Data protection
Customer and patient register
Register keeper and personal data processor and data protection officer: Mia Montonen
Contact information: mia.montonen@gmail.com, phone 040 544 36 92
Personal data processing and purposes and legal basis for processing:
According to the EU's General Data Protection Regulation, the legal basis for processing personal data is either the person's consent, an agreement, a customer relationship in which the data subject is a party, or the controller's legitimate interest (e.g. customer relationship). The information in the register is used to communicate with customers and maintain customer relations. .
Regarding the patient register. According to § 16 of the Act on Health Care Professionals (559/1994), it is the duty of a health care professional to prepare and keep patient documents. According to Section 2 Subsection 1 Section 5, Section 4a and Section 12 of the Act on the Status and Rights of the Patient (785/1992), the healthcare professional must sign theinformation necessary to secure the organization, planning, implementation and monitoring of the patient's care in the status documents. The preparation and storage of patient documents is regulated in more detail by the decree of the Ministry of Social Affairs and Health (298/2009). The primary function of patient documents is to serve the planning and implementation of the patient's care and to promote continuity of care. It is not necessary to record or report the conversations with the patient in detail.
Data content of the register:
Information to be stored in the register is: person's name, company/organization, contact information (phone number, e-mail address, postal address), information about ordered services and their changes, billing information, other information related to the customer relationship and ordered services.
The information necessary and sufficient in scope to secure the organization, planning, implementation and monitoring of the patient's good care is entered in the patient documents.
Where does the information come from?
The information is obtained from the person himself, in connection with the group admission or by participating in the activity.
Personal data retention period
Customer data is only kept as long as it is relevant for operations.
According to § 12 of the Act on the Status and Rights of the Patient (785/1992), the healthcare professional must enter in the patient records the information necessary to secure the organization, planning, implementation and monitoring of the patient's care. According to § 10 of the Ministry of Social Affairs and Health's Decree (298/2009), the name, social security number, municipality of residence and contact information must be recorded as personal identification information in the register, as well as the name and contact information of the guardians or other legal representative in the case of a minor patient, and the name and contact information of the legal representative assigned to an adult patient. .
Information is stored in accordance with the regulation (298/2009) of the Ministry of Social Affairs and Health on patient records.
Recipients of personal data (entities to whom personal data is disclosed):
Contact information will only be disclosed to accounting firm Lemontree for invoicing and accounting purposes, otherwise the information will not be disclosed to anyone. The data is also not transferred outside the EU or EEA.
Register protection principles and location:
Manual data retention: Any patient documents and other documents are kept in a locked cabinet, with the registrar. The processing of personal data does not include automatic decision-making.
Contact information is stored electronically on a computer that is protected by virus protection.
Rights of the registrant:
The customer or patient can request to see documents and personal data concerning themselves (Article 15 of EU 2016/679)
If a customer or patient considers that the processing of customer or patient data concerning him violates the data protection regulation, he can file a complaint with the Office of the Data Protection Commissioner (Article 77 of EU 2016/679)
The patient or customer can request the data controller to correct the data by contacting the controller. In certain situations, the controller may, for justified reasons, refuse to fulfill the data subject's requirements. (16 of EU 2016/679 article)
The patient or customer can request the data controller to delete the data by contacting the controller. In certain situations, the controller may, for justified reasons, refuse to fulfill the data subject's requirements. (17 of EU 2016/679 article)
By default, no data is transferred. However, if there is a need for this, the matter will be discussed with the registrar. (20 of EU 2016/679 article)