How does Nolea process its data?
Types of data in our Contact Database
Nolea collects healthcare contact information and other data associated with healthcare professionals (“healthcare profile information”) to enhance the free market and assist our customers to achieve more business transactions with minimum time and effort.
The healthcare profile information consists of professional information that is similar to what you’d find on business cards, company websites or email signatures. Nolea's database consists mainly of such healthcare profile information.
To learn more about the Contact Attributes and Company Information that we provide to our Licensees, see the data we cover.
Nolea collects its data from various sources of data. Nolea does not necessarily have an active relationship with data subjects since some of Nolea's dataset is already in the public domain. In certain cases, however, Nolea also collects personal data from data subjects through other methods (for example, third party data sharing agreements and APIs).
To learn more about how Nolea collects its data, see our data sources.
The collection of personal data from various datasets results in a merging of such datasets meaning that Nolea might process a wider set of data. Nolea is taking action to remove any information beyond the scope of healthcare profile information.
Nolea also voluntarily adheres to certain privacy principles that are adopted around the world and is aligned with the GDPR (European General Data Protection Regulation), and other relevant privacy laws.
What is the legal basis for this?
Since contact data is not collected from healthcare professionals directly, Nolea's processing activities are not based on their consent, but on the legitimate interest of both Nolea and its business customers, among other legal bases as applicable depending on the context.
The processing operations of Nolea's services are based on two use cases for customers:
a. Business Intelligence (for Sales, marketing, and recruitment purposes)
Nolea helps organisations drive revenue by providing users with accurate and up-to-date business or professional contact information.
Nolea allows users to reach out to future customers with ease, eliminating the friction in the sales, marketing, and recruitment process – helping users to convert more prospects into customers in a fraction of the time.
b. Fraud prevention
Nolea is designed to empower users to fight fraud by enabling them to verify and authenticate the correlation between an individual’s externalized attributes and the actual data supporting these attributes.
For more information on our legal bases for processing data, please read our Privacy Policy.
Legitimate Interest and Data Protection Impact Assessment
Many advanced privacy regimes claim that personal data must be obtained and processed lawfully and fairly. Personal data should be collected and processed based on a legitimate purpose, after balancing the interests of the organisation against the interests and rights of the individual whose data is processed.
Nolea conducted a Data Privacy Impact Assessment (“DPIA”) with the help of first-tier law firms. The DPIA confirms that Nolea's processing of healthcare profile information satisfies the grounds for the processing of personal data for a legitimate interest. It also determined that this legitimate interest is not overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data. Here are the findings:
a. Nature of the data
The information collected by Nolea is extremely limited. It does not contain any special categories of personal data and is not related to children.
b. Reasonable expectations of Contacts
Although the Healthcare Contacts that we provide our customers access to can be found on business social platforms or during the course of normal business correspondence, we do not collect data directly from Contacts. As a result, they may not know that their data is in our Contact Database. If Nolea obtained the data from a third party, Nolea sends a notice to Healthcare Contacts and allows them to exercise any rights they may have, including the right to opt-out of Nolea's Contact Database.
As a reminder, you may exercise your rights in relation to your data in our Privacy Form.
Where Nolea does not have enough data to inform Contacts, Nolea deletes their remaining data after a certain period, pursuant to our Data Retention Policy.
c. Processing proportionate to the purpose
Nolea follows data minimization principles and only collects data that are strictly necessary to achieve its purposes. Nolea has processes in place to limit the data processed to business contact information which is professional in nature. Through our Privacy Form, Contacts can claim control over their data.
As mentioned above, Nolea notifies Healthcare Contacts of the option to remove their information from Nolea's Contact Database, which, in turn, ensures that Nolea processes data as needed, following a proportionality assessment.
We process Contact Data with Safeguards and Compensating Controls
Data accuracy through two-source authentication − This assists in ensuring that Nolea only provides accurate and up-to-date information, which serves the purposes that Nolea set out to achieve and benefits Nolea's business users.
B2B Use only – onboarding procedure − Nolea only allows users with a verified business email address to sign up to use its services (registration with free email services, such as Gmail, is not allowed).
Compliance reviews − Nolea implements methods and processes to remove customers that act as data brokers and/or do not comply with the Nolea Terms of Service.
Security of the data − Nolea does not allow for a “free” search of its database without registration (i.e. it does not allow users to search for and obtain a list of email addresses of all individuals who work at a certain company).
Data minimization – Nolea is continuously working to limit its collection and processing of personal data to only include what is necessary to provide its Services.
Transparency – Nolea has processes in place to contact all Contacts located in the European Economic Area and the United Kingdom whose Data is processed by Nolea in the Prospecting feature to: (i) inform them that Nolea processes their Data; (ii) provide the data subject with relevant and meaningful information, and (iii) inform Contacts that they have the option to opt-out.
Privacy rights – Contacts are able to reach out to Nolea and exercise their rights through our Privacy Form.
Last updated