Privacy policy

Privacy Statement, last updated May 21, 2025

 

Helena Medical Group is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, and safeguard your information in accordance with the General Data Protection Regulation (GDPR) and applicable Finnish laws.

 

Controller

Helena Medical Group / Plastiikkakirurgia Helena Oy

Rautatienkatu 27, SF-33100 Tampere, Finland

 

For what purpose is my personal data collected?

We process your data only for predefined purposes

• The provision of healthcare and surgical treatment, especially in breast cancer surgery, breast reconstruction and plastic surgery

• Medical diagnosis and treatment planning

• Management of healthcare systems and services

• Processing based on your consent for marketing and service communication

• Feedback handling, authority clarification requests and incident reports

 

What type of information is collected about me?

Your personal data subject to processing

• Basic information
• Consents and refusals
• Health information
• Health and treatment information related to plastic or reconstructive surgery
• Well-being information
• Appointment information
• Invoicing information
• Information of feedback, clarification requests from authorities, and incidents

 

How long do you store my data?

The retention period of your health data is as specified in the Decree of the Ministry of Social   Affairs and Health on Patient Documents (298/2009). As a rule, we store the data for 12 years after the death of the data subject. If the date of death is not known, the data is stored for 120 years after birth.

 

Who will process my personal data and to whom may my data be disclosed?

On the basis of the join register consent provided by you, you receive treatment from different healthcare professionals at Helena Medical Group.

Prescription Center controlled by Kela: You electronic prescriptions are saved in the Prescription Center, a register controlled by Kela.

 

In addition, you patient information may be disclosed under section 13 of the Finnish Patient Act (785/1992) as follows:

1. Third party healthcare unit/organization/treatment facility or healthcare professional

• Information required for arranging and providing your examination and care may be disclosed to another healthcare unit specified by you upon your verbal or written consent or other approval otherwise apparent by the context and recorded in your patient record.

2. Insurance companies

• Required information of statutory motor vehicle insurance and accident insurance are disclosed to the insurance company without consent (under law).
• Voluntary insurances: required information is disclosed upon your consent.

3. To the authorities or an association which is by law entitled to access the information

• Patient information is disclosed to courts of law, public authorities or other associations entitled by law to access the information upon a specific written request. Information is released only to the extent the present case requires. The information is principally provided as statements.

4. Patient’s next of kin or other close person

• If the reason for your being in treatment is unconsciousness or a similar condition, your next of kin or other close person may receive information about you and your health unless there is reason to assume that you would have prohibited that.

5. Disclosure of information on a deceased person

• The obligation for confidentiality and need for protection of privacy extends beyond the person’s death. Therefore, information concerning a deceased person must not be disclosed without grounds specified by the law.

6. Use for research purposes

• The provisions laid down in section 13 (4) of the Patients Act apply to the disclosure of information in the patient records for scientific research.
• Any other use of health data for research purposes is subject to your consent.

 

Your personal data is neither processed nor disclosed outside the EU area, except by your own request.

 

From what sources is my date collected?

From you personally

• Information provided by you. If you are a minor, also information provided by your guardian.

Medical staff

• Information generated during your examination and treatment.

Third party healthcare unit or healthcare professional

• Information obtained from other healthcare institutions.
• For the purposes of ensuring correct invoicing, information regarding who was treated, the procedures carried out along with their cost is stored. The information is either based on an outsourcing agreement or a referral issued by an external unit.

Other sources of information

• Insurance company

 

Your rights

Right of access

You may view your data through Helena Medical Group’s service. The service covers the personal information provided by you and the most important information related to your health.

Right to erasure

Data provided by you can be erased upon your request.

Withdrawal of consent

When the processing of data is subject to your consent, you may withdraw your consent at any time.

Right to lodge a complaint with a supervisory authority

If you consider that the processing of personal data relating to you infringes the Data Protection Regulation, you have the right to lodge a complaint with a supervisory aythority.

You may lodge your complaint also in the Member State of your habitual residence or place of work.

 

How is my personal data protected?

Clinic Helena applies appropriate physical, technical, and administrative protection measures to protect the data from misuse. These measures include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to staff participating in personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Clinic Helena chooses its subcontractors carefully and uses agreement and other arrangements to ensure that they also process data compliance with law and good privacy practices.

 

Whom can I contact?

Data Protection Officer

Data Protection Officer Helena Puonti

Patient Ombudsman

The Patient Ombudsman Päivi Tuominen

The Patient Ombudsman provides guidance and assistance in matters concerning your rights as a patient, such as submitting objections or patient injury notifications.