Data protection in the Health Village’s My Path service and digital pathways

The My Path service is used in an authenticated environment and it always requires the processing of personal data. This page explains what information is stored about you, in what circumstances, how it is processed and who is the data controller in each case.

The My Path service and digital pathways are used in an authenticated environment and their use always requires the processing of personal data. Data is collected and processed in different ways in different situations. You can find the situations in which data collection is required, the data use cases and the privacy policies here.

NB: The My Path service is one of the three main products of the HealthVillage.fi service package. The other products are the Health Village hubs and the HealthVillagePRO service. For more information on the processing of personal data in the Health Village hubs and the HealthVillagePRO service, see the services’ own privacy policies.

Important

Data protection and transparency in the processing of personal data is very important to us. You can find out more about your rights regarding data protection and the processing of your personal data by clicking on the link below.

Your rights in relation to data protection and processing of personal data

Registration and use of the service | Self-care programs (no treatment relationship)

When you register for the My Path service and use the self-care programs open to everyone, your data will be registered in the client register of the Helsinki University Hospital (HUS). HUS is the controller of client data.

Which data do we process?

When you log in, we collect the following information about you: name, social security number, address, telephone number and email address. This information is collected directly from you and the population register maintained by the Digital and Population Data Services Agency.

In addition, we process any data you enter into the service (including data related to your health). The service also creates a log that ensures the security of patients and professionals.

Purpose of processing personal data

We process your personal data to create you a personal profile for the services. The data you provide when using self-care programs varies depending on the purpose of the programs in question. For example, the self-care program for weight management collects data on your eating habits and body measurements. Entering information into these programs is completely voluntary.

We also process your personal data to detect potential information security incidents, for example, by collecting data from data communication systems and data processing systems.

We process personal data on the basis of your consent, an agreement, and existing legislation.

Who can access your data and to whom do we disclose your data?

We do not disclose your data to third parties without your separate consent or request. However, we have service providers maintaining our systems. These operators have a restricted access to your personal data due to the nature of their duties.

We do not disclose your data outside the EU/EEA.

How long do we store your data?

We store your client information for five years as of the latest login.

Registration and use of the service | Digital care pathways (treatment relationship)

When you register for the My Path service and use digital care pathways that require a treatment relationship, your data will be registered in the client register of the university hospital or wellbeing service county responsible for your care.

The data controller is one of the following:

University hospitals

Wellbeing services counties

Visit the website of your wellbeing services county or university hospital for contact details and information about data protection officers and the processing of your data.

Which data do we process?

In addition, we process any data you enter into the service (including data related to your health). The service also creates a log that ensures the security of patients and professionals.

Purpose of processing personal data

A client using the Health Village services by a referral is in a treatment relationship. Legislation on processing personal data in health care services is applied to the processing of their data. The purpose of the data processing is to provide you electronic services that support your health care. The health care unit responsible for your care gives you more information about how your personal data is processed. Each health care unit has its own patient privacy statement and data protection policy to ensure the security of your data.

Your personal data is processed on the basis of your consent and our legal duty.

Who can access your data and to whom do we disclose your data?

Your consent limits the access to your personal data only to health care units participating in your care. Access to your data always requires a treatment relationship.

We do not disclose your data outside the EU/EEA.

How long do we store your data?

Regarding digital care pathways, the processing of your personal data involves statutory retention requirements. Your patient documents are stored in the patient record systems of the health care units responsible for your care. Patient documents are usually stored for 12 years as of death or 120 years as of birth. Journals and other data collection forms are stored for 12 years as of their creation date or until the data has been transferred into the patient record system.

Give feedback or report a technical issue

If you provide feedback using either the Give feedback or Report a technical issue forms and leave your contact information (optional), the Health Village’s privacy policy for personal data provided on the forms will apply.

Previous page Registration and login instructions

Next page Accessibility in Health Village's My Path and digital care pathways