Tutoris Oy (1844559-3)
Kajaaninkatu 15, FI-90100 Oulu, Finland
Tel. +358 40 560 6271, +358 44 560 6009
2 Contact Person for Matters Concerning the Data File
Tel. +358 44 560 6009 or firstname.lastname@example.org
The Data Protection Officer at Tutoris Oy is Arja Kangas, +358 44 560 4794, email@example.com
3 Name of File
The name of the file is Client Register.
4 Purpose and Legal Basis of Processing Personal Data
Personal data are collected for a specified, explicit and legitimate purpose. The purpose of the data file is to collect data concerning the users of the rehabilitation and care services produced by Tutoris Oy, to process the data to plan and provide services and to retain the data as required by law.
5 Data Contents of the Data File
The data file contains data on the individuals and communities that have used or applied for the rehabilitation and care services of Tutoris Oy. The data file contains the personal data of clients, including the name, address, phone number, e-mail address and the financial commitments concerning service implementation with their attachments, the documents and rehabilitation plans prepared by other social and health care or nursing units as well as the test forms/indicators, visit/treatment information, plans concerning service implementation and statements used and produced by Tutoris Oy. With the client’s consent, the data file may also contain the clients’ photo and video material from the client relationship, but this is always clarified separately. The data have been obtained from the service referee, payer or end user or his/her close relative.
6 Regular Sources of Data
The personal data in the Client Register are collected from the data subject him/herself or the data have been obtained from the service referee, payer or end user or his/her close relative.
7 Regular Disclosures of Data
Data concerning individuals in the data file shall be disclosed to the payer of the service, the user of the service or his/her guardian or close relative and the party who has prepared the rehabilitation plan for the service user in accordance with the cooperation commitment established with the client. Data shall be disclosed with the written authorization of the service user or his/her guardian. Since 2017, the information and summaries of rehabilitation client visits have also been transferred from the patient data system to the Kanta archive. Data shall not be transferred outside the European Union or the European Economic Area.
8 Transfer of Data to a Third Country or to an International Organization
Data shall not be transferred to a third country or to an international organization.
9 Right of Access
The data subject shall be entitled to access his/her data that has been saved in the data file. In addition, after submitting an adequately detailed and specified request for inspection, he/she shall be entitled to access the data relating to him/her and contained in recordings. The request for inspection must be made in writing, signed and addressed to the Data Protection Officer, and a copy of a personal identity card with a photograph must be included.
10 Right to Demand the Rectification and Erasure of Data
The controller must rectify incorrect data indicated by the party concerned in the personal data file. The controller shall also be under the obligation to use its own initiative to verify the appropriateness and timeliness of data in the data file. The data subject may also demand the controller to erase data concerning him or her from the data file.
11 Other Rights Relating to the Processing of Personal Data
The data subject shall have the right to demand restriction of processing of personal data. The data subject shall also have the right to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller. In addition, the data subject shall have the right to object to processing of data, automatic decision-making and profiling.
12 Data Removal and Retention Period
The controller shall remove the data from the data file when there are no longer any commercial grounds for data processing or if the person concerned exercises his or her legal right to demand the controller to remove the data concerning him or her.
Personal data shall be destroyed when grounds no longer exist for data processing or retention. However, data shall not be removed if the law provides otherwise or if a competent authority has initiated a process that requires the controller to retain the data or if another party has applied for a decision from a Finnish court of law to safeguard the data.
13 Approval of the Information Policy
The Information Policy has been approved as continuous and revised on 24 May 2018.