Privacy & Terms

This is the Privacy Notice of Nordhealth Oy in line with the EU’s General Data Protection Regulation (GDPR). Last modified on April 13th 2021.

Data Controller

Nordhealth Oy, 2162673-1
Virkkalantie 21
08700 Lohja
tel. +358 19 425 1610

Contact person

Matti Saarelainen
Tekniikantie 12
02150 Espoo

Name of the register

Nordhealth Oy’s customer and prospect register.

The legal basis and purpose of processing personal data

The legal basis for the processing of personal data in accordance with the GDPR is the legitimate interest of the data controller. Personal data is processed for the implementation of the agreement between the controller and the data subject and for the management of the customer relationship. Data is not used for automated decision making or profiling.

The data content

Data that can be used include a name, email address, phone number, and company’s/organization’s name, address and identification details.

Personal data is retained as long as the customer relationship exists. Personal data may also be retained longer if the applicable law or contractual obligations for third parties require longer retention periods. The data is deleted when the retention period defined above has expired.

Regular sources of data

The data stored in the system is obtained from the customer e.g. in emails, phone calls, contracts, customer meetings, and other cases where the customer submits their information.

Regular transfer of data and the transfer of data outside the EU or EEA

The data in the register is not disclosed to third parties. The register and the controller’s system are located within the EU, but the controller also has the right to transfer personal data outside the European Union or the European Economic Area in accordance with data protection legislation for the purpose of providing the service.

Principles of data protection

The data is technically protected. Access to the data requires adequate rights. Unauthorized access is also prevented by firewalls and technical protection. Only designated persons have the right to process and maintain the data. Users are bound by professional secrecy. The information system is backed up safely and can be restored as needed. Security checks are carried out on a regular basis.

Rights of the data subject

The data subject has the right to check what information there is on them in the register. The request must be made in writing to the data controller. The data controller may, if necessary, request the data subject to prove their identity. The data controller responds to the request within the time limit set by the GDPR (mainly within a month). The data subject has the right to amend any incorrect information and the right to make a complaint about the processing of personal data to the supervisory authority (contact information of the Finnish Data Protection Supervisor can be found at