1810
Tietosuojavastaavan sähköposti: privacy@nightingalehealth.com
Rekisteri on perustettu Nightingale Health Oy:n tarjoamaa My Nightingale -palvelua varten (”Palvelu”). Käsittelemme tietojasi seuraaviin käyttötarkoituksiin:
Henkilötietojen käsittely perustuu lakeihin ja asetuksiin, kuten:
Käsittelemme seuraavia henkilötietoja:
Perustiedot:
Palvelua varten tarvittavat terveystiedot:
Asiakashistoriaan liittyvät tiedot:
Rekisteriin tallennettavat henkilötiedot kerätään ensisijaisesti sinulta itseltäsi ja antamastasi verinäytteestä. Tietoja voidaan päivittää julkisista rekistereistä kuten väestörekisteristä.
Terveystiedot ovat salassa pidettäviä. Tietoja käsittelevillä on salassapito- ja vaitiolovelvollisuus. Terveystietoja voidaan luovuttaa asiakkaan kirjallisella suostumuksella tai laissa säädetyn mukaisesti. Suostumusta tietojen luovuttamiseen voi milloin tahansa rajata tai peruuttaa kokonaan.
Lainsäädännön perusteella meillä on joko oikeus tai velvollisuus luovuttaa tietoja esim. seuraaville tahoille:
Käytämme ulkopuolisia palveluntarjoajia IT- ja markkinointijärjestelmien, potilastietojärjestelmän sekä asiakastietojärjestelmän hallintaan. Solmimme kaikkien palveluntarjoajien kanssa sopimuksen henkilötietojen käsittelystä ja edellytämme yhteistyökumppaneidemme käsittelevän henkilötietoja vain siinä määrin kuin se on tarpeen ko. palvelun tuottamiseksi.
Emme siirrä potilastietojasi EU:n tai ETA-alueen ulkopuolelle. Ulkopuoliset palveluntarjoajamme voivat kuitenkin käsitellä muita henkilötietojasi EU:n tai ETA-alueen ulkopuolella. Siinä tapauksessa huolehdimme riittävistä ja asianmukaisista suojatoimista soveltuvan tietosuojalainsäädännön mukaisesti.
Sisäinen organisaatiomme on rakennettu vastaamaan EN ISO 13485 sertifioidun laatujärjestelmämme vaatimuksia ja toimintaamme sovellettavaa tietosuojalainsäädäntöä. Käytämme asianmukaisia fyysisiä, teknisiä ja hallinnollisia suojakeinoja tietojen suojaamiseksi väärinkäytöksiltä. Tällaisia keinoja ovat mm. tietoverkkoliikenteen kontrollointi ja suodattaminen, salaustekniikoiden, turvallisten laitetilojen käyttö, asianmukainen kulunvalvonta, hallittu käyttöoikeuksien myöntäminen ja niiden käytön valvonta, henkilötietojen käsittelyyn osallistuvan henkilöstön ohjeistaminen sekä palvelujemme suunnittelussa, toteuttamisessa ja ylläpidossa tapahtuva riskienhallinta. Henkilötietoja käsittelevät ainoastaan sellaiset henkilöt, joille se on työtehtävien hoitamisen vuoksi tarpeellista. Salassa pidettävien potilastietojen ja asiakirjojen säilytykseen käytetään potilastietojärjestelmää, johon myönnetään oikeudet roolipohjaisesti työtehtävien perusteella. Manuaalinen aineisto arkistoidaan lukittuun tilaan, johon on pääsy vain EN ISO 13485 laatujärjestelmän mukaisesti rajatuilla henkilöillä.
Paperimuodossa oleva aineisto säilytetään lukituissa tiloissa, joihin on pääsy vain ko. asioita tai asiakirjoja käsittelevillä henkilöillä.
Varmistamme meidän lukuumme henkilötietoja käsittelevien alihankkijoiden kanssa tehtävillä tietojenkäsittelysopimuksilla tietosuojan toteutumisen.
Potilastietoja säilytetään niin kauan kuin on tarpeen ottaen huomioon laista ja asetuksista (kuten laki potilaan asemasta ja oikeuksista sekä sosiaali- ja terveysministeriön asetus potilasasiakirjoista) noudatettavaksi tulevat säilytysajat. Säilytysaika on pääsääntöisesti 12 vuotta potilaan kuolemasta tai, jos siitä ei ole tietoa, 120 vuotta potilaan syntymästä. Verinäytteet säilytetään laadunvalvontatarkoitusta varten kolme kuukautta mittauksesta, jonka jälkeen verinäytteet joko anonymisoidaan tai hävitetään EN ISO 13485 laatujärjestelmän prosessia noudattaen. Muilta osin henkilötietoja säilytetään niin kauan kuin se on tarpeellista edellä kohdassa 2 mainittujen käyttötarkoituksien toteuttamiseksi, minkä jälkeen ne joko poistetaan tai anonymisoidaan.
Rekisteröitynä sinulla on seuraavat oikeudet:
Voit käyttää oikeuksiasi toimittamalla vapaamuotoisen kirjallisen tietopyynnön ja/tai vaatimuksen, joka käsitellään aina tapauskohtaisesti, sähköpostitse tai kirjeitse edellä kohdassa 1 mainittuihin osoitteisiin.
Lisäksi sinulla on oikeus tehdä valitus valvontaviranomaiselle, erityisesti siinä EU-jäsenvaltiossa, jossa vakinainen asuinpaikkasi tai työpaikkasi on taikka jossa väitetty rikkominen on tapahtunut, jos katsot, että sinua koskevien henkilötietojen käsittelyssä rikotaan EU:n tietosuoja-asetusta.
Nightingale Health Ltd. (business ID 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email of the Data Protection Officer: privacy@nightingalehealth.com
The register has been set up for Nightingale Covid Risk -service (the “Service”) provided by Nightingale Health Ltd.. We process your data for the following purposes:
The processing of the personal data is based on laws and regulations, such as:
as well as a consent, an agreement and a legitimate interest of Nightingale Health Ltd. (incl. planning and reporting our operations, marketing and collection).
We are processing the following personal data:
Basic information:
Health data necessary for the Service:
Data related to the customer history:
The personal data stored in the register is primarily collected from you and the blood sample you have given. Information can be updated from public registers, such as the Population Register.
Your health data is confidential. Persons processing the health data are bound by confidentiality obligation. Health data can be disclosed with a customer’s written consent or as provided by law. A consent to disclose health data can be restricted or withdrawn at any time.
Based on legislation, we have either the right or the obligation to disclose data e.g. to the supervisory authorities, such as Regional State Administrative Agencies, Office of the Data Protection Ombudsman, National Supervisory Authority for Welfare and Health, municipalities’ social welfare authorities, and judicial authorities.
We use external service providers to manage our IT, marketing, patient data, and customer information systems. We conclude data processing agreements with all service providers and require them to process personal data only to the extent necessary to provide such service.
We do not transfer your patient data outside the EU or the EEA. However, our external service providers may process your other personal data outside the EU or the EEA. In that case, we will provide adequate and appropriate safeguards in accordance with the applicable data protection legislation.
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We apply the appropriate physical, technical and administrative safeguards to protect data from misuse. These safeguards include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to the personnel participating in the personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Personal data are processed only by those persons, who need the personal data to perform their job duties. Material on a paper format is stored in a locked area accessible only to persons who are processing such matters or documents.
Confidential patient data and records are stored in a patient data system, to which access rights are granted based on the role described in the employees’ job description. Manual material is archived in a locked area accessible only to restricted persons according to EN ISO 13485 Quality Management System.
To ensure the implementation of data protection, we conclude data processing agreements with our subcontractors who are processing personal data on our behalf.
Patient data are retained for as long as necessary, subject to compliance with the retention periods stipulated by the applicable laws and regulations (such as the Act on the Status and Rights of Patients and the Decree of the Ministry of Social Affairs and Health on Patient Records). As a rule, the retention period is 12 years from the patient’s death, or, if such information is not available, 120 years from the patient’s birth. After the measurement, the blood samples are stored for three months for quality control purposes, after which they are either anonymized or disposed of according to the process of EN ISO 13485 Quality Management System. Otherwise, the personal data are retained for as long as necessary for the purposes mentioned in section 2, after which they are either deleted or anonymized.
As a data subject, you have the following rights:
You may exercise your rights by submitting a free-form written request by email or letter to the addresses mentioned in section 1 above. The requests are always processed on a case-by-case basis.
In addition, you have a right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU General Data Protection Regulation.
Effective from 5 October 2020
Nightingale Health Oy (y-tunnus 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Puh. +358 20 730 1810
Tietosuojavastaavan sähköposti: privacy@nightingalehealth.com
Rekisteri on perustettu Nightingale Health Oy:n tarjoamaa Nightingale Covid Risk -palvelua varten (”Palvelu”). Käsittelemme tietojasi seuraaviin käyttötarkoituksiin:
Henkilötietojen käsittely perustuu lakeihin ja asetuksiin, kuten:
sekä suostumukseen, sopimukseen ja Nightingale Health Oy:n oikeutettuun etuun (ml. toiminnan suunnittelu ja raportointi, markkinointi ja perintä).
Käsittelemme seuraavia henkilötietoja:
Perustiedot:
Palvelua varten tarvittavat terveystiedot:
Asiakashistoriaan liittyvät tiedot:
Rekisteriin tallennettavat henkilötiedot kerätään ensisijaisesti sinulta itseltäsi ja antamastasi verinäytteestä. Tietoja voidaan päivittää julkisista rekistereistä kuten väestörekisteristä.
Terveystiedot ovat salassa pidettäviä. Tietoja käsittelevillä on salassapito- ja vaitiolovelvollisuus. Terveystietoja voidaan luovuttaa asiakkaan kirjallisella suostumuksella tai laissa säädetyn mukaisesti. Suostumusta tietojen luovuttamiseen voi milloin tahansa rajata tai peruuttaa kokonaan.
Lainsäädännön perusteella meillä on joko oikeus tai velvollisuus luovuttaa tietoja esim. seuraaville tahoille:
Käytämme ulkopuolisia palveluntarjoajia IT- ja markkinointijärjestelmien, potilastietojärjestelmän sekä asiakastietojärjestelmän hallintaan. Solmimme kaikkien palveluntarjoajien kanssa sopimuksen henkilötietojen käsittelystä ja edellytämme yhteistyökumppaneidemme käsittelevän henkilötietoja vain siinä määrin kuin se on tarpeen ko. palvelun tuottamiseksi.
Emme siirrä potilastietojasi EU:n tai ETA-alueen ulkopuolelle. Ulkopuoliset palveluntarjoajamme voivat kuitenkin käsitellä muita henkilötietojasi EU:n tai ETA-alueen ulkopuolella. Siinä tapauksessa huolehdimme riittävistä ja asianmukaisista suojatoimista soveltuvan tietosuojalainsäädännön mukaisesti.
Sisäinen organisaatiomme on rakennettu vastaamaan EN ISO 13485 sertifioidun laatujärjestelmämme vaatimuksia ja toimintaamme sovellettavaa tietosuojalainsäädäntöä. Käytämme asianmukaisia fyysisiä, teknisiä ja hallinnollisia suojakeinoja tietojen suojaamiseksi väärinkäytöksiltä. Tällaisia keinoja ovat mm. tietoverkkoliikenteen kontrollointi ja suodattaminen, salaustekniikoiden, turvallisten laitetilojen käyttö, asianmukainen kulunvalvonta, hallittu käyttöoikeuksien myöntäminen ja niiden käytön valvonta, henkilötietojen käsittelyyn osallistuvan henkilöstön ohjeistaminen sekä palvelujemme suunnittelussa, toteuttamisessa ja ylläpidossa tapahtuva riskienhallinta. Henkilötietoja käsittelevät ainoastaan sellaiset henkilöt, joille se on työtehtävien hoitamisen vuoksi tarpeellista. Paperimuodossa oleva aineisto säilytetään lukituissa tiloissa, joihin on pääsy vain ko. asioita tai asiakirjoja käsittelevillä henkilöillä.
Salassa pidettävien potilastietojen ja asiakirjojen säilytykseen käytetään potilastietojärjestelmää, johon myönnetään oikeudet roolipohjaisesti työtehtävien perusteella. Manuaalinen aineisto arkistoidaan lukittuun tilaan, johon on pääsy vain EN ISO 13485 laatujärjestelmän mukaisesti rajatuilla henkilöillä.
Varmistamme meidän lukuumme henkilötietoja käsittelevien alihankkijoiden kanssa tehtävillä tietojenkäsittelysopimuksilla tietosuojan toteutumisen.
Potilastietoja säilytetään niin kauan kuin on tarpeen ottaen huomioon laista ja asetuksista (kuten laki potilaan asemasta ja oikeuksista sekä sosiaali- ja terveysministeriön asetus potilasasiakirjoista) noudatettavaksi tulevat säilytysajat. Säilytysaika on pääsääntöisesti 12 vuotta potilaan kuolemasta tai, jos siitä ei ole tietoa, 120 vuotta potilaan syntymästä. Verinäytteet säilytetään laadunvalvontatarkoitusta varten kolme kuukautta mittauksesta, jonka jälkeen verinäytteet joko anonymisoidaan tai hävitetään EN ISO 13485 laatujärjestelmän prosessia noudattaen. Muilta osin henkilötietoja säilytetään niin kauan kuin se on tarpeellista edellä kohdassa 2 mainittujen käyttötarkoituksien toteuttamiseksi, minkä jälkeen ne joko poistetaan tai anonymisoidaan.
Rekisteröitynä sinulla on seuraavat oikeudet:
Voit käyttää oikeuksiasi toimittamalla vapaamuotoisen kirjallisen tietopyynnön ja/tai vaatimuksen, joka käsitellään aina tapauskohtaisesti, sähköpostitse tai kirjeitse edellä kohdassa 1 mainittuihin osoitteisiin.
Lisäksi sinulla on oikeus tehdä valitus valvontaviranomaiselle, erityisesti siinä EU-jäsenvaltiossa, jossa vakinainen asuinpaikkasi tai työpaikkasi on taikka jossa väitetty rikkominen on tapahtunut, jos katsot, että sinua koskevien henkilötietojen käsittelyssä rikotaan EU:n tietosuoja-asetusta.
As is common practice with almost all professional websites, nightingalehealth.com (the “Site”) uses cookies. Cookies are small files that are downloaded to your device in order to improve your experience whenever you visit us.
We store cookies on your device if they are strictly necessary for the operation of this Site. With your consent, we may also use other types of cookies to personalise content and advertisements and to analyse our traffic. We share information about your use of our Site with our social media, advertising and analytics partners, who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
How long are cookies retained on your device?
Cookies can either be session cookies (they last only until you close your browser) or persistent (they remain on your computer or device until you delete them). Session cookies are usually used to remember relevant settings of your browsing session. Persistent cookies may typically be used for targeted advertising and gaining insight on how you use our Site.
We use both session and persistent cookies. Persistent cookies are stored on your hard drive in between browser sessions until you delete them or they reach their expiry date as set forth in our cookie declaration.You can at any time change or withdraw your consent. You can at any time change or withdraw your consent.
You can find more information about cookies used on this Site (Cookie declaration) and check your current state and change your consent here.
Third-party Cookies
Third-party cookies are cookies set by someone other than us for purposes such as collecting information on user behavior, demographics, or personalized marketing. When using our Site, you may encounter embedded content or you may be directed to other websites for such activities as making a payment. These websites and embedded content may use their own cookies. We do not have control over the placement of cookies by other websites, even if you are directed to them from our Site.
This Site uses Google Analytics, a third-party web analytics service. Occasionally we may also use the data collected by Google Analytics to produce browser-specifically targeted advertising provided by Google Adwords.
Google’s Privacy Policy is available at: http://www.google.com/intl/en/policies/privacy/
In addition, we use Leadfeeder to further refine the data collected by Google Analytics.
Leadfeeder’s Privacy Policy is available at: https://www.leadfeeder.com/privacy/
When you subscribe to our newsletter, MailChimp (The Rocket Science Group, LLC), which we use to manage our newsletter subscriber lists and send emails to our subscribers, may collect information about your device and interaction with an email by using cookies and other tracking technologies.
MailChimp’s privacy policy is available at: https://mailchimp.com/legal/privacy/
To provide answers for frequently asked questions on the My Nightingale service FAQ page, we use Intercom. In addition, we may use Intercom to communicate with you and answer your questions about the My Nightingale service on the FAQ page.
You can find Intercom’s Privacy Policy at: https://www.intercom.com/terms-and-policies#privacy
To process payments as part of the purchasing process for the My Nightingale service, we use Stripe.
You can find Stripe’s Privacy Policy at: https://stripe.com/en-fi/privacy
Learn more about how we process personal data in our Privacy Policy. If you are looking for further information, or have any questions about cookies, please don’t hesitate to contact us via email.