Privacy Statement, last updated September 16, 2020
This privacy statement applies to the processing of your personal data as our private customer.
Controller and contact information
Clinic Helena / Plastiikkakirurgia Helena Oy
Kirkkokatu 7, 57100 Savonlinna, Finland
Tel. +358 40 8266 242
Fax +358 15 510115
Data Protection Officer & Patient Ombudsman
Tel. +358 40 8266 242
The task of the patient ombudsman is:
To provide advice and, where necessary, assist with matters related to the application of the Patient Act, such as submitting an objection and/or a notification of patient injury
To inform the patient of their rights and to act also otherwise for the promotion of patients’ rights.
1. For what purpose is my personal data collected?
We process your data only for predefined purposes.
- Processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, and the provision of healthcare or treatment
- The management of healthcare systems and services based on law or contract with a health professional
- Processing is necessary for the purpose of wellbeing services
- Based on the consent given for the purpose of marketing and informing about services
- The handling of feedback, clarification requests from the authorities and incidents
2. What type of information is collected about me?
Your personal data subject to processing:
- Basic information
- Consents and refusals
- Health information
- Well-being information
- Appointment information
- Invoicing information
- Information of feedback, clarification requests from authorities, and incidents
3. How long do you store my data?
The retention period of your health data is as specified in the Decree of the Ministry of Social Affairs and Health on Patient Documents (298/2009). As a rule, we store the data for 12 years after the death of the data subject. If the date of death is not known, the data is stored for 120 years after birth.
4. Who will process my personal data and to whom may my data be disclosed?
Based on the register joining consent provided by you, you receive treatment from healthcare professionals at Helena Medical Group.
Prescription Centre controlled by Kela (The Social Insurance Institution): Your electronic prescriptions are saved in the Prescription Centre, a register controlled by Kela.
In addition, your patient information may be disclosed under section 13 of the Finnish Patient Act (785/1992) as follows:
Third party healthcare unit/organization/treatment facility or healthcare professional
- Information required for arranging and providing your examination and care may be disclosed to another healthcare unit specified by you upon your verbal or written consent or other approval otherwise apparent by the context and recorded in your patient record.
- Required information of statutory motor vehicle insurance and accident insurance are disclosed to the insurance company without consent (under law).
- Voluntary insurances: required information is disclosed upon your consent.
Authorities or associations which, by law, are entitled to access the information
- Patient information is disclosed to courts of law, public authorities or other associations entitled by law to access the information upon a specific written request. Information is released only to the extent the present case requires. The information is principally provided as statements.
Patient’s next of kin or another close person
- If the reason for your being in treatment is unconsciousness or a similar condition, your next of kin or another close person may receive information about you and your health unless there is reason to assume that you would have prohibited that.
Disclosure of information on a deceased person
- The obligation for confidentiality and the need for protection of privacy extends beyond the person’s death. Therefore, information concerning a deceased person must not be disclosed without grounds specified by the law.
Use for research purposes
- The provisions laid down in section 13 (4) of the Patients Act apply to the disclosure of information in the patient records for scientific research.
- Any other use of health data for research purposes is subject to your consent.
Your personal data is neither processed nor disclosed outside the EU area, except by your own request.
5. From what sources is my data collected?
From you personally
- Information provided by you and if you are a minor, also information provided by your guardian.
- Information generated during your examination and treatment.
Third party healthcare unit or healthcare professional
- Information obtained from other healthcare institutions.
Other sources of information
- Insurance company
- For the purposes of ensuring correct invoicing, information regarding who was treated and the procedures carried out along with their cost, is stored. The information is either based on an outsourcing agreement or a referral issued by an external unit.
6. How is my personal data protected?
Clinic Helena applies appropriate physical, technical, and administrative protection measures to protect the data from misuse. These measures include, among others, control and filtering of network traffic, use of encryption techniques and safe data centres, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to staff participating in personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Clinic Helena chooses its subcontractors carefully and uses agreement and other arrangements to ensure that they also process data compliance with law and good privacy practices.
7. Your rights
Right of access
- You may view your data through Clinic Helena’s service. The service covers the personal information provided by you and the most important information related to your health.
Right to erasure
- Data provided by you can be erased upon your request.
Withdrawal of consent
- When the processing of data is subject to your consent, you may withdraw your consent at any time.
Right to lodge a complaint with a supervisory authority
- If you consider that the processing of personal data relating to you infringes the Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority.
- You may lodge your complaint also in the Member State of your habitual residence or place of work.