Privacy statement

We process your data only for predefined purposes

• processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of healthcare or treatment
• the management of healthcare systems and services on the basis of law or pursuant to contract with a health professional
• processing is necessary for the purposes of wellbeing services
• on the basis of consent given for the purposes of marketing and informing about services
• the handling of feedback, clarification requests from the authorities, and incidents.

Your personal data subject to processing

• Basic information
• Consents and refusals
• Employer information
• Health information
• Well-being information
• Appointment information
• Recordings of telephone conversations and chat sessions
• Invoicing information
• Oma Terveys and Oma Suunnitelma information
• Information of feedback, clarification requests from the authorities, and incidents.

The retention period of your health data is as specified in the Decree of the Ministry of Social Affairs and Health on Patient Documents (298/2009). As a rule, we store the data for 12 years after the death of the data subject. If the date of death is not known, the data is stored for 120 years after birth.

Recordings of your telephone conversations and chat sessions: three months.

The Oma Terveys service: The health data provided by you is deleted immediately after you terminate the Oma Terveys service.

Your well-being data is stored for three years. If this data has been included as part of your health data, it is stored in the same manner as any health data.

Data related to feedback is stored for five years.
Data related to clarification requests from the authorities is stored for 12 years.
Data related to incidents is stored for five years.

On the basis of the joint register consent provided by you, you receive treatment from different healthcare professionals at Terveystalo.

All healthcare professionals involved in occupational healthcare have access to your occupational health data.

Prescription Center controlled by Kela

• Your electronic prescriptions are saved in the Prescription Center, a register controlled by Kela. Additional information is available at www.kanta.fi/en.

Kanta Patient Data Repository

• Your health data is archived in the Kanta Patient Data Repository maintained by Kela under the Finnish Act on the Electronic Processing of Client Data in Social and Health Care Services (159/2007) (hereinafter the “Client Data Act”). Additional information is available at www.kanta.fi/en.

In addition, your patient information may be disclosed under section 13 of the Finnish Patients Act (785/1992) as follows:

1. Third party healthcare unit/organization/treatment facility or healthcare professional
   
   • Information required for arranging and providing your examination and care may be disclosed to another healthcare unit specified by you upon your verbal or written consent or other approval otherwise apparent by the context and recorded in your patient record.
2. Insurance companies
   
   • Required information of statutory motor vehicle insurance and accident insurance are disclosed to the insurance company without consent (under law)
     
     
   • Voluntary insurances: required information is disclosed upon your consent.
3. To the authorities or an association which is by law entitled to access the information
   
   • Patient information is disclosed to courts of law, public authorities or other associations entitled by law to access the information upon a specific written request. Information is released only to the extent the present case requires. The information is principally provided as statements.
4. Patient’s next of kin or other close person
   • If the reason for your being in treatment is unconsciousness or a similar condition, your next of kin or other close person may receive information about you and your health unless there is reason to assume that you would have prohibited this.
5. Disclosure of information on a deceased person
   • The obligation for confidentiality and need for protection of privacy extends beyond the person’s death. Therefore, information concerning a deceased person must not be disclosed without grounds specified by the law.
6. Use for research purposes
   • The provisions laid down in section 13 (4) of the Patients Act apply to the disclosure of information in the patient records for scientific research.
     
     
   • Any other use of health data for research purposes is subject to your consent.

Processing of personal data may be outsourced to Group companies and/or external service providers who process personal data on behalf of Terveystalo.

Your personal data is neither processed nor disclosed outside the EU area.

From you personally

• Information provided by you. If you are a minor, also information provided by your guardian.

Medical staff

• Information generated during your examination and treatment.

Employer

• If you are covered by an occupational healthcare agreement: your basic information, workplace contact details and any changes to the information at agreed intervals, provided by your employer.

Third party healthcare unit or healthcare professional

• Information obtained from other healthcare institutions.
• For the purposes of ensuring correct invoicing, information regarding who was treated, the procedures carried out along with their cost is stored. The information is either based on an outsourcing agreement or a referral issued by an external unit.

Population register

• Your name and contact information and information about death (from fall 2018 on).
• Information on screening invitations.

Other sources of information

• Insurance company or pension insurance company.

Right of access

• You may view your data through the Terveystalo Oma Terveys service. The service covers the personal information provided by you and the most important information related to your health.
• You may also submit a written request to a Terveystalo clinic to access your personal data. The form you need to submit a request can be found on Terveystalo's website. Forms are also available at the customer service desk at Terveystalo clinics.

Right to rectification

• You may submit a written request for rectification to a Terveystalo clinic. The form you need to submit a request is available at the customer service desk at Terveystalo clinics.

Right to erasure

• Data provided by you can be erased upon your request
• In other respects,
  The retention period of your health data is as specified in the Decree of the Ministry of Social Affairs and Health. The data is erased when the retention period is up.
  Other data is erased when the time specified in the Retention period section is up.

Right to restriction of processing

• You have the right to obtain from Terveystalo restriction of processing by contesting the accuracy of your personal data, for a period enabling us to verify the accuracy of your personal data. The restriction is carried out by encryption of patient data.

Right to data portability

• You may copy the data provided by you via the Oma Terveys service.
• Another healthcare provider may view your health data via the Kanta service in accordance with your personal consents and refusals. You may update your consent and refusals through the Omakanta service. Additional information is available at (www.kanta.fi/en)

Withdrawal of consent

• When the processing of data is subject to your consent, you may withdraw your consent at any time. Withdrawals can be made through the Oma Terveys service or by requesting withdrawal from customer service at a clinic.

Right to lodge a complaint with a supervisory authority

• If you consider that the processing of personal data relating to you infringes the Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority.
• You may lodge your complaint also in the Member State of your habitual residence or place of work.

Terveystalo applies appropriate physical, technical, and administrative protection measures to protect the data from misuse. These measures include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to staff participating in personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Terveystalo chooses its subcontractors carefully and uses agreements and other arrangements to ensure that they also process data in compliance with law and good privacy practices.

Data Protection Officer

Data Protection Officer Marita Touru
email tietosuojavastaava@terveystalo.com

Patient Ombudsman

The national Patient Ombudsmen of Suomen Terveystalo Oy are
Sanna Sarin, Johanna Toivonen ja Riitta-Liisa Karhunen

e-mail potilasasiamies@terveystalo.com
phone 030 633 1655

The task of the patient ombudsman is

• to provide advice and, where necessary, assist with matters related to the application of the Patients Act, such as submitting an objection and/or a notification of patient injury
• to inform patients of their rights and to act also otherwise for the promotion of patients' rights.