Processing citizens’ personal data in services requiring identification

​​​​​​​​​​​​​Data controller

When you log in to the Health Village service, your data will be recorded in the client register of the Hospital District of Helsinki and Uusimaa (HUS). HUS is the controller of client data.

If you are using the service as part of your treatment relationship, the controller of your data is the hospital district or other health care unit responsible for your care.

HUS provides and maintains the Health Village service and is the processor of personal data of patients in other hospital districts. HUS maintains the client register. If you are in a treatment relationship with a hospital district, the administrator of your patient register is the hospital district responsible for your care (e.g. HUS, Hospital District of Southwest Finland, Hospital District of Pirkanmaa, Hospital District of Northern Ostrobothnia, Hospital District of Northern Savo​).

​​Contact details and data protection officers

Visit the website of your hospital district for contact details and information about data protection officers and the processing of your data.

Hospital District of Helsinki and Uusimaa (HUS)

Hospital District of Pirkanmaa (TAYS)

Hospital District of Northern Savo​ (PSSHP)

Hospital District of Northern Ostrobothnia (PPSHP)

Päijät-Hämeen hyvinvointiyhtymä (PHHYKY)

Hospital District of Southwest Finland (VSSHP)

Purpose of processing personal data

Self-care programmes of the My Path service

We process your personal data to create you a personal profile for the services. The data you provide when using self-care programmes varies depending on the purpose of the programmes in question. For example, the self-care programme for weight management collects data on your eating habits and body measurements. Entering information into these programmes is completely voluntary.

We also process your personal data to detect potential information security incidents, for example, by collecting data from data communication systems and data processing systems.

We process personal data on the basis of your consent, an agreement, and existing legislation.

​​

Digital care pathways

A client using the Health Village services by a referral is in a treatment relationship. Legislation on processing personal data in health care services is applied to the processing of their data. The purpose of the data processing is to provide you electronic services that support your health care. The health care unit responsible for your care gives you more information about how your personal data is processed. Each health care unit has its own patient privacy statement and data protection policy to ensure the security of your data.

Your personal data is processed on the basis of your consent and our legal duty.

Which data do we process?

When you log in, we collect the following information about you: name, social security number, address, telephone number and email address. This information is collected directly from you and the population register maintained by the Population Register Centre.

In addition, we process any data you enter into the service (including data related to your health). The service also creates a log that ensures the security of patients and professionals.

Who can access your data and to whom do we disclose your data?

Self-care programmes of the My Path service

We do not disclose your data to third parties without your separate consent or request. However, we have service providers maintaining our systems. These operators have a restricted access to your personal data due to the nature of their duties.

We do not disclose your data outside the EU/EEA.

Digital care pathways

Your consent limits the access to your personal data only to health care units participating in your care. In other words, being allowed the access to your data always requires a treatment relationship.

We do not disclose your data outside the EU/EEA.

How long do we store your data?

Self-care programmes of the My Path service

We store your client information for five years as of the latest login.

Digital care pathways

Regarding digital care pathways, the processing of your personal data involves statutory retention requirements. Your patient documents are stored in the patient record systems of the health care units responsible for your care. Patient documents are usually stored for 12 years as of death or 120 years as of birth. Journals and other data collection forms are stored for 12 years as of their creation date or until the data has been transferred into the patient record system.

What are your rights?

Self-care programmes of the My Path service

​​If you have signed up for My Path without a treatment relationship and wish to exercise your rights related to the processing of your personal data regarding your client information, please contact:

  • ​HUS Central Registry by mail. Address: HUS Keskuskirjaamo, PL 200, 00029 HUS.​

Digital care pathways

If you are using the service as part of your treatment relationship, the controller of your data is the hospital district responsible for your care. You can contact this unit by sending a letter to:

  • ​​​Contact details of HUS:
    HUS Keskuskirjaamo, PL 200, 00029 HUS.
  • ​Contact details of the Hospital District of Pirkanmaa:
    Tampereen yliopistollinen sairaala, Potilaskertomuskeskus, PL 2000, 33521 Tampere
    Pirkanmaan sairaanhoitopiiri Kirjaamo, PL 2000, 33521 Tampere
  • Contact details of the Hospital District of Northern Savo:
    Pohjois-Savon sairaanhoitopiiri, Kirjaamo, PL 100, 70029 KYS
  • Contact details of the Hospital District of Northern Ostrobothnia:
    Oulun yliopistollinen sairaala, potilaskertomusarkisto, PL 50, 90029 OYS
    Oulun yliopistollinen sairaala, Kirjaamo PL 10, 90029 OYS
  • Contact details of the Päijät-Häme hyvinvointiyhtymä​​ (PHHYKY)
    Mari Kallinen tietosuojavastaava
    Telephone number. 044 482 8241
     ​Email address: mari.kallinen@phsotey.fi
    ​Päijät-Hämeen hyvinvointiyhtymä HALL K1. kerros Keskussairaalankatu 7, 15850 Lahti​​
  • ​​​Contact details of the Hospital District of Southwest Finland:
    Varsinais-Suomen sairaanhoitopiirin ja Tyks:in Kirjaamo, PL 52, 20521 Turku

Right to access your personal data

You have the right to know which personal data of yours we process. You also have the right to view this data. Regarding digital care pathways, you have the right to know who has processed your personal data during the last two years.

Right to rectification

Our duty is to keep your personal data up to date. If you detect any errors in your personal data, you have the right to demand the rectification of the inaccurate data. You can also correct your personal data independently as you log in to the service.

Right to erasure

You have the right to demand your personal data to be erased (also known as the right to be forgotten). You can also erase your data from the self-care programmes. Please note that erasure of personal data in digital care pathways is not always possible due to our statutory retention requirements.

Right to data portability

You have the right to request your data in machine-readable format and, if technically possible, transmit that data directly to another service provider. This right concerns your journal entries and other data ​you have provided, for example.

Right to restriction of processing

In some cases, you have the right to demand us to restrict the processing of your personal data. This means that we would have the right to store your personal data but may not use it in any other way. You may demand us to restrict the processing of your personal data if you demand the data to be erased or ​rectified. The processing of your personal data will be restricted until the data is up to date or the decision regarding the erasure of the data has been made.

Lodging a complaint with the supervisory authority

We value data protection and hope that you will contact us if you have any questions regarding the processing of your personal data. If you believe that your statutory rights have been infringed or the processing of your data violates existing legislation, you also have the right to lodge a complaint with the national data protection agency. Lear​n more about your rights rights on the website of the Office of the Data Protection Ombudsman (Tietosuoja.fi).

Updated  9.4.2020