Hammas Hohde Oy, Busines ID 2339589-3, Koljonniemenkatu 2, 70100 Kuopio
2 CONTACT PERSON IN DATA PROTECTION MATTERS
Data Protection Officer
Hammas Hohde Oy
Koljonniemenkatu 2, 70100 Kuopio
tel. 010 5050 830
3 NAME OF THE PERSONAL DATA FILE
Personal data file of the OmaHohde service
4 PURPOSE AND LEGAL BASIS OF PROCESSING
The OmaHohde service (also “service”) is intended to be used by the customers of Hammas Hohde Oy, but the service may also be used by any person that has access to online banking credentials necessary to register to the service.
The legal basis for processing is:
– The contractual relationship between the data subject and Hammas Hohde Oy
– The data subject’s consent
– The legitimate interest of Hammas Hohde Oy to market its services
Personal data may be processed for the following purposes:
– To supply and make available the web browser and application based OmaHohde service.
– To manage customer relationships.
– Collecting the customer’s patient history, if the customer chooses to provide their patient history via the service
– To the collection, monitoring and analyzing of customer history, customer satisfaction, polls, and research, for verifying transactions, for quality control, for developing business and services, for the targeting of communication, marketing and services, and for other management, development and making available of services.
– The service may contain marketing via telephone calls, SMS messages, emails or multimedia messages, as well as marketing and other communication within the service, the web site or the mobile application.
5 DATA INCLUDED IN THE PERSONAL DATA FILE
The following information, for example, may be processed about the data subject:
– Name, social security number, customer number, sex, language, address, telephone number, email address and other necessary contact information.
– Next of kin, guardian, dependent, legal representative.
– Services requested, used and purchased by the data subject with their payment information.
– Information provided by the data subject, such as health information, information on care received elsewhere than at Hammas Hohde Oy, areas of interest, hobbies and other similar information.
– Health and wellbeing information concerning the data subject transferred by the data subject to the service.
– Information on the persons who have treated the data subject. Professionals, services, service units and requests and notes concerning other such matters. Information on refusals, restrictions, consents, and other choices.
– The contents of messages between the data subject and the personnel of Hammas Hohde Oy and chat messages in the OmaHohde service, in addition to any files uploaded by the data subject, log information, information on the sender and recipients of the messages as well as sending times.
– Other information related to the personal data file, for example information from which the data subject may be identified, concerning the data subject’s use of use of web sites, such as the user’s IP-address, the time of the visit, visited web pages, browser type (such as Internet Explorer, Firefox), the web address from which the user has come to the web site, and the server from which the user has come to the web site.
– Information necessary for the use of identification and certification tools and services.
– Credit information of the data subject.
– Information related to the processing of the information such as the date of storage and the source of the information.
The information saved to the OmaHohde service by the data subject, e.g. health information of the data subject or information concerning treatments or examinations performed elsewhere, are not visible to the personnel of Hammas Hohde Oy.
6 REGULAR SOURCES OF DATA
The data is collected primarily from the following sources:
– The data subject themselves, and information created while the data subject uses the OmaHohde service.
– The customer register of Hammas Hohde Oy.
– A third-party offering identification, certification, address, on call duty, credit agency or other equivalent services.
– Information obtained from partners of Hammas Hohde Oy, such as information obtained from insurance companies.
– The population information system provided by the Digital and Population Data Services Agency and other public records systems.
Furthermore, contact information may be updated as regards an occupational health customer with information received from the customer’s employer.
7 RETENTION OF PERSONAL DATA
Hammas Hohde Oy retains the personal data in the OmaHohde service for as long as the data subject has an account in the OmaHohde service and uses the service. If the data subject removes their account from the OmaHohde service, the data is removed when the account has been removed.
Hammas Hohde Oy may also remove the information earlier, if it is clear that the customer relationship of the data subject with Hammas Hohde Oy has ended. The customer relationship will be determined to have ended when two years have passed from the last service-related contact between the data subject and Hammas Hohde Oy.
The data will be removed within three months from the termination of the retention period.
8 REGULAR DISCLOSURES OF PERSONAL DATA
Hammas Hohde uses the following suppliers to provide the service:
– Virtue Oy
– Somia Reality Oy
The suppliers have executed data processing agreements.
Hammas Hohde Oy may disclose data to its subcontractors used to supply the service.
9 TRANSFERS OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION OR THE EUROPEAN ECONOMIC AREA
The personal data is not transferred outside the European Union or the European Economic Area.
10 DATA SECURITY
Manual material, if any, is stored in a locked space that may only be accessed by persons having the right to access the space.
The OmaHohde service is an online service, and it may be used through encrypted connection with the browser of a computer, mobile phone, mobile device, or other smart device, or through an application made available by Hammas Hohde from time to time.
The OmaHohde service may be accessed by using personal on-line banking credentials or other identification methods approved by Hammas Hohde. Hammas Hohde takes adequate technical measures to provide the service and ensure data security.
Digital material is accessible only by employees, professionals and partners having the right to access such material and by using their personal use credentials and passwords. Multiple levels of user rights exist, and each user is given the necessary, but as restricted as possible, right to access the material.
Hammas Hohde removes all information contained in the service input by the user themselves as well as the user’s OmaHohde credentials when the use of the service is terminated, but other information concerning services (such as customer feedback and information used to target services) are transferred to and/or remain in the customer register of Hammas Hohde.
The purpose of the aforementioned activities is to ensure the confidentiality of the OmaHohde service, the availability and integrity of the information, as well as realization of the data subject’s rights.
As a part of the processing activities of the personal data stored to the OmaHohde service, Hammas Hohde Oy may use the information to monitor and analyze and profile the data subjects’ interests, their choices and requests regarding services and service points and to develop its customer service.
12 DATA SUBJECT’S RIGHTS
12.1 Data subject’s right to access the data (right of inspection)
The data subject also has the right to inspect what information concerning themselves has been stored to the personal data file of the OmaHohde service.
12.2 Data subject’s right to request the rectification or erasure of data and to restrict the processing of their data
The data subject has the right to demand that the controller rectifies any inaccurate or incorrect personal data concerning the data subject. The data subject also has the right to have any incomplete personal data completed.
The data subject has the right to have the controller erase personal data concerning themselves without undue delay.
The data subject also has the right to request the controller to restrict the processing of their personal data, for example in a situation where the data subject waits for the reply of the controller to their request to rectify or erase their information.
The data subject can also update their information directly in the OmaHohde service.
12.3 Data subject’s right to data portability
For the data the data subject has provided to the OmaHohde service themselves, and which data is processed based on consent or an agreement, the data subject has the right to receive such information in a primarily machine-readable format and has the right to transmit such data to another controller.
12.4 Data subject’s right to object to the processing of their personal data
The data subject has the right, on grounds relating to their particular situation, to object to the profiling and other processing of the data subject’s personal data by the controller to the extent the legal basis of the processing is the legitimate interest of the controller.
12.5 Data subject’s right to file a complaint to a supervisory authority
If the data subject thinks the EU General Data Protection Regulation is not complied with in the processing of their personal data, the data subject may lodge a complaint with a competent authority. The supervisory authority in Finland is the Data Protection Ombudsman, www.tietosuoja.fi.
12.6 Other rights
The data subject may give permissions or prohibitions regarding direct marketing to the controller.
All questions and requests related to data subjects’ rights may be presented to the contact person specified in Section 2 above. The data subject may also contact a service location of Hammas Hohde Oy. The contact information of service locations is available at www.hammashohde.fi.
Hammas Hohde Oy may ask the data subject to specify their request in writing and the identity of the data subject may be verified, if necessary, prior to taking other action.