This Privacy Policy describes how Nightingale Health Plc (the “Company”) collects and stores personal data of the Company’s managers, such as members of the Board of Directors, CEO and members of the Management Team (persons discharging managerial responsibilities, in short “PDMRs”) and their closely associated persons as required by the Market Abuse Regulation ((EU) 596/2014, “MAR”) and IAS 24 standard (“IAS”).

Controller and contact details

Nightingale Health Plc (“Company”) 
Business ID: 1750524-0 
Address: Mannerheimintie 164a, 00300 Helsinki 
Phone: +358 20 730 1810 
Email: privacy@nightingalehealth.com 

The information we collect

We collect the data from the PMDRs and/or their closely associated persons as well as from public sources of information.

We collect the following information:

  • name;
  • the grounds for the disclosure obligation, i.e. status as a PDMR at the Company/the relationship between the closely associated person and the PDMR;
  • date of birth (if a natural person) / Business ID (if a legal person);
  • contact information (phone number and email address);
  • starting date of status as a PDMR or closely associated person and
  • transaction notifications received from a PDMR or closely associated person, including any further information requested, if necessary.

Why we collect your data and legal basis for our processing

We collect personal data about PDMRs and their closely associated persons to comply with the obligations set forth in the MAR and IAS 24 standard. Therefore, the legal basis for processing is the Company’s legal obligation.

According to MAR, the Company is obliged to draw up a list of all PDMRs and any persons closely associated with them. The Company is also obliged to publish the transaction notifications received from a PDMR or a closely associated person as a company release. These obligations are related to market integrity and insider dealing prevention.

According to IAS 24 standard, the company is obligated to report on PDMRs’ and closely associated persons’ transactions with the Company. This includes financial transactions as in MAR, but also other types of transactions, such as loans to the Company from PDMRs. The IAS obligations relate to transparent financial reporting.

How we protect your personal data

Our internal organization is structured to meet the requirements of our Quality Management System certified according to EN ISO 13485 and the data protection legislation applicable to our operations. We have implemented appropriate technical and organizational measures to secure your personal data from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Whenever we process your personal data, we honor and take account of your privacy rights under the applicable data protection legislation. As a part of our Quality Management System, we regularly check our security policies and procedures to ensure our systems, and your personal data are secure and protected.

Disclosures of personal data

We do not disclose data to third parties, unless disclosure is required by the law, formalities of public authorities, or for some other justified purpose.

However, we may share information with our external service providers who are obliged to process the data on our behalf and for the above-mentioned purposes, mainly to collect, manage, maintain and update information on PDMRs, closely associated persons and any transactions berformed by them.

Based on legislation, we may be obliged to disclose the data e.g. to the supervisory authorities, such as the Finnish Financial Supervisory Authority. Under MAR, the company is obliged to publish the transaction notifications received from a PDMR or a closely associated person as a company release. Information on relevant IAS-related transactions is published in the Company’s financial statements.

Transfers of personal data outside of the EU/EEA

We do not transfer your personal data outside of the EU/EEA area. However, some of our external service providers or servers used may be located (or store data) outside of the EU/EEA. In these cases, we will ensure that your personal data is subject to an adequate level of protection as required by the applicable data protection legislation.

How long we store your personal data

Data is stored as long as necessary to comply with the laws and regulations (such as MAR and applicable financial reporting regulation) and rules and guidelines of authorities applicable to the Company’s operations.

When personal data is no longer needed for the above-mentioned purposes, we may retain the data for a longer period to the extent required by our automated backup system or if deemed necessary for the establishment, exercise or defense of legal claims.

What are your rights and how to exercise them

You have the right, with the restrictions that follow from legislation, to:

  • receive information on what personal data we process about you and request a copy of this data;
  • request that we make corrections to any incorrect or incomplete personal data about you in our records;
  • request that we restrict the processing of your personal data only to storage, e.g. if you contest the correctness of the data or the lawfulness of the processing.

To exercise your rights, please send your request in writing to the email or the postal address indicated above. If you consider that the processing of your personal data infringes the applicable data protection legislation, you have also the right to lodge a complaint with a supervisory authority here https://tietosuoja.fi/en/home.