Noona Privacy Notice
Noona Healthcare Oy
Business I.D. 2590096-1
Tehtaankatu 27–29 A
00150 Helsinki, Finland
(“Noona”, “we”, “us” or “our”)
Noona collects personal data that relate to the visitors of Noona.com website (“Website”) and personal data of Noona’s customers’ representatives and contact persons. Noona acts as a controller to the personal data that the visitors of the Website, such as you, share with Noona through the Website or which we collect automatically when you use the Website, or which Noona obtains through other channels.
If you are a representative or a contact person of Noona’s customer, this Privacy Notice provides information on the specifics of processing your personal data for purposes of customer relationship management, as further specified below. In regard to the users of our Website, this Privacy Notice describes the means and purposes of processing your personal data when you use the Website and its functionalities, including e.g. ordering a memo and requesting communications from us. Please note that this Privacy Notice applies to the processing of personal data obtained through your use of the public parts of our Website that are open to everyone.
The processing of personal data conducted in the context of using our healthcare solution is subject to the Noona application Privacy Notice
Please note that our Website may include links to contents of third-party service providers, such as social media services. Any such links to contents of other service providers does not constitute our affiliation with or control over such third parties and thus, to the extent permitted by applicable legislation, we are not responsible for such contents, their level of data protection nor the actions of such third parties. We encourage you to carefully familiarize yourself with privacy policies applicable to any websites and/or services operated by third parties.
Noona Healthcare Oy
Tehtaankatu 27–29 A
+358 45 678 6970
(ii)Categories of personal data and details on processing
We primarily process personal data to offer you the opportunity to use our Website and its functionalities. Our Website makes it possible for you to contact us by using the contact forms on the Website, or to order a demo on our application. When you use these functionalities, you are asked to provide basic information about you, such as your name and contact details, which data we will process in order to fulfil your requests, such as to provide you the requested demo, or to communicate with you.
In case you do not use the abovementioned functionalities of our Website, we will process only metadata that result from your use of our Website. This metadata is collected automatically when you use our Website, and includes information such as referral page, time of access, the amount of transmitted data, status of transmission, type of web browser, IP-address, operating system and interface as well as language and version of your browser. Your IP-address is processed to enable your access to our Website, and the other metadata mentioned above for purposes of helping us to compile statistics to analyze how the Website is used.
The legitimate grounds for processing your personal data are either compliance with the agreement entered into between us, compliance with legal obligations to which we are subject, our legitimate interest, or your consent. Where the processing is based on our legitimate interest, our legitimate interest may be in particular improving the quality and services of our website by analyzing the usage behavior of the Website users, to provide you the most relevant online and newsletters content as well as administrative and data security related purposes and preventing and resolving possible misconduct.
Data entered by the user on or collected automatically through the Website are analyzed. We use Google Analytics to conduct this analysis. For more information about Google Analytics, please visit http://www.google.com/analytics . You can opt out from Google Analytics data collection by downloading a plug-in for your browser from https://tools.google.com/dlpage/gaoptout .
ii.2 Contact persons and representatives of Noona’s customers
We may process the following personal data directly necessary for the maintenance of the customer relation or other relevant connection between you and us and that relate to taking care of the rights and obligations of you, the entity represented by you, or us:
Basic information, such as
Contact information (such as address, telephone number and email)
Preferred language where appropriate
When you are representing an entity, information concerning your employer position an/or assigned tasks within the entity
Information related to the customer relation or other relevant connection between your and us, such as
Information related to the relevant contract and the data subject’s association to the contract, information on services in use and the use of services
Invoicing and payment details
Information on communications and other interaction between the data subject and Noona
Possible permissions and prohibitions concerning direct marketing
Data collected through your use of our services, such as
Log data collected by the data subject’s use of Noona’s services where appropriate
Data relating to access control and access control recordings where appropriate
The aforementioned personal data is processed in particular for the following purposes:
(iii) The provision of services ordered by the data subject or an entity represented by the data subject, and the execution of and the obligations related to the provision of them;
(iv) Invoicing and keeping track of the accuracy of the invoicing;
(v) Taking care of, managing and developing the customer relationship and other relevant connection comparable to such relationship, such as the provision of customer service and the execution of customer communications;
(vi) Services production, business and customer service development by using customer satisfaction surveys, for instance;
(vii) Analysing and compiling statistics for business purposes;
(viii) Advertising and marketing, including targeted marketing and electronic direct marketing, but only to the extent permitted by the applicable law and to the extent the data subject has not objected to such processing;
(ix) The execution of administrative payments and costs;
(x) Data security and the prevention and investigation of malpractices.
Processing of personal data of Noona’s customers’ representatives and contact persons is based on the following legal bases:
Data subject’s consent under applicable legislation;
Compliance with a legal obligation to which Noona is subject;
The performance of a contract between the data subject or an organization represented by the data subject and Noona, or the customer relation or other relevant connection between them, in which case the legal basis for processing is legitimate interest of Noona. A legitimate interest may be, in particular:
Ensuring and improving data security or the security of premises and data network; Protection of Noona’s property; To prevent and investigate suspected fraud or misuse;
Managing and developing the customer relationship;
(xi) Different business administration purposes;
(xii) Other legitimate business purposes, such as service and product development.
(xiii) Cookies and similar technologies on our website
(xiv) Transfers or disclosures of your personal data
xiv.1 Why we transfer or disclose your personal data
We use partners in running our Website, and for other purposes of data processing mentioned in this Privacy Notice. We occasionally hire other companies to provide to us certain other limited services on our behalf, including e.g. marketing activities. We will only provide these partners the information they need to deliver the services agreed.
We will disclose your personal information, without notice, only if required to do so by law or if we in good faith believe that such action is necessary to (a) conform to the provisions of the law or comply with legal process served on Noona; (b) protect and defend the rights or property of Noona; or, (c) act in urgent circumstances to protect personal safety of the public.
In case we sell our business or part of it or otherwise reorganize our business, personal data processed by us as a controller may be disclosed to buyers and their advisors in accordance with applicable legislation.
xiv.2 International transfers of personal data
We or our partners may, in accordance with applicable legislation, process personal data anywhere in the world and thus transfer the personal data also outside the EU or EEA area. In regard to transfers of personal data to countries where the local data protection legislation does not provide adequate level of data protection, the transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission.
To learn more about the appropriate safeguards we use, please contact us using the contact details mentioned in Section 1 of this Privacy Notice.
(xv) How long will we keep your personal data?
The retention period of personal data depends on the data concerned and its purpose of use. We retain personal data at least as long as they are needed for the execution of the informed purposes of processing, and the retention periods are determined in accordance with the following criteria:
Related personal data will be retained for as long as the legitimate interest of Noona can reasonably be considered valid. We determine the validity of our legitimate interest by, for example, the communications between Noona and you.
Related personal data will be deleted when the data subject objects to the processing of his/her personal data for direct marketing purposes. In this case, however, Noona may keep the information regarding the data subject’s objection to receiving direct marketing.
In regard to personal data of customers’ representatives and contact persons, the retention period of personal data is ultimately tied to the term of a contract with the data subject or an organization represented by the data subject. However, in this case, statutory retention periods may also apply. For instance, the accounting regulation requires that the information included in the accounting materials are retained for six years.
When personal data are no longer needed, the data is destroyed in a secure way or irrevocably anonymized.
(xvi) what rights do you have?
Pursuant to applicable data protection laws you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data (“right to be forgotten”); (iv) obtain restriction of processing of your personal data; (v) request data portability; and (vi) object to the processing of your personal data. Please note that these aforementioned rights might be limited under the applicable data protection law and that the execution of your rights requires identification.
Right of access: You may have the right to obtain from us confirmation as to whether or not your personal data is processed, and, where that is the case, to request access to such personal data.
Right to rectification: You may have the right to obtain from us the rectification of inaccurate personal data relating to you.
Right to be forgotten: You may have the right to obtain from us the erasure of your personal data and we may be obliged to erase such personal data.
Right to restriction of processing: You may have the right to obtain from us restriction of processing of your personal data. Should the restriction of processing apply, the respective personal data will be marked and may only be processed by us for certain defined purposes.
Right to data portability: Under certain circumstances, you may have the right to receive such personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another entity without hindrance from us.
Right to object: You may have the right to object, on grounds relating to the particular situation of you, at any time to the processing of your personal data by us and after such objection, we may be required to no longer process such personal data.
In addition, if you deem that we have not processed your personal data lawfully, you have the right to file a complaint with the competent supervisory authority regarding the processing of your personal data.
In order to exercise your rights, please contact us using the contact details mentioned in Section 1 of this Privacy Notice.
(xvii) In conclusion
If for some reason you believe that we have not adhered to what is stated in this Privacy Notice, please notify us using the email address mentioned in Section 1 of this Privacy Notice, and we will do our best to determine and correct the problem promptly.