Processing of personal data in Finla Työterveys oy
This Privacy Statement applies to the processing of Finla Työterveys Oy’s customers’ personal data. This privacy statement provides information to the data subject in accordance with data protection law. Finla adheres to healthcare practices, which pay special attention to the careful and secure processing of personal data.
Finla Työterveys provides occupational health care services to the employees of customer companies, which are produced, maintained and developed with an emphasis on information security. We use many technical and administrative security measures to protect our customers’ health information and to ensure the confidentiality, integrity and availability of the service. In addition to national healthcare laws, we comply with the data protection and data protection provisions required by the Data Protection Regulation and the Data Protection Act.
Roles related to the processing of personal data
Finla Työterveys processes personal data when providing occupational health care services as an independent registrar of customer data for our occupational health care services. Finla Työtervets never processes customer data on behalf of or on behalf of the customer or in accordance with their processing instructions. Healthcare has its own national patient laws, a data protection regulation and a data protection law that guide operations.
When Finla Työterveys uses subcontractors when providing occupational health care services, Finla Työterveys as registrar, is responsible and obliged to instruct purchasing service providers in the processing of personal data in accordance with the Data Protection Regulation and to oblige purchasing service providers to comply with the same data protection principles.
Nature and purpose of the processing of personal data
Finla’s agreements with customer companies concerning the organization of occupational health care, the patient relationship and the Occupational Health Care Act require the maintenance of a customer register. The customer register collects information for monitoring the patient’s state of health and for planning, implementing and monitoring medical care.
Customer register data may only be used for the purpose specified for it, unless otherwise provided by other law. The data is also used to record, plan and report on the registrar’s own activities.
Regular sources of personal data
The sources of information are the client himself and the nursing staff, who make research and treatment decisions when participating in the client’s care. The source of information is also customer information received from other healthcare units with the customer’s consent.
What personal information is processed?
On the basis of a statutory obligation, we record all information that is necessary to plan, organize, implement and secure follow-up care for the client, but only information that is necessary for its intended use.
The register also contains information related to the implementation of occupational health care, such as employer information, lists of employees employed by the employer, and necessary information about the work community (no personal information).
- customer identification information such as last name and first name, personal identification number and contact information
- information required for statutory occupational health care and other statutory activities
- information on voluntary medical care if it is covered by an occupational health contract
Transfers of personal data
Customer data may only be disclosed with the customer’s written consent. No confidential customer information or other confidential information may be disclosed or transferred, nor stored on other registers, on the workstation’s hard disk or on other storage devices, without the written permission of the registry administrator. Customer data primarily refers to patient data as well as data on customer organizations.
Customer data is not transferred within the EU or outside the European Economic Area.
Requests for personal data
According to the Data Protection Regulation, the data subject has the right to transparent information on the processing of personal data, the right to access personal data, the right to rectify data, the right to delete data, the right to restrict processing, the right to transfer data from one system to another and the right to object to processing.
Upon the customer’s justified written request, the patient information in the register that is incorrect, unnecessary, incomplete or out of date for the purpose of the processing, ie the implementation of occupational health care, must be corrected, deleted or supplemented.
Requests to the register must always be made in writing and the identity of the customer is verified and verified.
Retention of personal information
Personal information is processed for as long as it is necessary to provide the service to the customer organization.
The Ministry of Social Affairs and Health defines retention periods for patient records, which are observed in healthcare.
Protection of personal data
At all stages of the processing of customer data, compliance with the laws on health care, the Data Protection Regulation and the obligation of confidentiality, protection and diligence, as well as the requirements of necessity and accuracy are ensured.
All information networks and systems handling protected information are protected in accordance with the organization ‘s security principles and policies. The duty of confidentiality relates to all Finla’s information and personal information. The obligation of confidentiality is enshrined in agreements with third parties.
Customer data is accessed by personnel who, based on their work duties, need to process customer data. The information in the customer register is confidential and the persons involved in its processing are bound by professional secrecy and confidentiality. All employees sign a confidentiality and user commitment before gaining access to the information being protected. This duty of confidentiality and professional secrecy shall continue even after the termination of employment.
Privacy guidelines and policies are always part of the induction process for a new employee. Staff knowledge and understanding of data protection and security are developed and maintained through training.
The register data is stored in electronic form with limited access rights, and access control is aided by the monitoring and control of log data. Customer data may only be disclosed with the written consent of the patient.
Collection of personal information for communication and marketing
We collect personal information that an employee or employer provides to us when using our services (e.g., logging in to our electronic services, attending our events, subscribing to our newsletter or other material) or communicating with our staff via email, telephone or appointment. The personal information we collect is one that can be directly or indirectly associated with an individual, such as a name, telephone number and email address. We use this personal information we collect for information and marketing purposes. We do not disclose the collected information to third parties.
Security breach and duty to inform
Finla shall notify the Data Protection Commissioner and the data subject of the disclosure of a personal data breach within 72 hours at the latest if the data breach is likely to pose a risk to the rights and freedoms of a natural person. Finla has a process and plan for a security breach notification procedure.
For more information on this privacy statement and the descriptions of the privacy statements for individual services, please contact Finla’s Data Protection Officer, Elina Mäenpää, 03-256 39555, our e-mail is in the format email@example.com.
Please wear a face mask for the duration of your visit in all our health stations.
Please don’t come to any appointment without contacting us first if you have respiratory symptoms.
All our receptions are by appointment only.