registar

SkyLaine Ltd

Angervotie 10 C 32, 00320 Helsinki, FINLAND

Business ID: 3404338-3

contact@skylaine.com

corresponding contact

Seela Leppänen

seela@skylaine.com

+35878317011

Content of the registery

The following information is collected in the register:

1. Basic information about the customer, such as name, address, email, phone number, and other possible contact information.

2. Health information and other information necessary for the assistance received by the customer, such as the reason for the outcome reported by the customer, background information, assessment of the need for assistance, information regarding the implementation and planning of assistance, and statements regarding the customer's state of health.

3. Guardians of minor patients and their contact information.

4. Information regarding appointments and billing.

5. Information about the disclosure of information contained in the register.

Legal basis and the reason for handling personal data

The purpose of processing patient data is to maintain the health and well-being of patients and to plan, implement, and monitor research and treatment, including the monitoring of the quality and effectiveness of research and treatment.

Other purposes for the use of personal data include billing, communication with the client, sending various electronic messages, and enabling treatment-related information and reminders, collecting customer feedback, monitoring and planning our own operations, statistics, and compliance with laws and regulations concerning private healthcare.

Collection and storage of personal data

Patient information is primarily stored in an electronic patient information system. Electronic health records are archived in the Patient Data Archive of Kanta Services maintained by Kela (Social Insurance Institution of Finland) in accordance with the Act on the Electronic Processing of Social and Health Care Client Data. More information at www.kanta.fi.

Access to electronic information is only possible with a personal username and password. There is no automatic decision-making associated with electronic data.

Personal data is mainly collected electronically, either by the registar itself or into information systems maintained by third parties. The data contained in the register is stored securely, in compliance with data security safeguards that have been established as adequate in the field.

The protection of personal data in electronic form is implemented by means of firewalls, usernames, and passwords maintained on the terminal device. The physical protection of personal data is implemented by keeping them locked in adequately monitored premises, which only authorized persons can access.

Regular information sources

The information collected in the customer register is mainly obtained from the following sources:

1. Information provided by the customer themselves.

2. Information obtained from the customer's guardian or other close relative.

3. Information obtained from the Population Register Centre.

4. Information obtained from statutory registers.

Disclosure of personal data

The information in the register will not be disclosed to third parties except with the consent of the data subject or on the basis of a legal provision. If the customer does not have the capacity to assess the significance of giving consent, the consent may be given by the customer's legal representative. The customer or their legal representative may withdraw their consent at any time. The data will not be transferred outside the European Union.

Retention and deletion of personal data

Care is taken in the processing of the register and data processed using information systems is adequately protected. When registry data is stored on internet servers, the physical and digital security of their hardware is taken care of appropriately. The controller ensures that stored data, server access rights, and other data critical to the security of personal data are treated confidentially and only by those employees whose job description it falls under. Patient data contained in the register is stored for the period specified in the Ministry of Social Affairs and Health decree on patient records, after which the data is deleted in accordance with the decree. Data other than patient data is stored for the duration of the customer relationship and is deleted immediately after the need for its processing ceases.

Rectification of personal data

The data subject has the right to have misleading, outdated, incomplete, or incorrect information concerning them rectified free of charge by providing the controller with sufficient information on how and in what respect the data should be corrected or supplemented, according to the data subject's understanding. The data subject is personally responsible for the correctness of the information they provide and must notify the controller on their own initiative if there are any changes to the information they have provided or if it has been provided incompletely or incorrectly.

Transfers to another information system

The data subject has the right to request the transfer of data from one system to another if the data has been provided by the data subject themselves and the processing of personal data is based on consent or contract. The right to transfer is not applicable to patient data. Regarding patient data, another healthcare provider can view health information through Kanta Services in accordance with the customer's consents and prohibitions. You can manage these consents and prohibitions through the My Kanta service (www.kanta.fi/omakanta).

Restriction of processing of personal data

The data subject may request the controller to restrict the processing of personal data, such as transferring it to another information system, preventing access to it in whole or in part, or temporarily removing it from a website, for example, under the following conditions:

1. The data subject contests the accuracy of the personal data (the processing of personal data may be restricted for a period during which the accuracy of the personal data can be verified);

2. The processing of the personal data in question is unlawful and the data subject opposes the erasure of the personal data and at the same time explicitly requests the restriction of their processing; or

3. The data subject needs the personal data in question for the establishment, exercise, or defense of legal claims and the controller no longer needs the personal data for the relevant processing purposes.

Access to information in the register

The data subject has the right to be informed of what information about them has been stored in the customer register. Similarly, the data subject has the right to obtain a copy of the personal data concerning them that has been stored in the customer register. If multiple copies are requested, the controller has the right to charge a reasonable fee for them.

Deletion of personal data

A person in the register has the right to request the removal of their personal data from the register ("the right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as restricting the processing of personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, ask the requester to prove their identity. The controller will respond to the customer within the time specified in the EU Data Protection Regulation (usually within one month). The data subject has the right to have their data removed from the participant register free of charge under the following conditions:

1. Personal data is no longer necessary for the relevant processing purposes;

2. personal data has been processed unlawfully; or

3. the law requires the erasure of personal data.

Right to lodge a complaint with the Data Protection Ombudsman

The data subject has the right to lodge a complaint with the Data Protection Ombudsman regarding the controller's processing activities at www.tietosuoja.fi/fi/index/yhteystiedot.

Requests made by the data subject to exercise the above-mentioned rights must be submitted to the controller in writing, unless otherwise required by law. Making a request is free of charge for the data subject, unless it is manifestly unfounded or excessive or unless they are made repeatedly. In this case, the controller has the right to charge a reasonable fee for processing the request.