Privacy notice

This is the Privacy Notice of Nordhealth Finland Oy in line with the EU’s General Data Protection Regulation (GDPR).

Last modified on May 25th 2021.

Data Controller
Nordhealth Finland Oy
Tekniikantie 12
02150 Espoo
puh. +358 19 425 1610
Business ID: 1733917-4

Contact person
Matti Saarelainen
Tekniikantie 12
02150 Espoo

Name of the register
Navisec Health’s customer and prospect register.

The legal basis and purpose of processing personal data
In terms of marketing, the legal basis for processing personal data is the legitimate interest of the controller and, for the management of the customer relationship, the implementation of the agreement between you and us. Data is not used for automated decision making or profiling.

The data content
Data that can be used include a name, email address, phone number, and company’s/organization’s name, address and identification details.

Personal data is retained as long as the customer relationship exists. Personal data may also be retained longer if the applicable law or contractual obligations for third parties require longer retention periods. If there is no customer relationship, the retention period is one year. The data is deleted when the retention period defined above has expired.

Regular sources of data
The data stored in the system is obtained from the customer e.g. in emails, phone calls, contracts, customer meetings, and other cases where the customer submits their information.

Cookies and similar technologies
Our website uses cookies for the following reasons:

  • Monitoring marketing performance
  • Monitoring the functionality and performance of the site’s resources
  • General user statistics

By modifying your browser settings, you may restrict the operation of cookies. The cookie information is not combined with any other user information we receive from visitors.

Anonymous web analytics
To collect anonymous visitor data, we use Google Analytics – Learn more at

If you do not wish to receive these cookies, we recommend that you change your browser settings.

Regular transfer of data and the transfer of data outside the EU or EEA
The data in the register is not disclosed to third parties. The register and the controller’s system are located within the EU, but the controller also has the right to transfer personal data outside the European Union or the European Economic Area in accordance with data protection legislation for the purpose of providing the service. We may use service providers that may have access to your personal information outside the EU/EEA, such as the United States, to process your personal information. We will ensure that transfers are properly and lawfully executed in accordance with personal data processing legislation.

In all cases, we will transfer your personal data outside the EU/EEA only for one of the following legitimate purposes:

  • The European Commission has decided that an adequate level of data protection is ensured in the recipient country.
  • We have taken appropriate safeguards to transfer your personal data using standard data protection clauses approved by the European Commission. You are then entitled to obtain a copy of those standard terms by contacting us.
  • You have expressly consented to the transfer of your personal data, or to the transfer of your personal data outside the EU / EEA, for other legitimate reasons, such as the US Privacy Shield approved by the European Commission.

Principles of data protection
The data is technically protected. Access to the data requires adequate rights. Unauthorized access is also prevented by firewalls and technical protection. Only designated persons have the right to process and maintain the data. Users are bound by professional secrecy. The information system is backed up safely and can be restored as needed. Security checks are carried out on a regular basis.

Rights of the data subject
The data subject has the right to check what information there is on them in the register. The request must be made in writing to the data controller. The data controller may, if necessary, request the data subject to prove their identity. The data controller responds to the request within the time limit set by the GDPR (mainly within a month). The data subject has the right to amend any incorrect information and the right to make a complaint about the processing of personal data to the supervisory authority (contact information of the Finnish Data Protection Supervisor can be found at 

To exercise your rights, send us a request by email to