Noona Privacy Notice

Noona Healthcare Oy

Business I.D. 2590096-1

Tehtaankatu 27–29 A

00150 Helsinki, Finland

(“Noona”, “we”, “us” or “our”)

Noona collects personal data that relate to the visitors of website (“Website”) and personal data of Noona’s customers’ representatives and contact persons. Noona acts as a controller to the personal data that the visitors of the Website, such as you, share with Noona through the Website or which we collect automatically when you use the Website, or which Noona obtains through other channels.

If you are a representative or a contact person of Noona’s customer, this Privacy Notice provides information on the specifics of processing your personal data for purposes of customer relationship management, as further specified below. In regard to the users of our Website, this Privacy Notice describes the means and purposes of processing your personal data when you use the Website and its functionalities, including e.g. ordering a memo and requesting communications from us. Please note that this Privacy Notice applies to the processing of personal data obtained through your use of the public parts of our Website that are open to everyone.

The processing of personal data conducted in the context of using our healthcare solution is subject to the Noona application Privacy Notice

Please note that our Website may include links to contents of third-party service providers, such as social media services. Any such links to contents of other service providers does not constitute our affiliation with or control over such third parties and thus, to the extent permitted by applicable legislation, we are not responsible for such contents, their level of data protection nor the actions of such third parties. We encourage you to carefully familiarize yourself with privacy policies applicable to any websites and/or services operated by third parties.

(i) Contact person in matters related to the processing of personal data

Pasi Heiskanen

Noona Healthcare Oy

Tehtaankatu 27–29 A

00150 Helsinki, Finland

+358 45 678 6970

(ii)Categories of personal data and details on processing

ii.1Website users

We primarily process personal data to offer you the opportunity to use our Website and its functionalities. Our Website makes it possible for you to contact us by using the contact forms on the Website, or to order a demo on our application. When you use these functionalities, you are asked to provide basic information about you, such as your name and contact details, which data we will process in order to fulfil your requests, such as to provide you the requested demo, or to communicate with you.

In case you do not use the abovementioned functionalities of our Website, we will process only metadata that result from your use of our Website. This metadata is collected automatically when you use our Website, and includes information such as referral page, time of access, the amount of transmitted data, status of transmission, type of web browser, IP-address, operating system and interface as well as language and version of your browser. Your IP-address is processed to enable your access to our Website, and the other metadata mentioned above for purposes of helping us to compile statistics to analyze how the Website is used.

The legitimate grounds for processing your personal data are either compliance with the agreement entered into between us, compliance with legal obligations to which we are subject, our legitimate interest, or your consent. Where the processing is based on our legitimate interest, our legitimate interest may be in particular improving the quality and services of our website by analyzing the usage behavior of the Website users, to provide you the most relevant online and newsletters content as well as administrative and data security related purposes and preventing and resolving possible misconduct.

Data entered by the user on or collected automatically through the Website are analyzed. We use Google Analytics to conduct this analysis. For more information about Google Analytics, please visit . You can opt out from Google Analytics data collection by downloading a plug-in for your browser from .

ii.2 Contact persons and representatives of Noona’s customers

We may process the following personal data directly necessary for the maintenance of the customer relation or other relevant connection between you and us and that relate to taking care of the rights and obligations of you, the entity represented by you, or us:

Basic information, such as


Contact information (such as address, telephone number and email)

Preferred language where appropriate

When you are representing an entity, information concerning your employer position an/or assigned tasks within the entity

Information related to the customer relation or other relevant connection between your and us, such as

Information related to the relevant contract and the data subject’s association to the contract, information on services in use and the use of services

Invoicing and payment details

Information on communications and other interaction between the data subject and Noona

Possible permissions and prohibitions concerning direct marketing

Data collected through your use of our services, such as

Log data collected by the data subject’s use of Noona’s services where appropriate

Data relating to access control and access control recordings where appropriate

The aforementioned personal data is processed in particular for the following purposes:

(iii) The provision of services ordered by the data subject or an entity represented by the data subject, and the execution of and the obligations related to the provision of them;

(iv) Invoicing and keeping track of the accuracy of the invoicing;

(v) Taking care of, managing and developing the customer relationship and other relevant connection comparable to such relationship, such as the provision of customer service and the execution of customer communications;

(vi) Services production, business and customer service development by using customer satisfaction surveys, for instance;

(vii) Analysing and compiling statistics for business purposes;

(viii) Advertising and marketing, including targeted marketing and electronic direct marketing, but only to the extent permitted by the applicable law and to the extent the data subject has not objected to such processing;

(ix) The execution of administrative payments and costs;

(x) Data security and the prevention and investigation of malpractices.

Processing of personal data of Noona’s customers’ representatives and contact persons is based on the following legal bases:

Data subject’s consent under applicable legislation;

Compliance with a legal obligation to which Noona is subject;

The performance of a contract between the data subject or an organization represented by the data subject and Noona, or the customer relation or other relevant connection between them, in which case the legal basis for processing is legitimate interest of Noona. A legitimate interest may be, in particular:

  1. Ensuring and improving data security or the security of premises and data network; Protection of Noona’s property; To prevent and investigate suspected fraud or misuse;

  2. Managing and developing the customer relationship;

(xi) Different business administration purposes;

(xii) Other legitimate business purposes, such as service and product development.

(xiii) Cookies and similar technologies on our website

Our Website uses cookies and other similar technologies to allow us to gather information on the use of our Website. Cookies are small text files that are given ID tags and stored on the browser directory or program data subfolders of the Website user’s browser. Cookies do not harm the user’s computer or other terminal device. Cookies allow us to compile statistics from the use of our Website, inter alia, the number of users on our Website, and to obtain information about e.g. the geographic location of the user, about the user’s browser, time of visit as well as the content viewed by the user. With this information, Noona does not identify a single user.

The use of our Website does not require the acceptance of cookies, and you may refuse to accept cookies from our Website and delete existing cookies by selecting the appropriate settings on your browser. If you wish to do so, please refer to your browser’s user guide to find out how to control cookies by adjusting your browser’s preferences. However, you should note that disabling the use of cookies may affect the functioning of our Website, and therefore some of the functionalities of our Website may not be available to you after you have disabled cookies. The cookies on our website may be used by and placed on your terminal device by us or by a third party service provider, such as Google Analytics.

(xiv) Transfers or disclosures of your personal data

xiv.1 Why we transfer or disclose your personal data

We use partners in running our Website, and for other purposes of data processing mentioned in this Privacy Notice. We occasionally hire other companies to provide to us certain other limited services on our behalf, including e.g. marketing activities. We will only provide these partners the information they need to deliver the services agreed.

We will disclose your personal information, without notice, only if required to do so by law or if we in good faith believe that such action is necessary to (a) conform to the provisions of the law or comply with legal process served on Noona; (b) protect and defend the rights or property of Noona; or, (c) act in urgent circumstances to protect personal safety of the public.

In case we sell our business or part of it or otherwise reorganize our business, personal data processed by us as a controller may be disclosed to buyers and their advisors in accordance with applicable legislation.

xiv.2 International transfers of personal data

We or our partners may, in accordance with applicable legislation, process personal data anywhere in the world and thus transfer the personal data also outside the EU or EEA area. In regard to transfers of personal data to countries where the local data protection legislation does not provide adequate level of data protection, the transfers are based on appropriate safeguards, such as standard contractual clauses approved by the European Commission.

To learn more about the appropriate safeguards we use, please contact us using the contact details mentioned in Section 1 of this Privacy Notice.

(xv) How long will we keep your personal data?

The retention period of personal data depends on the data concerned and its purpose of use. We retain personal data at least as long as they are needed for the execution of the informed purposes of processing, and the retention periods are determined in accordance with the following criteria:

Related personal data will be retained for as long as the legitimate interest of Noona can reasonably be considered valid. We determine the validity of our legitimate interest by, for example, the communications between Noona and you.

Related personal data will be deleted when the data subject objects to the processing of his/her personal data for direct marketing purposes. In this case, however, Noona may keep the information regarding the data subject’s objection to receiving direct marketing.

In regard to personal data of customers’ representatives and contact persons, the retention period of personal data is ultimately tied to the term of a contract with the data subject or an organization represented by the data subject. However, in this case, statutory retention periods may also apply. For instance, the accounting regulation requires that the information included in the accounting materials are retained for six years.

When personal data are no longer needed, the data is destroyed in a secure way or irrevocably anonymized.

(xvi) what rights do you have?

Pursuant to applicable data protection laws you may have the right to: (i) request access to your personal data; (ii) request rectification of your personal data; (iii) request erasure of your personal data (“right to be forgotten”); (iv) obtain restriction of processing of your personal data; (v) request data portability; and (vi) object to the processing of your personal data. Please note that these aforementioned rights might be limited under the applicable data protection law and that the execution of your rights requires identification.

Right of access: You may have the right to obtain from us confirmation as to whether or not your personal data is processed, and, where that is the case, to request access to such personal data.

Right to rectification: You may have the right to obtain from us the rectification of inaccurate personal data relating to you.

Right to be forgotten: You may have the right to obtain from us the erasure of your personal data and we may be obliged to erase such personal data.

Right to restriction of processing: You may have the right to obtain from us restriction of processing of your personal data. Should the restriction of processing apply, the respective personal data will be marked and may only be processed by us for certain defined purposes.

Right to data portability: Under certain circumstances, you may have the right to receive such personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another entity without hindrance from us.

Right to object: You may have the right to object, on grounds relating to the particular situation of you, at any time to the processing of your personal data by us and after such objection, we may be required to no longer process such personal data.

In addition, if you deem that we have not processed your personal data lawfully, you have the right to file a complaint with the competent supervisory authority regarding the processing of your personal data.

In order to exercise your rights, please contact us using the contact details mentioned in Section 1 of this Privacy Notice.

(xvii) In conclusion

We reserve the right to update and modify this privacy policy. Unless otherwise provided by mandatory applicable legislation, we may not personally post changes to this Privacy Notice to the data subjects in person, and therefore we prompt you to check this policy from time to time for possible changes. You can tell when changes have been made to the Privacy Notice by referring to the “Last Updated” legend on top of this page.

If for some reason you believe that we have not adhered to what is stated in this Privacy Notice, please notify us using the email address mentioned in Section 1 of this Privacy Notice, and we will do our best to determine and correct the problem promptly.