Privacy policy

This document informs you about how Adamant Health processes personal data pursuant to applicable laws and regulations, foremost the General Data Protection Regulation (GDPR) (EU) 2016/679.

Contact

If you have any questions about this privacy policy, your data, or if you would like to exercise one of your data protection rights, please do not hesitate to contact our Data Protection Officer at:

Adamant Health Oy, incorporated and registered in Finland under business number: 3153572-9
c/o Terkko Health Hub, Haartmaninkatu 4, Building 14, FI-00290 Helsinki. dpo@adamanthealth.com.
(hereinafter: “Adamant Health”)

For patients

Related to your personal data, Adamant Health may be a Data Controller or Data Processor, depending on the contract we have with your health clinic.

Our role

If we are your Data Controller, we ask specifically for your consent to our services. If we are your Data Processor, your health clinic has a contract with us to provide the service.

Data we may collect about you

To provide the service, we collect information related to you and your state of health, such as your name, date of birth, gender, ethnicity, nationality, and identifiable health-related information, to provide your clinician with an individualized health-related analysis.

The purpose of our data collection

As a Data Controller, we process your data for the provision of our service and for use in research activities, given you have provided your consent allowing us to do so. As a Data Processor, we collect personal information per our contractual obligations with your health clinic.

Unless we inform you otherwise and ask for your consent, we process your personal data to obtain detailed information about your disease and its symptoms, which we use to provide healthcare professionals with a symptom report. Healthcare professionals can use the symptom information to create or update your treatment plan.

As part of our service, you will either use a web- or paper-based patient diary to record your symptoms, medication intakes, and overall well-being during the time of the measurement. The information from the web- or paper-based patient diary is transmitted and stored securely in the Adamant Health Cloud Service. The information is provided to the clinician in the symptom report via the Adamant Health Clinic Application.

Automated decision-making

To make the use of our services as convenient as possible for you, we have designed a web application as described above where patients can keep personal diaries. When commencing the service, you are asked to choose whether you would like to use the web application or keep your patient diary in paper format. At any given moment, you may withdraw your consent to use the automated web application, use the paper system, or ask any of our staff members for personal assistance directly via the contact information available on our website (www.adamanthealth.com).

Research

We ask specifically for your consent to use the collected data in research studies. After your consent your data shall be used for future research studies that are related to movement disorders or other related diseases carried out in cooperation with other organizations. We intend, to the best of our abilities, to anonymize your data that we wish to use for research studies. The purpose of research is to gather new information about diseases and their treatment. We cooperate only with official partners and in official research studies that have obtained a research permit from an official authority. Your patient data may be part of a research study if you have provided your consent at the time of the commencement of the service. All published research studies are announced and published in the “Research” section of our website, and at any point you have the possibility to withdraw your consent. If you wish to withdraw your consent, your information shall be retracted from the research datasets insofar this is possible due to the level of anonymization. Where possible, your data shall be removed from ongoing studies, and it will not be used for future research studies. However, it is not possible to retract your information from already published studies.

For all others

If you are not a patient but a customer, business partner or affiliate, marketing contact, website visitor, job applicant, or other data subject, Adamant Health is your Data Controller.

Note: If you are an employee or corporate-related member, this privacy statement does not apply to you. Please contact Adamant Health for the relevant privacy notide.

Our role

As your Data Controller, we ask specifically for your consent to process personal data, or we process data based on legitimate interest, as laid out in this privacy policy. If we hire Data Processors to process the data on our behalf, we use vendors we have carefully better on data protection and security standards.

Data we may collect about you

Data related to prospects, customers, and partners

We collect your data if you engage with us and provide us voluntarily with your information. We collect your data if you are a prospect, based on your consent, or based on your legitimate interest if we reach out to you because we think you are interested in our services, your role, and your title. Note that any time you have provided your information based on consent or legitimate interest, you may at all times withdraw your consent or opt-out from any engagement with us.

We process the relevant details when you become a customer, partner, or affiliate of ours to establish a service or partnership contract.

Data related to website visitors

We also may collect your cookies for the purpose of providing the best website experience for you. You are asked to consent to our collection of cookies at the beginning of your visit. Even if you have consented to the collection of cookies, at any time you can withdraw any given consent by changing your cookie preferences via the settings of your internet browser.

Solicitations

Related to job applications, we collect and review relevant resumes and do background checks based on the information you have provided, and we may check your LinkedIn profile and call references you have submitted.

The purpose of our data collection

Data related to prospects, customers, and partners

If you are a prospect who is unfamiliar with our services (and you have not provided us with your details), we may have found your contact details via LinkedIn, events, or similar tools. We will engage with you to establish a connection and send you relevant marketing information if you reply or demonstrate unambiguous actions that can be understood as consent to our engagement efforts. When we establish a contract together, we must ensure that we have signed a contract with a legal entity that is authorized and signed by a valid representative.

Data related to website visitors

We look at the trend of our website visitors to understand how we can improve our online communication about our services. Some data may be visible, such as your cookies and from where you access our website. Other information concerning website visitors, such as the number of visits by a single visitor, is anonymous.

Solicitations

We hire job applicants through tools that provide recruitment features, such as LinkedIn, and via partners for the purpose of connecting and finding the right person for open positions while ensuring validation of contacts and resumés.

How we protect your data

We have implemented several technical and organizational measures to protect the identity of any of our data subjects.

We use only secured electronic tools, which are vetted by our Data Protection Officer and are subject to regular review and updates. Within our organization, only authorized personnel are assigned to process specific types of data originating from patients, customers, marketing contacts, and employees and job applications. All personnel, new or onboarding staff, consultants, and external or technical advisers are only allowed to process data that is specifically required to fulfill their work-related purpose after they have obtained prior authorization.

Wherever reasonably possible, we make use of encryption, pseudonymization, and anonymization techniques to protect the identity of any of our data subjects. We process patient-related information, specifically under pseudonymized references, to make sure no identifying information is or can be revealed when used for analysis or further internal quality improvement purposes.

Regularly, we audit, review, update, and communicate our data protection policy documentation, risk assessment, breach policy, IT systems and policies, storage, and retention documentation under the guidance of our Data Protection Officer together with the entire team, and we record the results in our Data Protection Records of Processing Activities.

Sharing of your data

We only share your data with sub-processors we have carefully vetted and that are authorized by our Data Protection Officer to assist us in providing our services, such as data storage in a cloud service.

From the date of this privacy policy, our current Data Processors are:

Microsoft Azure Cloud Services, which we use for storing our patient data information. The data center location is in west Europe, in the European Union (the EU). For more information, review Microsoft’s privacy policy here: Microsoft Privacy Statement

HubSpot Customer Service software, which we use for our marketing and customer account management. For more information, review HubSpot’s privacy policy here: HubSpot Privacy Policy

We also share your data with authorities when we are legally required to do so.

And we share anonymized, where possible (and at least pseudonymized) patient data with research partners whom we collaborate with, and which is always based on a research contract, a research plan approved by an ethical committee, and provided an ethical permit.

Transfer of your data

In principle, Adamant Health aism to process personal data within the European Union Area. However, Adamant Health may transfer identifiable personal information outside the European Economic Area, which we will only do so under carefully implemented legal transfer requirements from the applicable data protection laws, to protect the identity of the data subjects.

Under no circumstances will Adamant Health sell or transfer identifiable personal information to third parties for purposes other than fulfilling a contractual service.

Retention of your data

We shall not keep data for longer than necessary. Our records are annually reviewed.

Patients

Health-related data from patients will be kept internally within our company for at least ten years, pursuant to National and European regulatory requirements.

Other data subjects

Data regarding website visitors that is identifiable in some nature shall be kept for a maximum of two years. Anonymous website data concerning visitors is not subject to data protection laws and shall be kept indefinitely. We refer to the privacy policy of our website host, Squarespace, for their privacy policy concerning website visitations.

Data regarding customers and marketing contacts are kept for a duration of two to five years, depending on the nature of the business relationship. Each year, this data will be reviewed and established if it is necessary to retain the data.

Related to job applicants, resumés are kept for the duration of the interview process with a maximum of one year after closing the recruitment process for the open position. Resumés sent via other external tools, such as LinkedIn, may be kept longer by the external tool. We advise you to check the privacy policy of the third party, and we refer to the privacy policy of the tools used.

Data subject rights

Per the European Data Protection Regulation and applicable laws, you have at all times the right to:

  • Withdraw your consent where data has been obtained through consent;

  • access your data and request copies of all processing activities concerning your data;

  • rectify information concerning any data about you that you believe is inaccurate;

  • request to be forgotten, to which we can comply under certain conditions: such as when we are not following a legal obligation from a National Authority, or reasons for public interest or public health;

  • request to restrict or object to processing, to which we can comply under certain conditions, such as when we are not following a legal obligation from a national authority, or reasons for public interest or public health;

  • request a structured, commonly used and machine-readable format to transfer the data to another controller or directly to you (portability);

  • request to not be subject to automated decision-making processes.

If Adamant Health is not your Data Controller, we shall refer you to your Data Controller (health clinic) and assist your clinic with any of your data subject rights to the best of our abilities.

If Adamant Health is your Data Controller, Adamant Health shall respond to any data subject request within the legal timeframe of 30 business days. If a data subject right request imposes a workload on our staff and business activities, we may charge you a reasonable administrative fee, which shall be communicated to you beforehand.

In the event of scientific research, where it may not be possible to withdraw your data from earlier or ongoing studies or other events where your personal data has been anonymized, we will answer your request with an explanation of why we cannot execute your data subject right request. However, we shall eliminate you from future studies if you wish to do so, as explained above under “Research”.

If you wish your data to be deleted or deny your data to be used in providing and developing services, Adamant Health may not be able to offer you further services.

Complaints

Please feel free to consult our Data Protection Office at dpo@adamanthealth.com about your data protection rights or any privacy matter related to you. Should you think that Adamant Health has not addressed your concerns in a satisfying manner, or you wish to report a complaint, you may contact the Data Protection Authority in Finland or in your country of residence.

Updates

This policy was last updated in November 2024. Adamant Health will keep this privacy policy continuously under review and reserves the right to modify this document and advises you to regularly consult this document for the latest updates.