Registry and Privacy Policy

In the customer register of Euromedfin Oy, information on existing or potential corporate and organizational customers and their contract contacts as well as other contact persons is maintained.

Euromedfin Oy complies with the EU's General Data Protection Regulation, applicable legislation, and the instructions of authorities on the processing of personal data, and meets the requirements of the General Data Protection Regulation (GDPR).

Euromedfin Oy respects the privacy of its customers, patients, partners, and employees.

What is the purpose for collecting personal data?

We process your personal data for the following purposes:

Managing customer relationships and customer service, as well as maintaining the contract and other contact person information of a business customer
Collecting and processing customer feedback
Conducting market research and opinion polls
Analysis, categorization, and reporting of customer relationships, as well as other purposes related to the development of overall customer relationships and Euromedfin's business operations
Handling, developing, directing, and monitoring sales, marketing, and communication.

What kind of information is collected

The personal data being processed:

Name and contact information
Title and gender
Responsibility description
Contract contact person's role in the company
Consents / bans on marketing communication

How long is the data stored?

We retain your personal information for as long as you are a contact person for our corporate customer. We carry out the deletion period of personal data annually.

Who processes the information and how is it transferred?

The processing of personal data can be outsourced to external service providers who process personal data on behalf of Euromedfin.
Customer register information is not given forward.
Personal data is not given outside the EU area nor processed from outside the EU area.

From what sources are the data collected

The contact information of Euromedfin Oy's corporate and organization customers is updated in the Euromedfin's contract database based on the notification made by either the contract contact person or the person themselves.

Can consent be withdrawn?

If the processing is based on your consent, the consent can be withdrawn at any time. The request can be sent to the address olga.loginov@medfin.fi.

Your rights

You have the right to request personal information about you, the correction of personal data, the deletion of personal data, or the limitation of processing. Requests can be sent to the email address olga.loginov@medfin.fi

If you act as a contact person for a company or organization, your information cannot be deleted during this time.

Right to file a complaint with the supervisory authority

If you believe that the processing of your personal data has violated data protection regulations, you have the right to lodge a complaint with the supervisory authority.

You can also make a complaint in the member state where you have your permanent residence or place of work.

How is personal data protected?

Euromedfin uses appropriate physical, technical and administrative safeguards to protect data from misuse. Such means include, among others, controlling and filtering network traffic, using encryption technologies and secure device spaces, appropriate access control, controlled granting of rights and their use control, guidance for personnel involved in the processing of personal data, and risk management in the design, implementation, and maintenance of our services. Euromedfin carefully selects its subcontractors and ensures through contractual arrangements and other arrangements that information is also processed by them in accordance with legislation and good data protection practices.

Who can you contact

Data Protection Officer Olga Loginov olga.loginov@medfin.fi

Patient Register

Euromedfin Oy maintains a patient register, which is shared among Euromedfin Oy and the healthcare professionals working there, who operate either as independent practitioners or through separate companies as service providers.

Euromedfin Oy complies with the EU's General Data Protection Regulation, current legislation, and authorities' instructions on personal data-processing and meets the General Data Protection Regulation (GDPR) requirements.

Euromedfin Oy respects the privacy of customers, patients, partners, and employees.

Purposes related to the use of health information

planning, organizing, implementing, and monitoring of patient examinations, treatment, and preventive care
occupational health care and work capacity assessment
provision of healthcare services and reporting on them to businesses, communities, and individuals
monitoring of treatment based on professional development and to ensure and measure the quality and effectiveness of care
planning, development and statistics of the data controller’s own operations, invoice and collection, audits and other tasks required to enforce the rights and duties of the controller
evaluation and notification of appropriate examinations and treatments for the patient (with the patient's consent)
contacts between patients and customer service centers (e.g., calls) may be recorded to ensure the quality of service by customer service staff and to verify the service event.

Informing and marketing of new services

communication and marketing related to the products and services of the data controller or its partners
targeting communication, marketing and services to the customer
informing and reminding the customer using customer and health information about matters related to the customer's health, such as prescription renewals, vaccinations etc., as well as about the data controller's services
evaluating possibly suitable clinical drug studies for the patient and informing about them (with the patient's consent)
developing the business of the data controller and related customer service
collecting, tracking and analyzing customer interest information, choices and wishes related to services and service points, and developing customer service related to them
registering and marketing operations and benefits according to the loyalty program
taking customers' wishes into account, developing customer service and targeting the offering
the registration of the benefits of partner companies included in the loyalty program
implementation of market research and opinion surveys

Feedback, official requests for clarification and dangerous events

processing of customer feedback
processing of complaints or objections in accordance with the Patient Act
handling of other official requests for clarification, based on EU or Finnish legislation, e.g. data protection regulation
handling of incident reports when a person has been the target of a patient safety related event

What kind of information is collected

Basic information (name, personal identification number, contact details, profession, close relative appointed by the patient/guardians of a minor patient, and other identification details (e.g., passport copy), information can be verified from the population register)
consents and rejections (Information on whether the patient allows the transfer of information between healthcare professionals working at Euromedfin, as required by the care relationship. The person's consent and rejection information related to direct marketing and the use of personal data)
employer information (For occupational health care clients: Employers, department / location, job title, company's insurance information, sickness fund membership, and other work-related information)
health records (The essential health information for various healthcare professionals involved in the patient's care (including patient records, referrals, opinions, and form information) Patient's self-supplied health data and self-care data, laboratory, imaging and other examination data)
appointment information (Client, day, time, place and who the appointment is booked for as well as the booker and booking date)
billing information (Billing information related to care and investigations. Payee details in relation to the treatment)
feedback, formal requests for clarification and incident reports (Feedback or requests for clarification and their responses. Description of safety incidents and the explanation given to the individual)
other service-related information (Satisfaction information and comments on the services by the register holder. Information related to wishes and choices as well as information on desired services by the user. Contact history. Data stored from third party registers with the express consent of the user. Loyalty customer information)

How long is the data stored?

As a general rule, we keep information for 12 years after death. If there is no information about death, we keep it for 120 years after birth.
Information related to feedback is kept for 5 years.
Information related to official inquiries is kept for 12 years.
Information related to dangerous events is kept for 5 years.

Who processes personal data and where is personal data transferred to?

Based on the joint registry consent you gave, the various health care professionals treating you at Euromedfin
Your occupational health-related information is available to all professionals involved in occupational health.
Kela Prescription Center
Your electronic prescriptions are stored in the Prescription Center, which is maintained by Kela. More information at www.kanta.fi.
Kanta Patient Information Archive Your health data is archived in the Kanta Services Patient Information Archive maintained by Kela, based on the Act on the Electronic Processing of Customer Information in Social and Health Care (159/2007) ("customer data law"). More information at www.kanta.fi.
In addition, your patient information may be disclosed under the Patient Act (785/1992) Section 13 as follows
Another health care unit/organization/treatment place or health care professional
To arrange care, necessary information can be disclosed to other health care units identified by you, according to the oral or written consent you have given, or otherwise evident from the context, marked in the patient record.
Insurance companies
Statutory traffic and accident insurance. Necessary information is disclosed to the insurance company without consent (based on law)
Voluntary insurance: necessary information is disclosed according to your consent
To an authority or community that has a legal right to receive information
To a court, other authority, or community that has a legal right to receive the information. Information is mainly given as opinions to the extent required by the case, based on a written and identified request.
Patient's close relative or another close person
If you are unconscious or being treated for a similar reason, your close relative or another close person can obtain information about you and your health, unless there is a reason to assume that you prohibited such action.
Research use
The release of patient record information for scientific research is valid under section 13.4 of the Patient Act.
Other health data research use requires your consent
Your personal data will only be disclosed outside the EU area with your consent.

How is personal data protected

Euromedfin utilizes appropriate physical, technical, and administrative security measures to protect information from misuse. Such methods include, among other things, control and filtering of network traffic, the use of encryption techniques and secure device spaces, appropriate access control, managed authorization granting and its use control, instruction of personnel involved in the processing of personal data, and risk management in the design, implementation and maintenance of our services. Euromedfin carefully selects its subcontractors and ensures by contractual and other arrangements that information is also processed by them in accordance with the legislation and good data protection practice.

Your rights

info.pravila-okazania-uslug.section_18_list_1

Who can you contact

Data Protection Officer Olga Loginov olga.loginov@medfin.fi
Patient Ombudsman Marina Meier marina.maier@medfin.fi