Privacy notice
Privacy Notice for Nordhealth Oy’s customers and prospects
Drafted on: 05.06.2021
1. Controller
Nordhealth Oy (2162673-1)
Virkkalantie 21 08700 Lohja Finland
tel. +358 19 425 1610 (hereafter ”we”)
2. Contact person for register matters
Nordhealth DPO
Tekniikantie 12 02150 Espoo Finland
dpo@nordhealth.com
3. What is the purpose and the legal basis of processing personal data?
The purposes of processing personal data are:- the delivery and development of our products and services,
- fulfilling our contractual and other promises and obligations,
- taking care of the customer relationship,
- analyzing and profiling the behavior of a customer or other data subject,
- electronic direct marketing and
- targeting advertising in our and others’ online services. The basis of processing personal data is our legitimate interest based on customer relationship and/or other relevant connection, to perform a contract and consent.
4. What data do we process?
We process the following personal data of our customers or other data subjects, such as the participants of our trainings, in connection with the customer register:- basic information of the data subject* such as name, customer number, username and/or other identifier, password and preferred language;
- contact information of the data subject* such as email address, phone number, address;
- information of company and company’s contact persons such as business ID, names and contact details of the contact persons;
- possible prohibitions and consents of direct marketing;
- information of the participants of events and possible information regarding the event, such as special diets;
- information regarding the customer relationship and the contract such as past and current contracts and orders, user profile formed based on the customer relationship, call recordings, correspondence with the customer/data subject and other contacts, cookies and data related to using them;
- other possible information gathered with data subject’s consent. Providing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without the necessary information we are not able to provide the product and/or service.
5. Where do we receive the data from?
Our primary source is information that you submit as a customer. For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means. To collect anonymous visitor data, we use the following tools and services:
Google Analytics – Learn more at:
https://analytics.google.com/analytics/web/
Hotjar – Learn more at:
https://www.hotjar.com
6. To whom do we disclose data, and do we transfer data outside the EU or the EEA?
We don’t disclose data from the register to external parties. We use subcontractors that process personal data on our behalf. We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses.
7. What are your rights as a data subject?
You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.
On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.
8. Who can you be in contact with?
All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).