Privacy and data protection Register and Privacy statement covering cookie practices.

This is Nordic Nightingale’s register and data protection statement in accordance with the Data Protection Act 1050/2018 and the EU General Data Protection Regulation 2016/679 (GDPR). The report includes a description of the company’s cookie practices.

Last updated: 3.12.2023.

1. THE REGISTER

Name: Nordic Nightingale (later the “Company”).
ID-number: 3406848-4

Internet pages: www.nordicnightingale.fi

2. CONTACT PERSON RESPONSIBLE FOR THE REGISTER

Register manager: Mary Jane Bardaje

Email: jane.bardaje@nordicnightingale.fi

3. REGISTER’S NAME

Name of registers:

Marketing register, customer register, healthcare worker applicant register, register of employees

4. LEGAL BASIS AND PURPOSE OF PERSONAL DATA PROCESSING

Company is an international recruitment and placement agency. The company is offering manpower by recruiting and training Filipino nurses to work initially as nurse assistants to healthcare companies like nursing homes, assisted living facilities, hospices, community nursing and other healthcare facilities in the Uusimaa region.

According to the EU General Data Protection Regulation, the legal basis for processing personal data is based on the following:

-A binding contract

-Legislation binding the company

-Consent given by the data subject

-Legitimate interests pursued by the controller

In situations where the processing is based on a legitimate interest, company has performed a balance test and assessed that the interests or fundamental rights and freedoms of a person requiring the protection of personal data do not override the legitimate interests of our organization.

The purpose of personal data processing is serving customers and handling customer orders; customer relationship maintenance; marketing and delivery of services agreed with the customer; prevention of abuse; analytics and statistical purposes; handling invoices; improvement of Nordic Nightingale’s operations and services; handling employment contracts and obligations of the employer.

The information is not used for automated decision-making or profiling.

5. INFORMATION CONTENT OF THE REGISTER

Data to be stored in the company register can be the following:

For market register: company name, contact person, e-mail address, phone number, location address, website addresses.

For customer register: Company name, contact person, e-mail address, phone number, location address, website addresses, information about ordered services and their changes, invoicing information, other information related to the customer relationship and ordered services of the companies that are customers and their representatives acting as contact persons.

Healthcare worker applicant register: Name, nationality, date of birth, current address, email address, mobile number, social media account, degree, passport, resume, school and employment verified credentials, medical certificate, social security number.

Register of employees: Name, nationality, data of birth, social security number, email address, mobile number, degree, medical certificate, language information, tax information, bank account number, other personal information provided by the employee.

Information and customer files related to the customer relationship will be kept as long as Company has a legal responsibility for the assignment continues or until the customer indicates that they want to delete this information. The company reserves the right to self-assess the deletion of data when it considers its legal responsibility to have ended.

Marketing register information is based on public registers, and customer information is removed from there at the customer’s separate request.

The information related to the company’s invoicing is stored securely in accordance with accounting legislation by an external service provider. More information about that can asked from the Service Manager.

6. REGULAR INFORMATION SOURCES

Information that may be stored in the register is obtained from the customer as follows:

• -Assignment agreements with a written assignment agreement or by e-mail confirmed by the customer and health care worker applicant
• -In customer and health care worker applicant meetings on site or via a remote telecommunications connection
• -In the documents or other materials provided by the customer and health care worker applicant
  in connection with the assignment
• -In other situations where the customer and health care worker applicant
  discloses personal information related to cooperation
• -From public registers for permitted marketing.

7. INFORMATION STORAGE PERIOD

Information and customer files related to the customer relationship will be kept as long as Customers legal responsibility for assignments continues or until the customer indicates that they want to delete this information. The company reserves the right to self-assess the deletion of data when it considers its legal responsibility to have ended.

8. REGULAR TRANSFER OF DATA AND DATA TRANSFER OUTSIDE THE EU OR EEA

Information is not regularly disclosed to other parties. Information can be disclosed to other parties or published to the extent that has been separately agreed with the customer.

As a general rule, data cannot be transferred by the controller outside the EU or EEA, unless it is necessary for the customer’s assignment or is based on the general storage and usage conditions of Company’s cloud services approved at the EU level.

Personal data is never handed over to different parties. Company works with companies and responsible persons representing companies, and any assignments of individuals are agreed separately in writing.

9. REGISTRY PROTECTION PRINCIPLES

Care is taken when processing the register and the information processed with the help of information systems is properly protected.

When registry data is stored on internet servers, the physical and digital data security of their hardware is taken care of appropriately. The registrar ensures that stored data as well as server access rights and other data critical to the security of personal data are handled confidentially and only by those employees whose job description it is.

10. RIGHT OF INSPECTION AND RIGHT TO DEMAND CORRECTION OF INFORMATION

Every person in the register has the right to check their information stored in the register and demand the correction of any incorrect information or the completion of incomplete information. If a person wants to check the information stored about him or demand corrections, the request must be sent in writing (Address in section 1. Controller and in section 2.Register Manager) to the Register Manager. If necessary, the registrar can ask the requester to prove his identity. The Register Manager responds to the customer within the time stipulated in the EU data protection regulation.

11. OTHER RIGHTS RELATED TO PERSONAL DATA PROCESSING

A person in the register has the right to request the removal of personal data about him from the register (“right to be forgotten”).

The data subject also has other rights according to the EU’s General Data Protection Regulation, such as limiting the processing of personal data in certain situations. Requests must be sent in writing (Address in section 1 and 2; Register Manager) to the controller. If necessary, the registrar can ask the requester to prove his identity. The Register Manager responds to the customer within the time stipulated in the EU data protection regulation (generally within a month).

12. COOKIE PRACTICES

Company websites are using and tags to ensure that the website functions optimally and that all content is displayed properly. A cookie is a text file that is sent from Nordic Nightingale’s web server and stored on your web browser or device. We also use cookies to collect comprehensive analytical information about your use of our services and products, to store functionality and to direct relevant news and offers to you.

You have the option to change your web browser settings regarding the use and coverage of cookies. An example of this type of change is to block all cookies or delete cookies when you close your browser. However, remember that if cookies are not accepted, some of the functions of the website may be impaired and some of the content of the website may not be displayed properly.

Company is using following Cookies on the websites:

-GOOGLE ANALYTICS: We use the Google Analytics service to monitor Company’s website. The purpose of the monitoring is to collect statistical information about, for example, the number of visitors to the page and the most popular content. The collected information is anonymous and does not reveal the contact information of those who visited the site.​

-FACEBOOK: Company’s Facebook site uses a Facebook feed that shows the latest articles on the Facebook page and e.g. information about likers.​

13. REJECTING COOKIES IN THE BROWSER

We don’t recommend this, but if you want to block cookies, change your browser’s cookie settings. Disabling cookies may impair the user experience, and all functions of the website may no longer work at all.

If you block the use of cookies in your browser program, your device will not be tracked when you visit the site. Please note, however, that by blocking the use of cookies, you may also block the use of some website functions.