Privacy statements

Personal data that are connected and processed for the same purposes constitute a personal data file. The privacy statement of a personal data file describes the personal data processed in connection with the data file, the purposes of their use and their protection, etc. This section contains the privacy statements for the key patient and customer registers of Pihlajalinna Group. Some companies in our Group have their own websites where you can find more information on the personal data files of the company in question. You can also contact the company’s clinic for advice.

For Pihlajalinna medical centre services, the controller of patient data and other personal data is Pihlajalinna Terveys Oy, its subsidiaries and the independent service producers operating in Pihlajalinna’s facilities.

For private appointments, Pihlajalinna and the service producer operate as co-controllers. Each party is responsible for ensuring that the processing of personal data carried out within their operations is done in accordance with applicable legislation, for example, so that the drafting of patient document notes and the use of patient data during the operations is lawful and justified.

If you as the data subject want to use the rights granted to you by the General Data Protection Regulation, the primary contact point is Pihlajalinna. As the data subject, you can use your rights in relation to either co-controller.

For occupational health services, the controller is the company with whom the data subject’s employer has signed a service agreement.

For publicly funded health and social services, the controller is primarily the public customer, such as the wellbeing services county. In this case, Pihlajalinna is the data processor when it processes personal data to implement the services in the agreement concluded with the public customer. However, Pihlajalinna is also the controller when it processes personal data to carry out statutory tasks and requirements that are binding on Pihlajalinna.

Privacy statement for the patient registers of companies included in the joint data file: Privacy Policy for Pihlajalinna’s Patient Registry

The following companies in Pihlajalinna Group store the patient data in the joint data file (upon the patient’s consent): Pihlajalinna Terveys Oy, Pihlajalinna Lääkärikeskukset Oy, Lääkäriasema DokTori Oy, Linnan Klinikka Oy, Pihlajalinna Ikioma Oy and Pihlajalinna Kainuu Oy.

Privacy statements for other patient registers:

• Dextra Lapsettomuusklinikka Oy

Other privacy statements for Pihlajalinna Group:

• Privacy statement for customer database: Asiakastietokannan tietosuojaseloste
• Privacy statement for project-specific insider lists: Hankekohtaisten sisäpiiriluetteloiden tietosuojaseloste
• Privacy statement for video surveillance: Kameravalvonnan tietosuojaseloste
• Privacy statement for shareholder register: Omistajaluettelon tietosuojaseloste
• Privacy statement for the shareholder registers of Pihlajalinna Group companies: Pihlajalinna-konserniyhtiöiden osakasluetteloiden tietosuojaseloste
• Privacy statement for recruitment register: Rekrytointirekisterin tietosuojaseloste
• Privacy statement for Whistleblower channel: Privacy statement for the whistleblower
  channel
• Privacy statement for cooperation partner and service provider register: Yhteistyökumppani- ja palveluntarjoajarekisterin tietosuojaseloste
• Privacy statement for participants signed up for General Meeting: Yhtiökokoukseen ilmoittautuneuden tietosuojaseloste
• Privacy statement for prize draw and contest register: Arvonta- ja kilpailurekisterin tietosuojaseloste

We reserve the right to update the privacy statements, if necessary. Essential changes to the privacy statements may be announced in, for example, the News section of our website.