When you use the HealthVillagePRO service, a professional account is created and your data is registered in the client register of the Helsinki University Hospital (HUS). HUS is the controller of client data.
Authentication: Users log in to the HealthVillagePRO service via the HELA authentication service, which is a shared authentication and authorization service of HUS eHealth services. When you start using the HealthVillagePRO service, a professional account is created for you in the HELA service, and your information is registered in the customer register of Helsinki University Hospital (HUS).
Your information is stored in the customer register either after the first use (employees of Health Village's partner organizations) or after registration (employees of other organizations). The information stored in the customer register (see What data we process) is obtained directly from the AD (Active Directory, user directory) of your own organization for partner organizations and partly from the Suomi.fi service and partly from the user themselves for other users.
Service use: The HealthVillagePRO service itself does not contain users' personal data. However, it is possible to set favorite content (web link) or complete online courses, the use of which generates an entry in a separate database via the API interface. The database allows you to view your favorite content and online course completions. The information is retrieved from the database using your work email address.
Which data do we process?
When you log in, we collect the following information about you: username, name, work email address, work phone number and the organisation you work for. Additionally, for users logged in using Suomi.fi authentication, the personal identity code is collected, and when using the certificate card, the certificate card number is also collected.
The data of users logged in with an organisational ID is collected from the organisation or the organisation’s AD (Active Directory, user directory).
The information of users who have logged in using Suomi.fi authentication is collected partly from the Suomi.fi service and partly from the users themselves.
Purpose of processing personal data
The processing of your personal data is related to authentication and the use of the service. During authentication, your personal data is used to verify access rights. During use, processing is related to managing your favorite content and online course completions via your work email address. In both cases, the processing of data is automatic. Additionally, your personal data may be utilized if necessary to resolve potential security incidents and issues.
Professional users from partner organizations log in to the service using so-called organizational credentials. The processing of personal data of users registered with an organisational ID is based on the employment relationship and applicable legislation.
Other professional users log in using Suomi.fi authentication with either a certificate card, mobile certificate, or bank credentials. The processing of personal data for users logged in using Suomi.fi authentication is based on consent and applicable legislation.
In the management of credentials and access rights, the guidelines of HUS IT Management are followed, which define how access rights and entry to the environment are granted and how they are removed if necessary.
Who can access your data and to whom do we disclose your data?
We do not disclose your data to third parties without your request. However, we have service providers maintaining our systems. These operators have a restricted access to your personal data due to the nature of their duties.
How long do we store your data?
We store your personal data for five years as of the latest login.