Clinic Helena Privacy Policy

 
Privacy Statement, updated January 27, 2025

This privacy statement concerns the processing of your personal data as our private customer.

Data Controller and Contact Information Clinic Helena / Plastiikkakirurgia Helena Oy
Kirkkokatu 7, 57100 Savonlinna, Finland
Tel. +358 40 8266 242
Fax +358 15 510115

Data Protection Officer & Patient Affairs Contact
Päivi Tuominen
Tel. +358 45 162 2333
Email: paivi.tuominen(at)clinichelena.com

The Patient Affairs Contact is responsible for:

• Providing guidance and, if necessary, assistance in matters related to the application of patient law, such as filing complaints or malpractice reports
• Informing patients of their rights and generally promoting patient rights

1. Purpose of Collecting Personal Data Your data is processed only for predefined purposes:

• Necessary for preventive or occupational healthcare, medical diagnosis, and provision of healthcare or treatment
• Management of healthcare systems and services based on law or contracts with healthcare professionals
• Necessary for the provision of wellness services
• Based on your consent for marketing and service information
• Handling feedback, authority clarifications, and incidents

2. What Data is Collected? We may process the following personal data:

• Basic personal information
• Consents and refusals
• Health data
• Wellness data
• Appointment information
• Billing information
• Feedback, authority clarification requests, and malpractice reports

3. Data Retention Retention periods for health records are defined by the Finnish Ministry of Social Affairs and Health (Regulation 298/2009). Data is generally stored for 12 years after the patient’s death. If the date of death is unknown, data is stored for 120 years after birth.

4. Who Processes and Receives Personal Data?

• With your consent: healthcare professionals at Clinic Helena
• Kela (Social Insurance Institution of Finland): electronic prescriptions are stored in Kela’s Prescription Centre

Patient data may also be disclosed according to the Patient Act (785/1992) section 13:

• Other healthcare organizations or professionals involved in your treatment with your verbal/written or implied consent
• Insurance companies: mandatory insurance data disclosed without consent; voluntary insurance data with consent
• Authorities and associations with legal rights to access information, via written request and only as necessary
• Close relatives or other persons: if unconscious or incapacitated, unless explicitly refused
• Disclosure of deceased patients’ data only as permitted by law
• Scientific research: under Patient Act section 13.4; otherwise requires consent
• No data is processed or shared outside the EU unless requested by the patient

Marketing Use of Data Data may be used for:

• Offering products and services
• Communications, campaigns, special offers
• Improving customer service Only with separate consent, which can be withdrawn at any time. Withdrawal does not affect previous processing.

5. Data Sources

• Directly from you or your guardian (if minor)
• From medical professionals during diagnosis and treatment
• From other healthcare institutions
• From insurance companies for billing purposes
• From website, social media, and advertising (cookies, user activity, etc.) for:
  • Improving website and marketing
  • Delivering targeted ads and content
  • Optimizing user experience Cookie use can be controlled via user consent settings on our website.

6. Data Security Clinic Helena applies appropriate physical, technical, and administrative safeguards, including:

• Network traffic management
• Encryption technologies and secure data centers
• Access control and monitored permissions
• Staff training and instructions
• Risk management in design, implementation, and maintenance
• Carefully selected subcontractors under contract to ensure data protection compliance

7. Your Rights

Complaint: To the relevant supervisory authority in your country of residence or work if you believe data processing violates the GDPRPrivacy Statement, last updated September 16, 2020
This privacy statement applies to the processing of your personal data as our private customer.

Access: View your data via Clinic Helena’s GDPR service

Deletion: Request removal of your submitted data

Withdrawal of Consent: At any time