Privacy Policy

Legal information

This Privacy Policy informs how Contral Clinics (hereinafter also –” Controller”,” Owner”,” we”, “us” or “our”) processes information and personal data on the website https://www.contral.com/ as well as any other media form, media channel linked, or otherwise connected thereto (hereinafter – Website).

We strive to protect all personal information that we receive or generate. This Privacy Policy (“Privacy Policy” or “Policy”) explains our data protection practices for our visitors. This Privacy Policy also explains the nature of the personal information we collect, the means by which we collect it, the purposes for which we collect it, and how we use, process, protect, and share it.

Please read this entire Privacy Policy before submitting information to this Website. By accessing or using this Website for any purpose and by submitting any of your personal information to us, you are consenting to the terms and conditions of this Policy and to our Terms of Service posted on this Website. If you disagree with any part of this Privacy Policy or the Terms of Service, please do not use this Website or any of our other services and do not share any personal information with us.

Data Controller

Name: Novalco Oy Contral Clinics
ID number: 1749729-5
Address: c/o Terveystalo, Keskuskatu 7, 00100 HELSINKI
E-mail: contral@contral.com

Contact person

Name: Jukka Keski-Pukkila (CEO)
Address: c/o Terveystalo, Keskuskatu 7, 00100 HELSINKI
E-mail: contral@contral.com

Definitions and legal references

Personal Data (or Data) - Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

Usage Data - Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Website) and the details about the path followed within the Website with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

User - The individual using this Website who, unless otherwise specified, coincides with the Data Subject.

Data Subject - The natural person to whom the Personal Data refers.

Data Processor (or Data Supervisor) - The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner) - The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.

This Website - The means by which the Personal Data of the User is collected and processed.

Service - The service provided by this Website as described in the relative terms and on this Website.

‍

Collecting of data

This section explains generally the sources from which, and the means by which, we collect and process personal information.‍

Contacting us

If you contact us in relation to any of the Services (via email, telephone, post or otherwise), We may collect and retain your contact details and your communication for the purpose of handling your query and keeping records of communications.‍

Other Means of Collection

We collect personal information by a variety of means and methods, including the following:

• When you submit personal information to us voluntarily, including when you provide us information, communicate with us or use any of our Services;
• When you visit our Website, we may collect device information and other information from the internet browser you are using;
• When your communications with us provide us with certain technical formation, such as internet protocol (IP) address, browser type, time zone setting and location, device operating system, and other technologies you may use to access our Website or otherwise communicate with us;
• From third parties and public sources, including from data analytics providers for our own social media pages, like Facebook, Twitter and LinkedIn

‍

Collected data

The personal information we collect varies by user, transaction, and purpose, but our primary purpose is the efficient and satisfactory conduct of our business and for related legal purposes.  

Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party's consent to provide the Data to the Owner.

The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as contacting the User and sending emails using mailing list. Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.

Generally, we collect the following data

• Identification information such as name and contact information such as phone number, e-mail address.
• Information we obtain from a third party, such as a site or Website provider, about use of our Website on third-party Websites or devices;
• Activity information about your use, and the use by any person(s) you authorize through your account on our Website, such as the services you provide, how often you use our services, and your preferences; and
• Usage, viewing, technical, and device data when you visit our Website on third-party sites or Websites, or open emails we send, including your browser or device type, unique device identifier, and IP address

We collect the following categories of Personal data for the following activities

Purpose of data collection

We use the personal information that we collect or receive from our Users for the purposes described in this Policy and for other business purposes allowed by law, including the development, delivery, and performance of our services, sharing with our affiliates for related business purposes, and as follows:

• To provide and maintain our Service, including to monitor the usage of our Service.
• For the performance of a contract: the development, compliance and undertaking of the contract for the services or of any other contract with us through the Service.
• To contact you: To contact you by email, telephone calls, SMS, or other equivalent forms of electronic communication.
• To manage your requests: To attend and manage your requests to us.
• To respond to your requests and questions, resolve disputes, investigate and address your concerns, and monitor and improve our responses;
• To help maintain the safety, security, and integrity of our Website, databases, and technology assets and to detect and prevent transactional fraud;
• For testing, research, analysis, and a product and service development, including to improve our Website and services;
• For facilitating and processing your transactions with us and with our third party affiliates and business partners;
• To respond to law enforcement requests and as required by applicable laws, court orders, or governmental regulations;
• For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, marketing and your experience.

We process personal data on the following legal basis for the following purposes

Methods of data processing

Contral Clinics takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.

The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to Contral Clinics, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by Contral Clinics. The updated list of these parties may be requested from the Owner at any time.

‍

Transfers and sharing of data

Depending on the User's location, data transfers may involve transferring the User's Data to a country other than their own.  If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with Contral Clinics using the information provided in the contact section.

*All customers' health information is stored in our partner Terveystalo's systems, and access to them requires a treatment relationship between the customer and Novalco Oy Contral Clinics staff. Health information is protected by Terveystalo. In addition to health data, Tervaystalo also acts as a data controller for personal data collected during Terveystalo's appointment booking.

We may share your personal data with following recipients:

• Internal recipients – your Personal data will only be disclosed to authorize employees that require an access to fulfil their obligations (e.g. support teams, developers, etc.). Our employees are specifically trained and made aware of the sensitivity of your Personal data and the requirements necessary to ensure the protection of your right to privacy.
• Processors – in order to provide the Services, Contral Clinics may communicate your Personal data to other entities acting as data processors.
• Partners and third parties – in order to provide the Services, Contral Clinics may communicate your Personal data to third party service providers.
• Judicial, administrative and other public authorities – Contral Clinics may have to share or disclose some of your Personal data if it is required to do so by the law, by a request meaning from a competent authority., to comply with a court order, to obtain legal remedies or defend Contral Clinics’ rights, to contribute with investigations (e.g. fraud, identity theft, etc.).

Individual information can be handed over to a debt collection agency for the collection of unpaid invoices.

Novalco Oy Contral Clinics ensures by reasonable means that its subcontractors who process personal data are reliable, process data according to the requirements of the data protection regulation and within the EU/EEA area. Subcontractors are required to provide evidence of sufficient technical and organizational personal data protection measures (e.g. ISO 27001 certificate). Novalco Oy Contral Clinics undertakes to maintain a list of its sub-processors and to hand over the list upon written request.

‍

Additional information about data collection and processing

Legal action

The User's Personal Data may be used for legal purposes by Contral Clinics in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.

System logs and maintenance

For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from Contral Clinics at any time. Please see the contact information at the beginning of this document.‍

Visiting Third-Party Websites

Our Website may contain links or references to third party Websites. These Websites are outside of our control, and the privacy policies of these sites may differ from our own. Please be aware that we have no control over these third-party Websites and our Privacy Notice does not apply to such Websites. We encourage you to check the Terms of Service and privacy policies of such sites before disclosing any personal information via such sites. The privacy notice of the third party site will govern how information collected from you is used by the owner of the Website. You can always know what Website you are on by checking the Uniform Resource Locator (URL) in the location bar within your browser.

Changes to this privacy policy

Contral Clinics reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to Contral Clinic. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the User’s consent, Contral Clinics shall collect new consent from the User, where required.