Data protection in the Health Village’s My Path service and digital pathways

When you register for the My Path service and use the self-care programs open to everyone, your data will be registered in the client register of the Helsinki University Hospital (HUS). HUS is the controller of client data.

Which data do we process?

When you log in, we collect the following information about you: name, social security number, address, telephone number and email address. This information is collected directly from you and the population register maintained by the Digital and Population Data Services Agency.

In addition, we process any data you enter into the service (including data related to your health). The service also creates a log that ensures the security of patients and professionals.

Purpose of processing personal data

We process your personal data to create you a personal profile for the services. The data you provide when using self-care programs varies depending on the purpose of the programs in question. For example, the self-care program for weight management collects data on your eating habits and body measurements. Entering information into these programs is completely voluntary.

We also process your personal data to detect potential information security incidents, for example, by collecting data from data communication systems and data processing systems.

We process personal data on the basis of your consent, an agreement, and existing legislation.

Who can access your data and to whom do we disclose your data?

We do not disclose your data to third parties without your separate consent or request. However, we have service providers maintaining our systems. These operators have a restricted access to your personal data due to the nature of their duties.

We do not disclose your data outside the EU/EEA.

How long do we store your data?

We store your client information for five years as of the latest login.

When you register for the My Path service and use digital care pathways that require a treatment relationship, your data will be registered in the client register of the university hospital or wellbeing service county responsible for your care.

The data controller is one of the following:

University hospitals 

• HUS (hus.fi)

• KYS (pshyvinvointialue.fi, in Finnish)

• TYKS (tyks.fi)

• OYS (oys.fi, in Finnish)

Wellbeing services counties  

• Pohjois-Pohjanmaan hyvinvointialue (pohde.fi, in Finnish)

• Varsinais-Suomen hyvinvointialue (varha.fi, in Finnish)

• Pohjois-Savon hyvinvointialue (pshyvinvointialue.fi, in Finnish)

• Itä-Uudenmaan hyvinvointialue (itauusimaa.fi, in Finnish)

• Länsi-Uudenmaan hyvinvointialue (luvn.fi, in Finnish)

• Päijät-Hämeen hyvinvointialue (paijatha.fi, in Finnish)

• Lapin hyvinvointialue (lapha.fi, in Finnish)

• Keski-Pohjanmaan hyvinvointialue (soite.fi, in Finnish)

Visit the website of your wellbeing services county or university hospital for contact details and information about data protection officers and the processing of your data.

Which data do we process?

When you log in, we collect the following information about you: name, social security number, address, telephone number and email address. This information is collected directly from you and the population register maintained by the Digital and Population Data Services Agency.

In addition, we process any data you enter into the service (including data related to your health). The service also creates a log that ensures the security of patients and professionals.

Purpose of processing personal data

A client using the Health Village services by a referral is in a treatment relationship. Legislation on processing personal data in health care services is applied to the processing of their data. The purpose of the data processing is to provide you electronic services that support your health care. The health care unit responsible for your care gives you more information about how your personal data is processed. Each health care unit has its own patient privacy statement and data protection policy to ensure the security of your data.

Your personal data is processed on the basis of your consent and our legal duty.

Who can access your data and to whom do we disclose your data?

Your consent limits the access to your personal data only to health care units participating in your care. Access to your data always requires a treatment relationship.

We do not disclose your data outside the EU/EEA.

How long do we store your data?

Regarding digital care pathways, the processing of your personal data involves statutory retention requirements. Your patient documents are stored in the patient record systems of the health care units responsible for your care. Patient documents are usually stored for 12 years as of death or 120 years as of birth. Journals and other data collection forms are stored for 12 years as of their creation date or until the data has been transferred into the patient record system.

If you provide feedback using either the Give feedback or Report a technical issue forms and leave your contact information (optional), the Health Village’s privacy policy for personal data provided on the forms will apply.