This is Privacy Notice for Nordhealth Oy’s customers and prospects. Last modified on June 5th, 2021.
Nordhealth Oy (2162673-1)
08700 Lohja, Finland
tel. +358 19 425 1610
02150 Espoo, Finland
The purposes of processing personal data are:
The basis of processing personal data is our legitimate interest based on customer relationship and/or other relevant connection, to perform a contract and consent.
We process the following personal data of our customers or other data subjects, such as the participants of our trainings, in connection with the customer register:
Providing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without the necessary information we are not able to provide the product and/or service.
Our primary source is information that you submit as a customer.
For the purposes described in this privacy notice, personal data may also be collected and updated from publicly available sources and based on information received from the authorities or other third parties within the limits of the applicable laws and regulations. Such updating of data is performed manually or by automated means.
We don’t disclose data from the register to external parties.
We use subcontractors that process personal data on our behalf.
We transfer personal data outside the EU/EEA. When personal data is processed outside the EU/EEA, we make sure that the subcontractor has committed to use the EU Commission’s standard contractual clauses.
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use the system containing personal data. The data is technically protected. Access to the data requires adequate rights. Unauthorized access is also prevented by firewalls and technical protection. Only designated persons have the right to process and maintain the data. Users are bound by professional secrecy. The information system is backed up safely and can be restored as needed. Security checks are carried out on a regular basis.
We store the data for the duration of the customer relationship and as required by applicable legislation.
We assess the need for data storage regularly, taking into account the applicable legislation. In addition, we take care of such reasonable actions that ensure no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
You have the right to inspect the personal data stored in the register concerning yourself and the right to demand rectification or erasure of the data. If you have access to your data, you may edit the data yourself. Insofar as the processing is based on consent, you also have the right to withdraw or change your consent. Withdrawing your consent does not affect the lawfulness of processing before the withdrawal of the consent.
You have the right to object or to demand restriction of the processing of your data and to lodge a complaint with the supervisory authority.
On grounds relating to your particular situation you also have the right to object other processing activities when the legal basis of processing is legitimate interest. In connection with your request, you shall identify the specific situation, based on which you object to the processing. We can refuse the request of objection only on legal grounds.