Effective from 30 June 2021
These Terms of Service (“Terms”) set forth the terms for purchasing and using the My Nightingale service (“Service”).
By placing an order, you acknowledge and agree to be bound by these Terms and use the My Nightingale Service in accordance with these Terms. By placing an order, you warrant that you are at least 18 years old. If you are buying the Service for someone else, you warrant that the user of the Service is at least 18 years old.
The Service is valid and can be used for 12 months from the purchase, or in case of gift card voucher, from redeeming the gift card voucher. The gift card voucher is valid until the expiry date indicated on the gift card voucher before which it must be redeemed. The Service is intended for sale and use in Finland only.
We may revise these Terms from time to time in our sole discretion. The version of the Terms which exists at the time you place your order will be the terms which govern the Service. Please check this page before you submit an order for Services, as this version may be different from the version(s) which applied to previous order(s) for Services you submitted.
My Nightingale is a health service that provides comprehensive blood-based information to help you maintain and improve your health and wellbeing.
The Service consists of:
a) Blood test at Nightingale Nest;
b) measuring and analysing your blood sample using Nightingale’s proprietary technology; and
c) providing the results via My Nightingale app.
If the Service is purchased with Nightingale Kit, the blood test is taken by using Nightingale Kit. Nightingale Kit is a CE marked in vitro diagnostic (IVD) medical device providing all necessary items, as listen in the instructions of Nightingale Kit, for you to take and send your blood sample to us for analysis.
The price of the Service is the price indicated on the order page of the My Nightingale site (“Site”) when you placed your order. Payment of the price of the Service shall be made at the time you place the order.
After payment, we will send you email to confirm your purchase.
You have a right to a refund within 14 days of purchase. However, if you take the blood test before the end of the 14-days cancellation period, a refund is no longer possible. If the Service is purchased with Nightingale Kit, a refund is possible for an unused Nightingale Kit only. For hygiene, safety and health reasons, all the items must be unopened in their original packaging. Nightingale's shipping costs are non-refundable, and you are responsible for paying the shipping costs for returning the Nightingale Kit.
If you purchase the Service with blood test at Nightingale Nest, your My Nightingale blood test results (“Results”) include the Nightingale Health Index, a number of health indicators and biomarkers, which are parameters of metabolic health. If you purchase the Service with Nightingale Kit, your Results include Nightingale Health Index and the following health indicators: Heart age and Type 2 Diabetes risk.
When using Nightingale Kit, you acknowledge and agree to use Nightingale Kit in accordance with the instructions provided by Nightingale. Special attention should be paid to warnings and precautions of the instructions. Nightingale Kit should not be used in case you have a bleeding disorder. Not following the instructions provided by Nightingale can result in inaccurate Results or inability to process your blood sample and deliver the Results. Nightingale is not responsible for your failure to follow instructions.
Nightingale Kit orders ship Monday-Friday, most within 3 business days. We aim to provide your Results within two to seven working days of the blood test or, in case of Nightingale Kit, of receiving your blood sample. We will make every reasonable effort to ensure that your Results are delivered within the estimated timescale.
The Results are provided to you via My Nightingale app (“App”). To book time for blood test and to receive your Results through My Nightingale app, you must create an account on the Site. If the Service is purchased with Nightingale Kit, you must also register your Nightingale Kit device online before sending your blood sample to us. You are solely responsible for keeping your password and account details confidential and are fully responsible for all activities that occur under your password or account.
The health indicators are based on scientific research findings on how the blood test results in some large studies correlate with common chronic diseases as well as overall health. The health indicators give you indicative information about your wellbeing. The health indicators cannot be considered as a diagnosis and as such cannot be used as a basis for diagnosis.
Ketosis is reflected by a raised level of beta-hydroxybutyrate, the main ketone bodies circulating in your blood. Ketosis result is based on reference values as found in scientific literature or commonly used in laboratories giving you indicative information about your body’s ketosis state. Ketosis result cannot be considered as a diagnosis and as such cannot be used as a basis for diagnosis or for other diagnostic purposes.
Any intervention or other action you decide to do based on your Results is entirely at your own risk.
You acknowledge and agree that Nightingale owns all intellectual property rights related to the Service.
To the extent permitted by mandatory law,
You acknowledge and agree that you are solely responsible for your misuse of the Service or your breach of these Terms and the consequences of any such misuse or breach. Nightingale assumes no responsibility for the use of the Services outside these Terms.
Nightingale is committed to the high standards of data protection and privacy set forth by the GDPR. Nightingale has implemented measures and systems to ensure the confidentiality of your data.
For a full description of data protection, see our Privacy Policy.
Nightingale is entitled to use subcontractors to fulfil any of its obligations without separate permission from you.
You may not transfer your rights or your obligations under these Terms without our prior written consent.
Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are invalid, illegal or unenforceable, the remaining paragraphs will remain in full force and effect.
These Terms constitute the entire agreement relating to the Service, and no other communications, whether oral or written, are considered as part of the Terms.
These Terms are governed by the laws of Finland, excluding its regulations regarding the choice of law.
Any dispute relating to these Terms can be settled by the Consumer Disputes Board (for more information: kuluttajariita.fi) or the district court of Helsinki or the district court of your domicile.
These Terms of Service (“Terms”) shall be deemed to form an inseparable part of the agreement between Nightingale Health Oyj (”Nightingale”) and a corporate customer (“Customer”) purchasing My Nightingale service (“Service”) for its employees or other individuals (“End Customer”).
Nightingale and the Customer are also hereinafter referred to individually as a “Party” and collectively as “Parties”.
The agreement between Nightingale and the Customer consists of a written offer made by Nightingale ("Offer"), these Terms and the Customer’s written acceptance thereof ("Agreement"). By placing an order, the Customer agrees to be bound by these Terms. In the case of any discrepancy between the Offer and these Terms, the Offer shall prevail.
Prior to using the Service, the End Customer is required to register to the Service by using the code provided by Nightingale in accordance with My Nightingale Consumer Terms of Service valid at the time of registration. The Service must be used within twelve (12) months from the registration. The code is valid until the expiry date indicated in the Offer before which the registration must be completed.
The Agreement shall become effective on the date of the Customer’s written acceptance of the Offer and shall remain force until all the codes provided by Nightingale under the Agreement have been either used or expired.
The Customer warrants that
a) The End Customer is at least 18 years old; and
b) The representative placing the order on a behalf of the Customer has the authority to bind the Customer to the Agreement.
My Nightingale is a health service that provides comprehensive blood-based information to help maintain and improve health and wellbeing. The Service includes My Nightingale Starter Packages to be used by the End Customers, each Starter Package consisting of
a) Two blood draws at Nightingale Nest in Helsinki, if not otherwise indicated in the Offer;
b) Measuring and analyzing the blood samples using Nightingale’s proprietary technology;
c) Two personal test results delivered to the End Customer’s phone via My Nightingale mobile app (“App”).
The price of the Service is the price indicated in the Offer. The payment terms are 14 days from the invoice date. The penalty interest is according to the Finnish Interest Act valid at the time.
Both Parties may use the other Party’s name in public lists of customers and/or partnerships or in other promotional materials or discussions.
All right, title and interest in and to all copyrights and other intellectual property rights arising out of or related to the Service shall remain in Nightingale’s exclusive ownership.
Neither Party shall be liable for any indirect damages and the total liability of a Party towards the other Party under the Agreement shall not exceed the amount paid by the Customer for the Services, provided that the aforementioned shall not limit the Customer’s indemnification obligation in accordance with Section 7 (Data Protection and Privacy).
Nightingale is committed to the high standards of data protection and privacy set forth by the GDPR. Nightingale has implemented measures and systems to ensure the confidentiality of personal data.
Should Nightingale send the codes and registration instructions to the End Customers wishing to register to the Service, the Customer shall provide Nightingale with a list of the End Customers’ email addresses. The Customer warrants that it has the right to lawfully disclose the personal data to Nightingale for this purpose. The Customer shall indemnify Nightingale against all liabilities concerning such use of personal data.
Nightingale shall process the End Customers’ personal data in accordance with My Nightingale Privacy Policy (https://nightingalehealth.com/terms#my-nightingale-privacy-english)
Each Party shall keep in confidence all material and information of the other Party that is marked as confidential or which should be understood to be confidential. A Party shall have the right to use such material and information only for the purposes set forth in the Agreement; copy such material and information only to the extent necessary for the purposes of the Agreement; and disclose such material and information only to those of its employees with a need to know such material and information and then only for the purposes set forth in the Agreement.
The confidentiality obligation shall, however, not be applied to material and information that: (a) is generally available or otherwise public; (b) the Party has received from a third party without any obligation of confidentiality; (c) was in the possession of the receiving Party prior to receipt of the same from the other Party without any obligation of confidentiality related thereto; (d) a Party has developed independently without using material or information received from the other Party; or (e) a Party must disclose pursuant to a law, decree, or other order issued by the competent authorities or judicial order.
The rights and obligations pursuant to this clause shall remain in force for five (5) years after the termination of this Agreement.
The existence of the Agreement shall not be considered as confidential information.
Each of the paragraphs of the Agreement operates separately. If any court or relevant authority decides that any of them are invalid, illegal or unenforceable, the remaining paragraphs will remain in full force and effect.
The Agreement constitutes the entire Agreement, and no other communications, whether oral or written, are considered as part of the Agreement.
The Agreement shall be governed by the laws of Finland, excluding its choice of law provisions.
Any dispute, controversy or claim arising out of or relating to the Agreement, or the breach, termination or validity thereof, shall be finally settled by arbitration in accordance with the Rules for Expedited Arbitration of the Arbitration Institute of the Finland Chamber of Commerce. All arbitration awards shall be final and binding on the Parties and enforceable in any court of competent jurisdiction.
Either Party may, however, file a suit for a claim based on undisputed receivables to the District Court of Helsinki.
Effective from 1 December 2020
These Terms of Service (“Terms”) set forth the terms for purchasing and using the Nightingale Covid Risk service (“Service”).
By placing an order, you agree to be bound by these Terms and use the Service in accordance with these Terms. By placing an order, you warrant that you are at least 18 years old. If you are buying the Service for someone else, you warrant that the user of the Service is at least 18 years old.
The Service is valid and can be used for 6 months from the purchase.
We may revise these Terms from time to time in our sole discretion. The version of the Terms which exists at the time you place your order will be the terms which govern the Service. Please check this page before you submit an order for Services, as this version may be different from the version(s) which applied to previous order(s) for Services you submitted.
Nightingale Covid Risk is a health service that estimates your risk of developing severe COVID-19 symptoms in case of infection. The Service consists of
a) Blood test at Nightingale Nest, if not otherwise agreed;
b) measuring and analysing your blood sample using Nightingale’s proprietary technology; and
c) providing the results via Nightingale Covid Risk app.
If the Service is purchased on the Nightingale Covid Risk site (“Site”), the price of the Service is the price indicated on the order page of the Site when placing the order. Payment of the price of the Service shall be made at the time of placing the order.
After payment, we will send an email to confirm the purchase.
You have a right to a refund within 14 days of purchase. However, if you take the blood test before the end of the 14-days cancellation period, a refund is no longer possible.
Your Nightingale Covid Risk blood test results (“Results”) describe if you are at increased risk of developing severe COVID-19 symptoms in case of an infection (“Covid Severity Score”). We estimate your Covid Severity Score based on a molecular profile in your blood.
Your Results are based on our scientific research findings from the UK Biobank COVID-19 data. Our analysis has identified a unique molecular profile in the blood which is common among those who get severely ill due to COVID-19. The Covid Severity Score is calculated based on the blood test only. It does not take into account other risk factors you may have.
We aim to provide your Results within two to seven working days of the blood test. We will make every reasonable effort to ensure that your Results are delivered within the estimated timescale.
Your Results are provided to you via Nightingale Covid Risk app (“App”). To book time for blood test and to receive Results through App, you must create an account on the Site. You are solely responsible for keeping your password and account details confidential and are fully responsible for all activities that occur under your password or account.
Please note that your Results:
Any intervention or other action you decide to do based on your Results is entirely at your own risk.
You acknowledge and agree that Nightingale owns all intellectual property rights related to the Service.
Nightingale’s maximum liability for any responsibility under these Terms is limited to the amount you paid (or someone paid on your behalf) for the Service or one hundred (EUR 100) euros, where no amount is paid to us. Nightingale is not liable for any indirect damages.
Nightingale is committed to the high standards of data protection and privacy set forth by the GDPR. Nightingale has implemented measures and systems to ensure the confidentiality of your data.
For full description of data protection, see our Privacy Policy.
Nightingale is entitled to use subcontractors to fulfil any of its obligations without separate permission from you.
You may not transfer your rights or your obligations under these Terms without our prior written consent.
Each of the paragraphs of these Terms operates separately. If any court or relevant authority decides that any of them are invalid, illegal or unenforceable, the remaining paragraphs will remain in full force and effect.
These Terms constitute the entire agreement relating to the Service, and no other communications, whether oral or written, are considered as part of the Terms.
These Terms are governed by the laws of Finland, excluding its regulations regarding the choice of law.
Any dispute relating to these Terms can be settled by the Consumer Disputes Board (for more information: kuluttajariita.fi) or the district court of Helsinki or the district court of your domicile.
Effective from 5 October 2020
By visiting our website nightingalehealth.com (the “Site”) you agree to the following Terms and Conditions. Please note that you must not use the Site, if you object to any of the following Terms and Conditions. These Terms and Conditions, including any legal notices and disclaimers contained on the Site, constitute the entire agreement between “Nightingale Health Plc” and you in relation to your use of the Site, and supersede all prior agreements and understandings with respect to the same.
This Site uses cookies. By using this Site and agreeing to these Terms and Conditions, you consent to our use of cookies as stated in our Cookie Policy.
Unless otherwise stated, Nightingale Health Plc owns the intellectual property rights of the Site and all of its published content. All material on the Site is subject to copyright protection (including but not limited to: corporate symbols, brand names, product names, trademarks, text, images and audio-visual elements), with all intellectual property rights reserved. Reproduction, transfer, distribution or storage (whether partial or full) of the content in any form, without our prior written permission, is prohibited, except in accordance with the following:
You are expressly restricted from:
Use of any external websites through links on the Site are subject to their own separate terms and conditions. We have no control over the contents or properties of such websites, and assume no liability for any matters arising out of your use of them. Unless specifically stated to the contrary, we do not endorse any website we link to, nor the owners, operators, contents or other related properties.
Certain areas of the Site may have restricted access. We may further restrict your access to any areas of the Site, at any time, in its sole and absolute discretion.
Any user ID and passwords you may have for the Site are confidential and you are responsible for maintaining the confidentiality of such information.
In these Terms and Conditions, “Your Content” shall mean any audio, video, text, images or other material you choose to display on the Site. With respect to Your Content, by displaying it you grant Nightingale Health Plc a non-exclusive, worldwide, irrevocable, royalty-free, sublicensable license, to use, reproduce, adapt, publish, translate and distribute it in any and all media. Your Content must be your own and must not be unlawful, unfit for publication, or infringing on any third-party’s rights. We reserve the right to remove any of Your Content from the Site at any time, for any reason, and without prior notice.
The Site is provided “as is,” and on an “as available” basis. Nightingale Health Plc makes no express or implied representations or warranties, of any kind related to the Site and its material.
Without prejudice Nightingale Health Plc does not warrant the following:
In no event shall Nightingale Health Plc, or any of its directors or employees, be liable to you for anything arising out of, or in any way connected with, your use or the inability to use this Site. We share no liability for any inaccuracies, delays, failures contained on the Site, or for any direct, indirect, consequential or special liability arising out of your use of it.
You hereby indemnify Nightingale Health Plc for any damage Nightingale Health Plc may incur and any third party claims against Nightingale Health Plc, in relation to the material you submit.
Nightingale Health Plc maintains a high level of protection of your privacy. We process your personal data in accordance with the applicable Finnish and European Union personal data legislation. We may need to collect personal data through the Site for the information services you need and for marketing, sales and business development purposes. You may at any time request us to correct, update or delete your personal data. We may transfer personal data only to our trusted partners and as required by the law or formalities of public authorities. More information about protecting personal data and information security can be found in our Privacy Policy.
If any provision of these Terms and Conditions is found to be unenforceable or invalid under law, such unenforceability or invalidity shall not render these Terms and Conditions unenforceable or invalid as a whole, and such provisions shall be deleted without affecting the remaining provisions herein.
We are permitted to revise these Terms and Conditions at any time as we see fit without prior notification.
We are permitted to assign, transfer, and subcontract our rights and/or obligations under these Terms and Conditions without any notification or consent required. However, you shall not be permitted to assign, transfer, or subcontract any of your rights and/or obligations under these Terms and Conditions.
These Terms and Conditions, including any legal notices and disclaimers contained on this Website, constitute the entire agreement between Nightingale Health Plc and you in relation to your use of this Website, and supersede all prior agreements and understandings with respect to the same.
These Terms and Conditions will be governed by and construed in accordance with the laws of Finland, without regard to the principles governing conflicts of any jurisdiction.
Nightingale Health Plc (the “Company”)
Business ID: 1750524-0
Address: Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email: privacy@nightingalehealth.com
If you have any questions relating to the processing of your personal data or if you wish to exercise your rights, please contact us by email or the postal address indicated above.
This Privacy Policy describes how we collect and use personal data of our customers, potential customers and other business contacts.
We mainly process personal data obtained directly from you. We may collect your personal data whenever you contact us, use our resources or visit our website nightingalehealth.com (the “Site”). In addition, your personal data may be collected and updated from other sources, such as websites of associated companies, private and public registers, and other service providers (e.g. Suomen Asiakastieto Oy).
We mainly process the following types of information:
We process your personal data mainly for the following purposes based on your consent, our legitimate interest (e.g. customer relationship management, business development and marketing), a performance of a contract with you, or a legal obligation:
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user.
Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
We do not disclose or sell data to third-parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose. However, we may share information with our external service providers who are obliged to process the data on our behalf and for the abovementioned purposes, mainly to maintain our IT, customer and marketing systems.
We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection, as required by the applicable data protection legislation.
Your personal data will be stored for the purposes mentioned above as long as:
However, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.
We regularly review the need for data storage and delete the data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.
You have the right, with the restrictions that follow from legislation, to:
To exercise your rights, requests must be made in writing to the email or the postal address indicated above. You may exercise your rights free of charge. However, we reserve the right to charge a reasonable fee in accordance with the applicable data protection legislation.
In addition, you always have the right to refuse the use of your personal data for opinion surveys, direct marketing and profiling in connection to such marketing. A refusal can be made at any time by using the email or postal address indicated above, or by unsubscribing from our mailing list by following the instructions included in our marketing emails.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.
If we make any changes to our Privacy Policy, the updated Privacy Policy can be found on our website with an indication of the amendment date. Please review this Privacy Policy from time to time to stay updated on any changes. If the changes are significant, we may also inform you about this by other means, for example by sending an email.
Last updated in September 2018.
This Privacy Policy describes how we collect and store personal data of our recruitment candidates for recruitment purposes.
We mainly collect and store information obtained directly from you. We do not collect data from any external sources (e.g. potential referees) without your prior consent, unless otherwise provided by law.
We mainly process the following information about you:
We collect personal information about you in the recruitment process to assess whether you could be a suitable candidate for an open position.
We process your personal data only for legitimate human resources and business management purposes based on your consent or request prior entering into an employment agreement, our legitimate interest (e.g. to comply with our employer obligations and to protect our legal position in the event of legal proceedings) or a legal obligation.
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user. If we need to process your personal data manually, it is stored in locked cabinets within office premises and protected by an access control system.
Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
We do not disclose your personal data to third-parties, unless disclosure is required by the law, formalities of public authorities (e.g. employment authorities), or for some other justified purpose. However, we may share your information with our employees and external service providers who are obliged to process the data on our behalf and for the abovementioned purpose, mainly to assist us in the recruitment process (e.g. Azets Insight Oy) or maintain our IT systems (e.g. cloud hosting and storage services).
We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.
We store your application and any other information you have provided to us until the recruitment process has been completed and for a one (1) year period thereafter. On your consent, your information can be stored for as long as we consider your application relevant to us, a maximum period of two (2) years, in order to consider your application to a further job opportunity. Thereafter, we may retain a minimum amount of your personal data to record your recruiting activity with us.
In addition, we may retain your personal data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.
We regularly review the need for data storage and delete data no longer necessary for the abovementioned purposes in a secure manner, taking into account the applicable legislation.
You have the right, with the restrictions that follow from legislation, to:
In addition, you have the right to refuse the use of your personal data for direct marketing and profiling in connection to such marketing any time. We do not make any recruiting or hiring decisions based solely on automated decision-making.
To exercise your rights, please send your request in writing to the email or the postal address indicated above.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.
This Privacy Policy describes how Nightingale Health Plc (the “Company”) collects and stores personal data of the Company’s managers (members of the Board of Directors, CEO and members of the Management Team) and their closely associated persons as required by the Market Abuse Regulation ((EU) 596/2014, “MAR”).
Nightingale Health Plc
Business ID: 1750524-0
Address: Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email: privacy@nightingalehealth.com
We collect the data from the managers and/or their closely associated persons, and public sources of information.
We collect the following information:
We collect personal data about managers and their closely associated persons in order to comply with the obligations set forth in the MAR. According to MAR, the company is obliged to draw up a list of all persons discharging managerial responsibilities and persons closely associated with them. The company is also obliged to publish the transaction notifications received from a manager or a closely associated person as a company release.
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Our personnel are trained on appropriate information security practices covering necessary security and safety matters, such as ensuring the confidentiality of personal data and preventing exposure of personal data to non-authorized persons. Only authorized employees of the Company (or other companies working on our behalf), who need your personal data to perform their job duties, have access to and the right to process your personal data in our system. Access to the system requires the use of a personal username and password for each user. If we need to process your personal data manually, it is stored in locked cabinets within office premises and protected by an access control system.
Whenever we process your personal data we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems and your personal data are secure and protected.
We do not disclose data to third-parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose. However, we may share information with our external service providers who are obliged to process the data on our behalf and for the above mentioned purposes, mainly to maintain our IT systems.
Based on legislation, we may be obliged to disclose the data e.g. to the supervisory authorities, such as the Finnish Financial Supervisory Authority. Under MAR, the company is obliged to publish the transaction notifications received from a manager or a closely associated person as a company release.
We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.
Data is stored as long as necessary to comply with the laws and regulations (such as MAR) and rules and guidelines of authorities applicable to the Company’s operations.
In addition, we may retain the data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.
You have the right, with the restrictions that follow from legislation, to:
To exercise your rights, please send your request in writing to the email or the postal address indicated above.
If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority.
Last updated 16 June 2021
Nightingale Health Plc (business ID 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email of the Data Protection Officer: privacy@nightingalehealth.com
The register has been set up for My Nightingale -service (the “Service”) provided by Nightingale Health Plc. We process your data for the following purposes:
The processing of the personal data is based on laws and regulations, such as:
as well as a consent, an agreement and a legitimate interest of Nightingale Health Plc (incl. planning and reporting our operations, marketing and collection).
We are processing the following personal data:
Basic information:
Health data necessary for the Service:
Data related to the customer history:
The personal data stored in the register is primarily collected from you and the blood sample you have given. Information can be updated from public registers, such as the Population Register.
Your health data is confidential. Persons processing the health data are bound by confidentiality obligation. Health data can be disclosed with a customer’s written consent or as provided by law. A consent to disclose health data can be restricted or withdrawn at any time.
Based on legislation, we have either the right or the obligation to disclose data e.g. to the supervisory authorities, such as Regional State Administrative Agencies, Office of the Data Protection Ombudsman, National Supervisory Authority for Welfare and Health, municipalities’ social welfare authorities, and judicial authorities.
We use external service providers to manage our IT, marketing, patient data, and customer information systems. We conclude data processing agreements with all service providers and require them to process personal data only to the extent necessary to provide such service.
We do not transfer your patient data outside the EU or the EEA. However, our external service providers may process your other personal data outside the EU or the EEA. In that case, we will provide adequate and appropriate safeguards in accordance with the applicable data protection legislation.
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485, Information Security Management System certified according to ISO/EIC 27001:2013 and the data protection legislation applicable to our operations. We apply the appropriate physical, technical, and administrative safeguards to protect data from misuse. These safeguards include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to the personnel participating in the personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Personal data are processed only by those persons, who need the personal data to perform their job duties. Confidential patient data and records are stored in a patient data system, to which access rights are granted based on the role described in the employees’ job description. Manual material is archived in a locked area accessible only to restricted persons according to EN ISO 13485 Quality Management System.
Material on a paper format is stored in a locked area accessible only to persons who are processing such matters or documents.
To ensure the implementation of data protection, we conclude data processing agreements with our subcontractors who are processing personal data on our behalf.
Patient data are retained for as long as necessary, subject to compliance with the retention periods stipulated by the applicable laws and regulations (such as the Act on the Status and Rights of Patients and the Decree of the Ministry of Social Affairs and Health on Patient Records). As a rule, the retention period is 12 years from the patient’s death, or, if such information is not available, 120 years from the patient’s birth. After the measurement, the blood samples are stored for three months for quality control purposes, after which they are either anonymized or disposed of according to the process of EN ISO 13485 Quality Management System. Otherwise, the personal data are retained for as long as necessary for the purposes mentioned in section 2, after which they are either deleted or anonymized.
As a data subject, you have the following rights with the restrictions that follow from legislation:
You may exercise your rights by submitting a free-form written request by email or letter to the addresses mentioned in section 1 above. The requests are always processed on a case-by-case basis.
In addition, you have a right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU General Data Protection Regulation.
Päivitetty 16.6.2021
Nightingale Health Oyj (y-tunnus 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Puh. +358 20 730 1810
Tietosuojavastaavan sähköposti: privacy@nightingalehealth.com
Rekisteri on perustettu Nightingale Health Oyj:n tarjoamaa My Nightingale -palvelua varten (”Palvelu”). Käsittelemme tietojasi seuraaviin käyttötarkoituksiin:
Henkilötietojen käsittely perustuu lakeihin ja asetuksiin, kuten:
sekä suostumukseen, sopimukseen ja Nightingale Health Oyj:n oikeutettuun etuun (ml. toiminnan suunnittelu ja raportointi, markkinointi ja perintä).
Käsittelemme seuraavia henkilötietoja:
Perustiedot:
Palvelua varten tarvittavat terveystiedot:
Asiakashistoriaan liittyvät tiedot:
Rekisteriin tallennettavat henkilötiedot kerätään ensisijaisesti sinulta itseltäsi ja antamastasi verinäytteestä. Tietoja voidaan päivittää julkisista rekistereistä kuten väestörekisteristä.
Terveystiedot ovat salassa pidettäviä. Tietoja käsittelevillä on salassapito- ja vaitiolovelvollisuus. Terveystietoja voidaan luovuttaa asiakkaan kirjallisella suostumuksella tai laissa säädetyn mukaisesti. Suostumusta tietojen luovuttamiseen voi milloin tahansa rajata tai peruuttaa kokonaan.
Lainsäädännön perusteella meillä on joko oikeus tai velvollisuus luovuttaa tietoja esim. seuraaville tahoille:
Käytämme ulkopuolisia palveluntarjoajia IT- ja markkinointijärjestelmien, potilastietojärjestelmän sekä asiakastietojärjestelmän hallintaan. Solmimme kaikkien palveluntarjoajien kanssa sopimuksen henkilötietojen käsittelystä ja edellytämme yhteistyökumppaneidemme käsittelevän henkilötietoja vain siinä määrin kuin se on tarpeen ko. palvelun tuottamiseksi.
Emme siirrä potilastietojasi EU:n tai ETA-alueen ulkopuolelle. Ulkopuoliset palveluntarjoajamme voivat kuitenkin käsitellä muita henkilötietojasi EU:n tai ETA-alueen ulkopuolella. Siinä tapauksessa huolehdimme riittävistä ja asianmukaisista suojatoimista soveltuvan tietosuojalainsäädännön mukaisesti.
Sisäinen organisaatiomme on rakennettu vastaamaan EN ISO 13485 sertifioidun laatujärjestelmämme ja ISO/IEC 27001:2013 sertifioidun tietoturvallisuuden hallintajärjestelmämme vaatimuksia ja toimintaamme sovellettavaa tietosuojalainsäädäntöä. Käytämme asianmukaisia fyysisiä, teknisiä ja hallinnollisia suojakeinoja tietojen suojaamiseksi väärinkäytöksiltä. Tällaisia keinoja ovat mm. tietoverkkoliikenteen kontrollointi ja suodattaminen, salaustekniikoiden, turvallisten laitetilojen käyttö, asianmukainen kulunvalvonta, hallittu käyttöoikeuksien myöntäminen ja niiden käytön valvonta, henkilötietojen käsittelyyn osallistuvan henkilöstön ohjeistaminen sekä palvelujemme suunnittelussa, toteuttamisessa ja ylläpidossa tapahtuva riskienhallinta. Henkilötietoja käsittelevät ainoastaan sellaiset henkilöt, joille se on työtehtävien hoitamisen vuoksi tarpeellista. Salassa pidettävien potilastietojen ja asiakirjojen säilytykseen käytetään potilastietojärjestelmää, johon myönnetään oikeudet roolipohjaisesti työtehtävien perusteella. Manuaalinen aineisto arkistoidaan lukittuun tilaan, johon on pääsy vain EN ISO 13485 laatujärjestelmän mukaisesti rajatuilla henkilöillä.
Paperimuodossa oleva aineisto säilytetään lukituissa tiloissa, joihin on pääsy vain ko. asioita tai asiakirjoja käsittelevillä henkilöillä.
Varmistamme meidän lukuumme henkilötietoja käsittelevien alihankkijoiden kanssa tehtävillä tietojenkäsittelysopimuksilla tietosuojan toteutumisen.
Potilastietoja säilytetään niin kauan kuin on tarpeen ottaen huomioon laista ja asetuksista (kuten laki potilaan asemasta ja oikeuksista sekä sosiaali- ja terveysministeriön asetus potilasasiakirjoista) noudatettavaksi tulevat säilytysajat. Säilytysaika on pääsääntöisesti 12 vuotta potilaan kuolemasta tai, jos siitä ei ole tietoa, 120 vuotta potilaan syntymästä. Verinäytteet säilytetään laadunvalvontatarkoitusta varten kolme kuukautta mittauksesta, jonka jälkeen verinäytteet joko anonymisoidaan tai hävitetään EN ISO 13485 laatujärjestelmän prosessia noudattaen. Muilta osin henkilötietoja säilytetään niin kauan kuin se on tarpeellista edellä kohdassa 2 mainittujen käyttötarkoituksien toteuttamiseksi, minkä jälkeen ne joko poistetaan tai anonymisoidaan.
Rekisteröitynä sinulla on seuraavat oikeudet tietyin lainsäädännöstä johtuvin rajoituksin:
Voit käyttää oikeuksiasi toimittamalla vapaamuotoisen kirjallisen tietopyynnön ja/tai vaatimuksen, joka käsitellään aina tapauskohtaisesti, sähköpostitse tai kirjeitse edellä kohdassa 1 mainittuihin osoitteisiin.
Lisäksi sinulla on oikeus tehdä valitus valvontaviranomaiselle, erityisesti siinä EU-jäsenvaltiossa, jossa vakinainen asuinpaikkasi tai työpaikkasi on taikka jossa väitetty rikkominen on tapahtunut, jos katsot, että sinua koskevien henkilötietojen käsittelyssä rikotaan EU:n tietosuoja-asetusta.
Nightingale Health Plc (business ID 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Phone: +358 20 730 1810
Email of the Data Protection Officer: privacy@nightingalehealth.com
The register has been set up for Nightingale Covid Risk -service (the “Service”) provided by Nightingale Health Plc. We process your data for the following purposes:
The processing of the personal data is based on laws and regulations, such as:
as well as a consent, an agreement and a legitimate interest of Nightingale Health Plc (incl. planning and reporting our operations, marketing and collection).
We are processing the following personal data:
Basic information:
Health data necessary for the Service:
Data related to the customer history:
The personal data stored in the register is primarily collected from you and the blood sample you have given. Information can be updated from public registers, such as the Population Register.
Your health data is confidential. Persons processing the health data are bound by confidentiality obligation. Health data can be disclosed with a customer’s written consent or as provided by law. A consent to disclose health data can be restricted or withdrawn at any time.
Based on legislation, we have either the right or the obligation to disclose data e.g. to the supervisory authorities, such as Regional State Administrative Agencies, Office of the Data Protection Ombudsman, National Supervisory Authority for Welfare and Health, municipalities’ social welfare authorities, and judicial authorities.
We use external service providers to manage our IT, marketing, patient data, and customer information systems. We conclude data processing agreements with all service providers and require them to process personal data only to the extent necessary to provide such service.
We do not transfer your patient data outside the EU or the EEA. However, our external service providers may process your other personal data outside the EU or the EEA. In that case, we will provide adequate and appropriate safeguards in accordance with the applicable data protection legislation.
Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We apply the appropriate physical, technical and administrative safeguards to protect data from misuse. These safeguards include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to the personnel participating in the personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Personal data are processed only by those persons, who need the personal data to perform their job duties. Material on a paper format is stored in a locked area accessible only to persons who are processing such matters or documents.
Confidential patient data and records are stored in a patient data system, to which access rights are granted based on the role described in the employees’ job description. Manual material is archived in a locked area accessible only to restricted persons according to EN ISO 13485 Quality Management System.
To ensure the implementation of data protection, we conclude data processing agreements with our subcontractors who are processing personal data on our behalf.
Patient data are retained for as long as necessary, subject to compliance with the retention periods stipulated by the applicable laws and regulations (such as the Act on the Status and Rights of Patients and the Decree of the Ministry of Social Affairs and Health on Patient Records). As a rule, the retention period is 12 years from the patient’s death, or, if such information is not available, 120 years from the patient’s birth. After the measurement, the blood samples are stored for three months for quality control purposes, after which they are either anonymized or disposed of according to the process of EN ISO 13485 Quality Management System. Otherwise, the personal data are retained for as long as necessary for the purposes mentioned in section 2, after which they are either deleted or anonymized.
As a data subject, you have the following rights with the restrictions that follow from legislation:
You may exercise your rights by submitting a free-form written request by email or letter to the addresses mentioned in section 1 above. The requests are always processed on a case-by-case basis.
In addition, you have a right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the EU General Data Protection Regulation.
Effective from 5 October 2020
Nightingale Health Oyj (y-tunnus 1750524-0)
Mannerheimintie 164a, 00300 Helsinki
Puh. +358 20 730 1810
Tietosuojavastaavan sähköposti: privacy@nightingalehealth.com
Rekisteri on perustettu Nightingale Health Oyj:n tarjoamaa Nightingale Covid Risk -palvelua varten (”Palvelu”). Käsittelemme tietojasi seuraaviin käyttötarkoituksiin:
Henkilötietojen käsittely perustuu lakeihin ja asetuksiin, kuten:
sekä suostumukseen, sopimukseen ja Nightingale Health Oyj:n oikeutettuun etuun (ml. toiminnan suunnittelu ja raportointi, markkinointi ja perintä).
Käsittelemme seuraavia henkilötietoja:
Perustiedot:
Palvelua varten tarvittavat terveystiedot:
Asiakashistoriaan liittyvät tiedot:
Rekisteriin tallennettavat henkilötiedot kerätään ensisijaisesti sinulta itseltäsi ja antamastasi verinäytteestä. Tietoja voidaan päivittää julkisista rekistereistä kuten väestörekisteristä.
Terveystiedot ovat salassa pidettäviä. Tietoja käsittelevillä on salassapito- ja vaitiolovelvollisuus. Terveystietoja voidaan luovuttaa asiakkaan kirjallisella suostumuksella tai laissa säädetyn mukaisesti. Suostumusta tietojen luovuttamiseen voi milloin tahansa rajata tai peruuttaa kokonaan.
Lainsäädännön perusteella meillä on joko oikeus tai velvollisuus luovuttaa tietoja esim. seuraaville tahoille:
Käytämme ulkopuolisia palveluntarjoajia IT- ja markkinointijärjestelmien, potilastietojärjestelmän sekä asiakastietojärjestelmän hallintaan. Solmimme kaikkien palveluntarjoajien kanssa sopimuksen henkilötietojen käsittelystä ja edellytämme yhteistyökumppaneidemme käsittelevän henkilötietoja vain siinä määrin kuin se on tarpeen ko. palvelun tuottamiseksi.
Emme siirrä potilastietojasi EU:n tai ETA-alueen ulkopuolelle. Ulkopuoliset palveluntarjoajamme voivat kuitenkin käsitellä muita henkilötietojasi EU:n tai ETA-alueen ulkopuolella. Siinä tapauksessa huolehdimme riittävistä ja asianmukaisista suojatoimista soveltuvan tietosuojalainsäädännön mukaisesti.
Sisäinen organisaatiomme on rakennettu vastaamaan EN ISO 13485 sertifioidun laatujärjestelmämme vaatimuksia ja toimintaamme sovellettavaa tietosuojalainsäädäntöä. Käytämme asianmukaisia fyysisiä, teknisiä ja hallinnollisia suojakeinoja tietojen suojaamiseksi väärinkäytöksiltä. Tällaisia keinoja ovat mm. tietoverkkoliikenteen kontrollointi ja suodattaminen, salaustekniikoiden, turvallisten laitetilojen käyttö, asianmukainen kulunvalvonta, hallittu käyttöoikeuksien myöntäminen ja niiden käytön valvonta, henkilötietojen käsittelyyn osallistuvan henkilöstön ohjeistaminen sekä palvelujemme suunnittelussa, toteuttamisessa ja ylläpidossa tapahtuva riskienhallinta. Henkilötietoja käsittelevät ainoastaan sellaiset henkilöt, joille se on työtehtävien hoitamisen vuoksi tarpeellista. Paperimuodossa oleva aineisto säilytetään lukituissa tiloissa, joihin on pääsy vain ko. asioita tai asiakirjoja käsittelevillä henkilöillä.
Salassa pidettävien potilastietojen ja asiakirjojen säilytykseen käytetään potilastietojärjestelmää, johon myönnetään oikeudet roolipohjaisesti työtehtävien perusteella. Manuaalinen aineisto arkistoidaan lukittuun tilaan, johon on pääsy vain EN ISO 13485 laatujärjestelmän mukaisesti rajatuilla henkilöillä.
Varmistamme meidän lukuumme henkilötietoja käsittelevien alihankkijoiden kanssa tehtävillä tietojenkäsittelysopimuksilla tietosuojan toteutumisen.
Potilastietoja säilytetään niin kauan kuin on tarpeen ottaen huomioon laista ja asetuksista (kuten laki potilaan asemasta ja oikeuksista sekä sosiaali- ja terveysministeriön asetus potilasasiakirjoista) noudatettavaksi tulevat säilytysajat. Säilytysaika on pääsääntöisesti 12 vuotta potilaan kuolemasta tai, jos siitä ei ole tietoa, 120 vuotta potilaan syntymästä. Verinäytteet säilytetään laadunvalvontatarkoitusta varten kolme kuukautta mittauksesta, jonka jälkeen verinäytteet joko anonymisoidaan tai hävitetään EN ISO 13485 laatujärjestelmän prosessia noudattaen. Muilta osin henkilötietoja säilytetään niin kauan kuin se on tarpeellista edellä kohdassa 2 mainittujen käyttötarkoituksien toteuttamiseksi, minkä jälkeen ne joko poistetaan tai anonymisoidaan.
Rekisteröitynä sinulla on seuraavat oikeudet:
Voit käyttää oikeuksiasi toimittamalla vapaamuotoisen kirjallisen tietopyynnön ja/tai vaatimuksen, joka käsitellään aina tapauskohtaisesti, sähköpostitse tai kirjeitse edellä kohdassa 1 mainittuihin osoitteisiin.
Lisäksi sinulla on oikeus tehdä valitus valvontaviranomaiselle, erityisesti siinä EU-jäsenvaltiossa, jossa vakinainen asuinpaikkasi tai työpaikkasi on taikka jossa väitetty rikkominen on tapahtunut, jos katsot, että sinua koskevien henkilötietojen käsittelyssä rikotaan EU:n tietosuoja-asetusta.
As is common practice with almost all professional websites, nightingalehealth.com (the “Site”) uses cookies and similar technologies (collectively referred as “Cookies”). Cookies are small files that are downloaded to your device in order to improve your experience whenever you visit us. Cookies may also be used in the mobile apps included in our services to improve the services we provide to you.
We store Cookies on your device if they are strictly necessary for the operation of this Site or the mobile app. With your consent, we may also use other types of Cookies to personalise content and advertisements and to analyse our traffic. We share information about your use of our Site with our social media, advertising and analytics partners, who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services.
How long are Cookies retained on your device?
Cookies can either be session Cookies (they last only until you close your browser) or persistent (they remain on your computer or device until you delete them). Session Cookies are usually used to remember relevant settings of your browsing session. Persistent Cookies may typically be used for targeted advertising and gaining insight on how you use our Site.
We use both session and persistent Cookies. Persistent Cookies are stored on your hard drive in between browser sessions until you delete them or they reach their expiry date as set forth in our Cookie declaration. You can at any time change or withdraw your consent.
You can find more information about Cookies used on this Site (Cookie declaration) and check your current state and change your consent here.
Third-party Cookies
Third-party Cookies are Cookies set by someone other than us for purposes such as collecting information on user behaviour, demographics, or personalized marketing. When using our Site, you may encounter embedded content or you may be directed to other websites for such activities as making a payment. These websites and embedded content may use their own Cookies. We do not have control over the placement of Cookies by other websites, even if you are directed to them from our Site.
This Site uses Google Analytics, a third-party web analytics service. Occasionally we may also use the data collected by Google Analytics to produce browser-specifically targeted advertising provided by Google Ads.
Google’s Privacy Policy is available at: http://www.google.com/intl/en/policies/privacy/
In addition, we use Leadfeeder to further refine the data collected by Google Analytics.
Leadfeeder’s Privacy Policy is available at: https://www.leadfeeder.com/privacy/
When you subscribe to our newsletter, MailChimp (The Rocket Science Group, LLC), which we use to manage our newsletter subscriber lists and send emails to our subscribers, may collect information about your device and interaction with an email by using Cookies.
MailChimp’s privacy policy is available at: https://mailchimp.com/legal/privacy/
To provide answers for frequently asked questions on the My Nightingale service FAQ page, we use Intercom. In addition, we may use Intercom to communicate with you and answer your questions about the My Nightingale service on the FAQ page.
You can find Intercom’s Privacy Policy at: https://www.intercom.com/terms-and-policies#privacy
To process payments as part of the purchasing process for the My Nightingale service, we use Stripe.
You can find Stripe’s Privacy Policy at: https://stripe.com/en-fi/privacy
To ensure the mobile apps included in our services work properly, we use Sentry for crash analytics purposes. In case of an error, crash, performance and product interaction data, user and device id, email address, and information on the device used may be collected to track and solve errors in the use of the mobile apps.
You can find Sentry’s Privacy Policy at: https://sentry.io/legal/privacy/2.2.1/
Learn more about how we process personal data in our Privacy Policy. If you are looking for further information, or have any questions about Cookies, please don’t hesitate to contact us via email.