<img alt="" src="https://secure.plan2twin.com/219004.png" style="display:none;">

Privacy notice

Privacy Notice for Nordhealth Finland Oy’s customers and prospects
Drafted on: 18.08.2025

1. Controller

Nordhealth Finland Oy (1733917-4)
Bulevardi 21, 00180 Helsinki, Finland
tel. +358 19 425 1610 (hereafter ”we”)

2. Contact person for register matters

If you have any questions regarding this Privacy Notice or the processing of your personal data, please contact:

Nordhealth DPO
Hevosenkenkä 3, 02600 Espoo, Finland
dpo@nordhealth.com

3. What is the purpose and the legal basis of processing personal data?

The purposes of processing personal data are:
  • the delivery and development of our products and services,
  • fulfilling our contractual and other promises and obligations,
  • taking care of the customer relationship,
  • analyzing and profiling the behavior of a customer or other data subject,
  • electronic direct marketing and
  • targeting advertising in our and others’ online services. The basis of processing personal data is our legitimate interest based on customer relationship and/or other relevant connection, to perform a contract and consent.

The basis of processing personal data is our legitimate interest based on customer relationship and/or other relevant connection, to perform a contract and, where applicable, your consent.

4. What data do we process?

We process the following personal data of our customers or other data subjects, such as the participants of our trainings, in connection with the customer register:
  • basic information of the data subject* such as name, customer number, username and/or other identifier, password and preferred language;
  • contact information of the data subject* such as email address, phone number, address;
  • information of company and company’s contact persons such as business ID, names and contact details of the contact persons;
  • possible prohibitions and consents of direct marketing;
  • information of the participants of events and possible information regarding the event, such as special diets;
  • information regarding the customer relationship and the contract such as past and current contracts and orders, user profile formed based on the customer relationship, call recordings, correspondence with the customer/data subject and other contacts, cookies and data related to using them;
  • other possible information gathered with data subject’s consent. Providing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without the necessary information we are not able to provide the product and/or service.

Providing data marked with an asterisk* is required for us to maintain a contractual and/or customer relationship. Without this information, we may not be able to provide our products or services.

AI Assistant (Optional Feature)

Our service includes an optional, paid AI-powered assistant feature. The assistant is not intended to collect or store personal data, but personal data may be processed for example if mentioned during discussions or included in transcripts when the feature is in use. The AI assistant is only activated if you order and enable the feature. Use of the AI assistant is subject to separate terms, and the relevant service providers are listed on our Third Party Data Processors.

5. Where do we receive the data from?

Our primary source is information that you submit as a customer. For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means. To collect anonymous visitor data, we use the following tools and services:

Google Analytics (with IP anonymization enabled)
Learn more

Hotjar 
Learn more

6. To whom do we disclose data, and do we transfer data outside the EU or the EEA?

We do not sell or share your personal data with unaffiliated third parties. However, we may use trusted service providers (subcontractors) to process personal data on our behalf.
Some of these service providers may be located outside the EU/EEA. In such cases, we ensure appropriate safeguards are in place, such as the EU Commission’s Standard Contractual Clauses.

7. Retention of Data 

We retain personal data only as long as necessary to fulfill the purposes described in this Privacy Notice, or as required by law (e.g. accounting and tax obligations). After this period, personal data will be securely deleted or anonymized.

8. What are your rights as a data subject?

You have the following rights regarding your personal data:
  • Access – to request a copy of your personal data and information about how we process it.
  • Rectification – to have inaccurate or incomplete personal data corrected.
  • Erasure – to request deletion of your personal data, where there is no legal reason for us to keep it.
  • Restriction of processing – to limit how we process your personal data in certain situations.
  • Data portability – to receive your personal data in a structured, commonly used format and transfer it to another organisation.
  • Objection – to object to processing based on our legitimate interests or for direct marketing purposes.
  • Withdraw consent – where processing is based on your consent, you may withdraw it at any time.

You also have the right to lodge a complaint with your local data protection authority. If you object to processing based on our legitimate interests, please explain your situation; we may refuse only if we have legal grounds.

9. Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to the person mentioned in section two (2).