Privacy statement for private customers

Personal data is processed for the following purposes and on the following legal basis:

• To provide healthcare services based on legislation 
• To provide occupational health services based on legislation or the customer’s consent
• To assess the need for work ability and well-being services as well as to target and provide such services on the basis of an agreement between the customer and Terveystalo, legislation or Terveystalo’s legitimate interest 
• To ensure the quality and performance of healthcare professionals, based on legislation 
• For marketing, based on the customer's consent or Terveystalo's legitimate interest
• For communications based on an agreement or Terveystalo’s legitimate interest 
• For planning, development, management, monitoring and reporting on Terveystalo’s own operations and services as well as for quality assurance and data-driven management, based on legislation or Terveystalo’s legitimate interest
• For research and statistical purposes, based on consent, legislation, public interest or Terveystalo’s legitimate interest 
• For processing customer contacts, feedback, official inquiries, and incidents, based on legislation and Terveystalo’s legitimate interest 
• To provide digital services for logged-in customers, based on legislation, an agreement between the customer and Terveystalo or the customer’s consent
• For invoicing, payments and collections, based on legislation or an agreement between the customer and Terveystalo 
• To resolve and correct technical errors within digital services or devices (e.g. online services, the Terveystalo application) based on Terveystalo’s legitimate interest 
• For monitoring user behaviour in online and digital services, based on Terveystalo’s legitimate interest or the customer’s consent
• To ensure the legal protection of Terveystalo and the customer, and to meet statutory or regulatory obligations, based on regulations and guidelines issued by authorities, as well as to monitor use and detect misuse based on legislation or legitimate interest 
• For informing customers about clinical trials, based on consent 

Additional information: Consents

More details on the purposes of the processing

Processing personal data for the provision of healthcare services 

• For the organization, planning, implementation and monitoring of a patient’s examinations and treatment
• For appointment management 
• For service-related invoicing
• As part of the implementation of healthcare services, for analysing the health data generated during the use and delivery of healthcare services through the use of automated tools for healthcare purposes, such as healthcare assessments (e.g. laboratory sample analysis using medical devices) and health promotion (profiling)  

Processing personal data for the provision of occupational healthcare services

• For the planning, implementation and monitoring of occupational healthcare patients’ examinations and treatment
• For assessing work ability 
• For implementing an occupational healthcare operational plan 
• For appointment management; if the occupational health service include appointment bookings on the basis of profiling, such profiling is conducted only with the patient’s consent  
• For service invoicing and statutory and/or group-level reporting to employer organizations
• As part of the implementation of occupational healthcare services, or analysing the health data generated during the use and delivery of healthcare services through the use of automated tools for healthcare purposes, such as healthcare assessments (e.g. laboratory sample analysis using medical devices), monitoring the treatment of long-term illnesses, assessing work ability support needs, and health promotion (profiling)

Personal data is processed for the provision of work ability and well-being services 

• For the provision of work ability coaching
• For the provision of well-being services

Personal data is processed to ensure professional quality and competence 

• For ensuring the correct and appropriate processing of patient information and other personal data  

Personal data is processed for marketing purposes

• For marketing products, benefits, services and health content
• For targeting communications, marketing and services through segmentation and profiling
• For analysing and compiling statistics for service and marketing development
• For conducting market and opinion surveys

Personal data is processed for handling customer contacts, feedback, official inquiries and incidents 

• For processing customer contacts and feedback 
• For handling notifications and complaints pursuant to the Act on the Status and Rights of Patients 
• For processing official inquiries
• For processing incident reports 
• Communications between customers and the customer service centre (such as telephone conversations) are recorded to verify service events and ensure the quality of the service, for development purposes as well as to ensure the legal protection of the parties involved 

Personal data is processed for the provision of digital services for logged-in customers (e.g. the Terveystalo application, Terveystalo's online services)

• For managing user's contact information and user consents and for reviewing health information 
• For appointment management 
• For the provision and use of remote services
• For communications between Terveystalo and the customer
• For processing payments 
• For the provision and marketing of services provided by the controller or its partners 
• For sending reminders and recommendations related to the customer's health 
• For monitoring, analysing, and profiling information on registered users’ interests as well as their service choices and preferences, and for developing related customer services

We process the following personal data:

• Basic information
• Health information
• Work ability information 
• Well-being information 
• Genetic test data, samples and anatomical models
• Employer information
• Appointment information
• Customer service event data and recordings
• Invoicing and payment information
• Digital service use data of logged-in customers (e.g. the Terveystalo application, Terveystalo's online services) 
• Customer contact information, feedback, official inquires, and incidents 
• Other service-related information 
• Identification data as well as data related to authentication devices and services
• Web and digital service usage and online behaviour and analytics data
• Consents, refusals and declarations of will 

The categories of personal data processed

Basic information

Name, personal identity code, date of birth, contact details, native language and chosen language of service, occupation, other identification information (e.g. a copy of a passport where necessary), next of kin or other contact person as specified by the patient, guardians or other legal representatives of underage patients as well as their contact details, information on minors in the custody of the patient, information on caregiving, legal representatives assigned to the patient as well as their contact details.

Health information

• Information required for purposes of organizing, planning, implementing and monitoring the treatment of the patient (e.g. patient records, images, video- and audio records, referrals, statements, certificates and forms)
• Health and self-care data provided by the patient (e.g. preliminary data concerning medical history, questionnaire responses)
• Information on laboratory tests, imaging studies, and other examinations
• Prescriptions and other entries relating to prescriptions 
• Information related to physiotherapy and occupational physiotherapy as well as information related to the employer (such as workplace visits)

Information related to work ability

• Information related to work ability assessments
• Customer information used in work ability coaching services 

Information related to well-being

• Information related to well-being, such as replies to questionnaires, follow-up data and analyses
• Measurement data produced or submitted by the customers themselves
• Information regarding the use of well-being services

Genetic test data, samples and anatomical models

• Samples associated with genetic testing and test results
• Other samples and anatomical models

Employer information

• Information pertaining to the employer of occupational healthcare customers, such as department or unit, job title, superior-subordinate, sickness fund membership, the employer’s insurance company details, and occupational health customer information

Appointment information

• Customer, date, time, place and the person for whom the appointment was made, the person who made the appointment and the date on which it was made
• Appointment history

Information and recordings of customer service events

• Communications between Terveystalo and the customer
• Telephone number of the caller, identity of the call recipient, date and hour, and the recording of the conversation 
• Chat session recordings
• Parties to the chat, date and hour, and the chat recording

Invoicing and payment information

• Invoicing information concerning treatment and other services
• Payer information related to treatment or care (for example insurance company and insurance information)
• Online store orders, payments and payer information

Logged-in customers' digital services information (e.g. the Terveystalo-application, Terveystalo's online services)

• Information on health as well as possible mobility limitations, injuries, illnesses, or other health issues as provided by the user
• Vaccination information
• Information on hobbies and other interests
• Heart rate monitor use or activity tracker information
• Other information entered by the user in relation to the user’s health and fitness
• Payment related information
• Communications between Terveystalo and the customer
• Information required for arranging remote care, such as voice/video or photos possibly sent by the user
• Location data of the user’s end device (if the user has consented to the use of location data) for offering appointments in clinics convenient for the user
• Identification and authentication devices and services information
• Use log data and actions taken by the user within digital services

Customer contacts, feedback, official inquiries, and incidents

• Customer contact, feedback or inquiries and the replies thereto
• Contact information given by the customer or the feedback provider
• Incident description and the report given to the person concerned  

Other information related to the service

• Name and title of the person who made the entry in the patient record, as well as data and time on which it was made
• Social care customer information obtained for the organization and implementation of health services
• Service-related satisfaction information and comments regarding the controller’s services 
• Information related to the user's choices, as well as services that the user would like to have 
• Market research and questionnaire responses
• Contact history
• Information recorded from a third party register with the user’s express consent
• Customer loyalty information 
• Information on medical devices and materials loaned or rented to the customer

Information related to the use of digital services and website, online behaviour and analytics 

• Access right and login information
• IP address and information concerning the user’s network connection
• Information on the user’s end device, browser and operating system
• Session ID, timestamp and other corresponding information
• Information on the use of applications and other digital services (e.g. log data, data collected using cookies and other corresponding monitoring technologies, web analytics)
• Website behaviour during the session 

Consents, refusals and declarations of will

• Consents to data sharing in Kanta-services, consents and prohibitions
• Organ donation and treatment wishes, and other declarations of will by the patient
• A person’s consent and refusal information related to direct marketing and the processing of personal data

Terveystalo only stores personal data required for Terveystalo’s operations and for the necessary processing purposes. Terveystalo only stores personal data if it has a legal basis for its processing. Retention periods depend on the processing purpose and legal requirements. The retention period of personal data is also affected by legal obligations concerning the retention of personal data as well as other time limits (e.g. a period of filing a suit, or the statute of limitations regarding criminal proceedings).

• In accordance with the Act on Processing of Client Data in Social and Healthcare, patient data, i.e. information related to a patient’s medical care must in general be stored for a period of 12 years after the patient’s death or, if there is no information about the patient’s death, for 120 years after the patient’s date of birth. 
• Recordings of customer service events are in general stored for a period of three months.

Terveystalo erases personal data that has become unnecessary for the purpose of use, even during the customer relationship. Such personal data may relate to e.g. marketing and the use of online services. Personal data are anonymised or securely destroyed when they are no longer necessary, when they are outdated or where there is otherwise no basis for their continued processing.

The personal data to be processed is primarily collected from the customer themselves, the patient’s guardian or other legal representative. Personal data is also collected from medical staff in connection with examination and treatment as well as from medical devices and software. 

A healthcare service provider may receive patient information from other healthcare service providers as well as social care data concerning the patient via the Kanta services in accordance with the customer’s disclosure permissions (consent) and refusals in order to organize and implement healthcare services. Patient information of healthcare service providers may also be received via a shared information system. The disclosure permissions (consents) and refusals can be managed through Kela’s MyKanta service (www.kanta.fi/en/my-kanta-pages) or through a healthcare service provider. If the patient is not capable of assessing the significance of the disclosure permission due to a memory impairment, mental health disorder, intellectual disability or other comparable reason and the patient does not have a legal representative, or if the disclosure permission cannot be obtained due to the patient's unconsciousness or other comparable reason, a healthcare service provider may receive the necessary patient information from other healthcare service providers in order to organize or implement the patient's essential health service without the patient's disclosure permission.

The basic information of the customer may be updated from the Digital and Population Data Services Agency’s Population Information System.

In occupational healthcare, a patient’s basic information and the workplace’s contact information as well as changes thereto are received from the employer.

Personal data is also obtained from third party healthcare service providers with the patient’s consent or based on legislation. 

In some situations, data is also received from insurance companies or pension insurance companies.

Suomen Terveystalo Oy’s patient register is shared between Terveystalo and the different service providers operating therein, which operate as independent practitioners or through separate companies. A patient may give their consent to the disclosure of their patient data between healthcare service providers operating within Terveystalo and participating in the patient’s care. 

Additional information: Consents

The processing of personal data is outsourced to Group companies and/or external service providers who process the personal data on behalf of Terveystalo. Personal data may be transferred outside the EU or the EEA within the confines of legislation.  In such cases, the transfer takes place in accordance with the European Commission’s standard contractual clauses or some other transfer mechanism permitted by data protection legislation. However, e.g. the patient information systems used by Terveystalo are located in the EU/EEA.

Personal data are also in some cases disclosed to services providers who act as independent controllers, such as payment, financing or collection service providers (e.g. Walley, MobilePay, Smartum Pay, Santander Consumer Finance, RopoCapital) as well as delivery and courier service providers.

Personal data is disclosed to the following parties based on legislation or customer’s consent:

Kela’s Kanta services

• Patient information are stored by law in the national information system services for healthcare and social welfare maintained by The Social Insurance Institution of Finland (Kela), such as the client data repository.
• The Information Management Service compiles up-to-date patient information essential for the implementation of healthcare and produces summaries of said data for purposes of implementing the patient’s treatment. Kela and the healthcare provider act as the joint controllers of the Information Management Service. By law, Kela acts as the contact point for data subjects and is responsible for the disclosure of data saved in the Information Management Service. Additional information on the joint register of the Information Management Service: https://www.kanta.fi/en/privacy-policies.
• Information that the data subject has been informed of the Kanta services, on the data subject's disclosure permissions, consents and denials concerning the disclosure of data, as well as on declarations of will (e.g. living will and opinion on organ donation) are saved in the system for issuing declarations of intent. Kela and the healthcare service provider act as joint controllers of the system for issuing declarations of intent. By law, Kela acts as the contact point for data subjects and is responsible for the disclosure of data stored in the system for issuing declarations of intent. Additional information on the joint register of the system for issuing declarations of intent: www.kanta.fi/en/privacy-policies.
• Electronic prescriptions and possibly the information on medicines handed over to the patient by a healthcare service provider are saved in the Prescription Centre. The Prescription Centre is a joint register, the controllers of which are Kela, pharmacies and service providers and independent professionals who prescribe e-prescriptions. By law, Kela acts as the contact point for data subjects. Additional information on the joint register of the Prescription Centre: www.kanta.fi/en/privacy-policies. 

Other healthcare service providers

• Information required for the organization and implementation of health services may be disclosed to another healthcare service provider in accordance with the patient’s consent or Kanta services disclosure permissions or denials. 
• Information required for the organization or implementation of health services can be disclosed to another healthcare service provider if the patient is not capable of assessing the significance of the Kanta service disclosure permission due to a memory impairment, mental health disorder, intellectual disability or comparable reason and the patient does not have a legal representative, or in case the disclosure permission cannot be obtained due to the patient’s unconsciousness or other comparable reason.  

Kela

• In case the customer requests that Terveystalo apply for Kela-reimbursement on the customer’s behalf, information on reimbursable measures taken during appointment and referrals that are necessary for purposes of payment of the healthcare service are disclosed to the Social Insurance Institute of Finland (Kela).

Insurance companies

• Data necessary in respect of statutory insurance is disclosed to insurance companies on the basis of the law, without consent.
• Data necessary in respect of voluntary insurance is disclosed, based on the patient’s consent.  

Employers

• When the patient is an occupational healthcare patient, data can be disclosed on the basis of the patient’s separate and explicit consent, e.g. where the employer uses the electronic transmission service for A-certificates to the work ability management system provided by Terveystalo.  

Authorities and entities

• Data is disclosed to authorities and entities with a right to information pursuant to the law in the form and scope required by the matter, or based on the customer’s consent.  

Patient’s next of kin

• If an adult patient is unable to decide on their treatment due to a mental health disorder, intellectual disability or other reason, the patient's legal representative, next of kin or other close person has the right to obtain the information on the patient's health necessary for consultation and giving consent on an important treatment decision.
• In the event that the patient is unconscious or under medical care for some equivalent reason, information can be disclosed to next of kin or to another person close to the patient, unless there is reason to believe that the patient has prohibited the disclosure of the data.  

Research organizations

• Data included in patient records can be disclosed to research organizations in accordance with the law on the basis of the customer’s consent.

In the event of a patient’s death, the obligation of confidentiality and need for privacy protection remains in force, meaning that data cannot be disclosed without a legal basis. 

Based on the Infectious Diseases Act, any information needed to detect an epidemic, identify the cause and tracing the infection can be submitted to the Finnish Institute for Health and Welfare and the wellbeing services county/HUS Group.

Right of access

• Data subjects have the right to know whether personal data concerning them are being processed and to access data concerning themselves.
• The data subject can access and review their information in digital services targeted at logged in customers (e.g. Terveystalo application and Terveystalo online service) and through the MyKanta service (https://www.kanta.fi/en/my-kanta-pages). In addition, the data subject can make a request for inspection of his or her personal data.  

Right to rectification

• Data subjects have the right to request the rectification of erroneous or incomplete data.  

Right to erasure

• Data subjects have the right to request the erasure of their personal data. Requests for erasure are implemented within the confines permitted by the law. In respect of information concerning a data subject’s health, Terveystalo has a legal obligation to store the data pursuant to the Act on Processing of Client Data in Healthcare and Social Welfare.  

Right to object or restrict processing

• The data subject has, in certain situations, the right to object to the processing of their personal data on grounds related to their particular situation at any time.
• A data subject has, in certain situations, the right to request the restriction of the processing of their personal data. E.g., if the data subject contests the accuracy of their personal data, the processing of the personal data is restricted for the duration of the investigation. The controller has the right to refuse the data subject’s request if restricting the processing of personal data could cause serious danger to the health or treatment of the data subject or to the rights of the data subject or someone else.  

Right to data portability

• A data subject has the right to request that their data be transmitted from one system to another if the data has been provided by the data subject themselves and if the processing of the personal data is based on consent or an agreement. The right to data portability does not apply to patient information.

Right not to be subject to an automated decision-making

• The data subject has the right not to be subject to a decision based solely on automated processing, such as profiling, which produces legal effects concerning them or similarly significantly affects them. However, there are exceptions to this prohibition.

Withdrawal of consent

• Where the processing of personal data is based on consent, the data subject can withdraw their consent at any time.  The consent can be withdrawn in accordance with the instructions given in the service that is based on consent or by contacting Terveystalo’s customer service.  

Right to refer the matter to a supervisory authority

• A data subject has the right to refer the matter to the supervisory authority (Data Protection Ombudsman in Finland) if the data subject is of the opinion that the processing of personal data concerning them infringes data protection legislation. More information can be found on the Data Protection Ombudsman’s website: www.tietosuoja.fi/en.

Requests pertaining to the rights of data subjects must primarily be made in writing at a clinic or in the digital service targeted for logged in customers  (more information in Finnish at https://www.terveystalo.com/fi/asiakkaalle/potilastietoihin-liittyvat-pyynnot). The data subject’s identity is verified in a reliable way when the request is submitted. At the Terveystalo clinics the data subject’s identity is verified from an official identification document. In the digital services identity is verified when the data subject logs in using Finnish online banking codes or a mobile certificate. These procedures ensure confidentiality and appropriate processing of personal data.

Terveystalo applies the appropriate physical, technical, and administrative protection measures to protect data from misuse. These measures include, among others, control and filtering of network traffic, use of encryption techniques and safe data centres, appropriate locking systems and access control, controlled granting of access rights and supervision of their use, giving instructions to staff participating in personal data processing and risk management related to the planning, implementation, and maintenance of our services. Terveystalo chooses its subcontractors carefully and uses agreements and other arrangements to ensure that they process data in compliance with the law and good data protection practices.

Data protection officer

email tietosuoja@terveystalo.com

Terveystalo’s Data Protection Officer

Suomen Terveystalo Oy
Jaakonkatu 3A, 6th floor, 00100 HELSINKI, FINLAND

Please note that in order to secure your privacy, ordinary, unencrypted email must not be used to send health information or other sensitive personal data (e.g. personal identity code). If necessary, you can request the encrypted email service provided by Terveystalo.