Privacy Effective as of June 2018

We care about your privacy
Health Invest Finland Oy (business ID 2715906-2) (hereinafter as “Health Invest Finland”, “we”, “us” or “our”), including its affiliates, is committed to respect your privacy and to comply with applicable data protection and privacy laws. This privacy policy (“Policy”) describes how we collect and use personal data where Health Invest Finland is the data controller or where we refer to the applicability of this Policy. “Personal data” means information relating to you or another identifiable individual as defined under applicable data protection laws.

We may give you additional privacy information that is specific to a product or service in Supplements to this Policy and other notices you may see while using our products or services. If there is a difference between such product specific notices and this Policy, the product specific notices should be considered first. Our products or services may contain links to other companies’ websites and services that have privacy policies of their own. Health Invest Finland is not responsible for the privacy practices of others and we recommend you read their privacy notices. In addition, the software on your device may access your information, but such access is determined and defined by the company offering the software and not Health Invest Finland.
If you do not agree with this Policy, do not use our products and services or provide Health Invest Finland with your personal data.

What Information Do We Collect?

We collect your personal data and other information when you make a purchase, use or register into our products and services, take part in campaigns or research, visit our website or otherwise interact with us. This includes following categories:
Product and service activations: Health Invest Finland products and services may require electronic activation, where your device and application type, as well as unique device, application, network and subscription identifiers are sent to Health Invest Finland.

Use of products and services: When you access our services online, our web servers automatically create records of your visit. These records typically include IP-address, access times, the sites linked from, pages visited, the links and features used, the content viewed or requested, browser or application type, language and other such information. See also our Cookie Policy. Our applications may contact our servers periodically, for example to check for updates or to send us information relating to service usage. Additionally, we may invite you to join voluntary product and service improvement or research programs where detailed information is collected. See Supplements to this Policy for more details.

Information you provide us with: When you create an account, make a purchase, request services, participate in research or campaigns or otherwise interact with us, we may ask for information such as your name, email address, phone number, street address, user names and passwords, feedback, information relating to your devices, age, gender, and language, bank account number, credit card details and other such financial information. We also maintain records of your consents, preferences and settings relating to, for example, location data, marketing and sharing of personal data.
Your transactions with us: We maintain records of your purchases, downloads, the content you have provided us with, your requests, agreements between you and Health Invest Finland, the products and services provided to you, payment and delivery details, your contacts and communications and other interactions with us. We may, in accordance with applicable law, record your communication with our customer care or with other such contact points.
Positioning and Location data: Location-based services establish location through the use of satellite, mobile, Wi-Fi or other network based positioning methods. These technologies may involve exchanging your location data and unique device and mobile, Wi-Fi or other network related identifiers with Health Invest Finland. Our products may operate on multiple device platforms, applications and services which may also collect your location data. We do not use this information to identify you personally without your consent.

When you use our location based services and features, for example location based search, navigation and routing, or request for map data, your location data is sent to Health Invest Finland to serve you with the right content, which may also include location based advertising.
Sensitive Personal Data: Some of our services and products may collect and process information on you that is considered as sensitive under applicable data protection laws. This information may include such information as your heart rate, medical conditions, information on medications, dietary information as well as other equivalent health related data. Further information of our processing of any sensitive data can be found in the product specific notices and/or the Supplements.

Why Do We Process Personal Data?

Health Invest Finland may process your personal data for the following purposes. One or more purposes may apply simultaneously. We will only process your personal data where and to the extent necessary for the purposes listed herein, unless otherwise required under applicable laws.
Providing products and services: We may use your personal data to provide you with our products and services, to process your requests or as otherwise may be necessary to perform the contract between you and Health Invest Finland, to ensure the functionality and security of our products and services, to identify you as well as to prevent and investigate fraud and other misuses.
Accounts: Some services may require an account to help you manage your content and preferences. For more information, see our account supplement.
Developing and managing products and services: We may use your personal data to develop and manage our products, services, customer care, sales and marketing. We may combine personal data collected in connection with your use of a particular Health Invest Finland product and/or service with other personal data we may have about you, unless such personal data was collected for a different purpose.

Communicating with you: We may use your personal data to communicate with you, for example to inform you that our services have changed or to send you critical alerts and other such notices relating to our products and/or services and to contact you for customer care related purposes.
Marketing, advertising and making recommendations: We may contact you to inform you of new products, services or promotions we may offer and to conduct market research when we have your consent or it is otherwise allowed. We may use your personal data to personalize our offering and to provide you with more relevant services, for example, to make recommendations and to display customized content and advertising in our services. This may include displaying Health Invest Finland content and third party content.
Legal Basis: We always ensure that we have an appropriate legal basis for processing any personal data for the purposes described in this Policy, a product specific policy or any Supplement. For the most part, our processing is based on one of the following legal basis: a) performance of a contract you have with us; b) our legitimate interests based on e.g. your client relationship with us and the realization of any rights/responsibilities thereto; or c) your consent, where requested. In addition, where Health Invest Finland processes your personal data as a data processor (or a sub-processor) of another data controller, the processing is the based on the contract Health Invest Finland has with the data controller (or, as applicable, the primary data processor).
Where you have ordered services or products directly from us, it may be required from you to provide certain personal data (such as contact details, address or payment details) in order for us to be able to deliver your order to you and fulfill our agreement with you. If the provision of your personal data is mandatory in order for us provide you services or products, such mandatory information has been separately marked so (e.g. by an asterisk*) you know if you have to provide us certain information.

Do We Share Personal Data?

We do not sell, lease, rent or otherwise disclose your personal data to third parties unless otherwise stated below.
Your consent and social sharing services: We may share your personal data if we have your consent to do so. Some services may allow you to share your personal data with other users of the service or with other services and their users. Please consider carefully before disclosing any personal data or other information that might be accessible to other users.
Health Invest Finland companies and authorized third parties: We may share your personal data with other Health Invest Finland companies or authorized third parties who process personal data for Health Invest Finland for the purposes described in this Policy. This may include for example billing through your network service provider or otherwise, delivery of your purchases, providing services including customer service, managing and analyzing consumer data, credit checks, conducting research and managing marketing and other such campaigns. When you purchase a Health Invest Finland product from us with a network service provider plan, we may need to exchange information with your network service provider to provide you with such service.
We may conduct joint marketing and other communications with our partners, for example your mobile operator. To avoid duplicate or unnecessary communications and to tailor the message to you we may need to match information that Health Invest Finland has collected with information that the partner has collected where this is permitted by law.
These authorized third parties are not permitted to use your personal data for any other purposes. We require them to act consistently with this Policy and to use appropriate security measures to protect your personal data.
International transfers of personal data: Our products and services may be provided using resources and servers located in various countries around the world. Therefore your personal data may be transferred across international borders outside the country where you use our services, including to countries outside the European Economic Area (EEA) that do not have adequate laws providing specific protection for personal data as deemed by the EU Commission or that have different legal rules on data protection, for example, the United States of America. In such cases we ensure that there is a legal basis for such a transfer and that adequate protection for your personal data is provided as required by applicable law, for example, by using standard agreements approved by relevant authorities (such as the EU Commission Standard Contractual Clauses) or requiring the EU-US Privacy Shield certification, and by requiring the use of other appropriate technical and organizational information security measures. You may request further information and a copy of these legal measures used by contacting us via the contact details given in this Policy.

Mandatory disclosures: We may be obligated by mandatory law to disclose your personal data to certain authorities or other third parties, for example, to law enforcement agencies in the countries where we or third parties acting on our behalf operate. We may also disclose and otherwise process your personal data in accordance with applicable law to defend Health Invest Finland’s legitimate interests, for example, in civil or criminal legal proceedings.
Mergers and Acquisitions: If we decide to sell, buy, merge or otherwise reorganize our businesses in certain countries, this may involve us disclosing personal data to prospective or actual purchasers and their advisers, or receiving personal data from sellers and their advisers.

How Do We Address The Privacy of Children?

Health Invest Finland products and services are typically intended for general audiences. Health Invest Finland does not knowingly collect information of children under 16 –years of age without the prior consent of their parents or guardians. If you suspect that your child is using our products or services or otherwise have questions on our processing of your child’s personal data, you may contact us via the contact details below. Where we are informed or find out that we are processing data of a child under 16 –years of age without the consent of their legal guardian, we will immediately cease such processing and delete all data concerning such child, unless we are obligated to retain certain data under applicable laws.

How Do We Address Data Quality?

We take reasonable steps to keep the personal data we possess accurate and to delete incorrect or unnecessary personal data. We encourage you to access your personal data through your account from time to time to ensure that it is up to date and update it when necessary.

What Steps Are Taken To Safeguard Personal Data?

Privacy and security are key considerations in the creation and delivery of our products and services. We have implemented appropriate technical and organizational security measures to secure your personal data against unlawful or unauthorized access, disclosure, deletion or loss. We have assigned specific responsibilities to address privacy and security related matters. We enforce our internal policies and guidelines through an appropriate selection of activities, including proactive and reactive risk management, security and privacy engineering, training and assessments. We take appropriate steps to address online security, physical security, risk of data loss and other such risks taking into consideration the risk represented by the processing and the nature of the data being protected. These steps and measures may include, as appropriate, the use of firewalls, virus and malware protection, secure service facilities, encryption and pseudonymisation of data. In addition, we limit access to our databases containing personal data to authorized persons having a justified need to access such information.

How Long Do We Store Your Personal Data?

Health Invest Finland only processes your personal data as long as it is necessary for the purposes it was collected for. When your personal data is no longer necessary, we will automatically delete it. In general we will retain your personal data as long as you are ordering services from us or as long as you otherwise have a customer relationship with us. If we are processing your personal data as a data processor (or a sub-processor) of another data controller, we typically process your personal data as long as the data controller has a contract with us or as otherwise instructed by the data controller. Please nonetheless be advised that we may be obligated to retain your personal data for some time after your relationship with us has ended due to mandatory requirements of applicable legislation (e.g. for accounting purposes).

How Do We Use Cookies and Web Beacons?

Health Invest Finland uses cookies, web beacons and other similar technologies to operate and improve our websites and offering. We also use cookies for personalization and to display ads. Some Health Invest Finland websites use third party advertising technologies, such as DoubleClick, to serve ads. Our domains may include third party elements that set cookies on behalf of a third party, for example relating to third party social network. Please visit our Cookie Policy to find out more about how Health Invest Finland uses cookies and how you can disable cookies by browser settings or otherwise.

What Are Your Rights?

The applicable data protection legislation guarantees several rights for you regarding your personal data processed. You are entitled to the following rights, subject to certain requirements and limitations under applicable laws:

  • You have a right to know what personal data we hold about you and access such personal data. If you make this kind of request and we hold personal data about you, we shall provide you with information on such data, including a description and copy of the personal data and why we are processing it;
  • You have a right to have incomplete, incorrect, unnecessary or outdated personal data deleted, updated or completed;
  • You have the right to object to our processing of your personal data, including profiling. You can object at any time and we shall stop processing the information you have objected to, unless we can show compelling legitimate grounds to continue that processing;
  • You have a right to request erasure of your personal data in certain circumstances as stated in applicable laws (e.g. where our processing was based on your consent and you have withdrawn it). Erasure rights do not apply where the data is processed for historical research purposes or statistical purposes.
  • You have the right to request the restriction of our processing of your personal data in some situations (e.g. where the data is no longer necessary but you do not wish us to delete it). If you request this, we can continue to store your personal data but are restricted from processing it while the restriction is in place;
  • You have the right to withdraw a consent you have given to our processing of your personal data at any time. If you do withdraw consent, that will not affect the lawfulness of what we have done with your personal data before you withdrew consent; and
  • You have the right to complain to your local data protection authority about our collection or use of your personal data. You may find the contact details of all competent data protection authorities in the EU here.
    In addition to having the right to withdraw consent at any time, you have a right to unsubscribe from direct marketing messages and to request that we stop processing your personal data for direct marketing purposes or on other compelling legal grounds. However, if you opt-out from marketing and other communications from Health Invest Finland, critical alerts may still be sent to you.

You may exercise your rights by contacting us or by managing your account and choices through available profile management tools on your device and our services. In some cases, especially if you wish us to delete or stop processing your personal data, this may also mean that we may not be able to continue to provide the services to you.

Who Is The Controller of Your Personal Data?
Health Invest Finlandis the controller of your personal data. In addition, the Health Invest Finland affiliate providing the product or service may be a controller of your personal data. You may find the identity of the controller and its contact details by reviewing the terms and conditions of such a product or service or by using contact information provided in the applicable Health Invest Finland websites. You may also always ask us who is the controller of your personal data in case you are uncertain of the matter.

You may contact us at the following:

Health Invest Finland Oy
Unioninkatu 20-22
00130 Helsinki, FINLAND
Tel. +358 44 735 5553

In matters pertaining to Health Invest Finland’s privacy practices you may also contact our appointed Data Protection Officer at:

Health Invest Finland Oy
Sanna Nikumatti (DPO)

Changes to This Privacy Policy
Health Invest Finland may from time to time change this Policy or change, modify or withdraw access to this site at any time with or without notice. However, if this Policy is changed in a material or adverse way, Health Invest Finland will post a notice advising of such change at the beginning of this Policy and on this site’s home page for 30 days. We recommend that you re-visit this Policy from time to time to learn of any such changes to this Policy.