Privacy policy

Privacy Statement, last updated July 9, 2018


This privacy statement applies to the processing of your personal data as our private customer.



Helena Medical Group / Plastiikkakirurgia Helena Oy

Kirkkokatu 7 B, SF-57100 Savonlinna, Finland


For what purpose is my personal data collected?

We process your data only for predefined purposes

  • processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis, and the provision of healthcare or treatment
  • the management of healthcare systems and services on the basis of law or pursuant to contract with a health professional
  • processing is necessary for the purpose of wellbeing services
  • on the basis of consent given for the purpose of marketing and informing about services
  • the handling of feedback, clarification requests from the authorities and incidents.


What type of information is collected about me?

Your personal data subject to processing

  • Basic information
  • Consents and refusals
  • Health information
  • Well-being information
  • Appointment information
  • Invoicing information
  • Information of feedback, clarification requests from authorities, and incidents


How long do you store my data?

The retention period of your health data is as specified in the Decree of the Ministry of Social   Affairs and Health on Patient Documents (298/2009). As a rule, we store the data for 12 years after the death of the data subject. If the date of death is not known, the data is stored for 120 years after birth.


Who will process my personal data and to whom may my data be disclosed?

On the basis of the join register consent provided by you, you receive treatment from different healthcare professionals at Helena Medical Group.

Prescription Center controlled by Kela: You electronic prescriptions are saved in the Prescription Center, a register controlled by Kela.


In addition, you patient information may be disclosed under section 13 of the Finnish Patient Act (785/1992) as follows:

  1. Third party healthcare unit/organization/treatment facility or healthcare professional
  • Information required for arranging and providing your examination and care may be disclosed to another healthcare unit specified by you upon your verbal or written consent or other approval otherwise apparent by the context and recorded in your patient record.
  1. Insurance companies
  • Required information of statutory motor vehicle insurance and accident insurance are disclosed to the insurance company without consent (under law).
  • Voluntary insurances: required information is disclosed upon your consent.
  1. To the authorities or an association which is by law entitled to access the information
  • Patient information is disclosed to courts of law, public authorities or other associations entitled by law to access the information upon a specific written request. Information is released only to the extent the present case requires. The information is principally provided as statements.
  1. Patient’s next of kin or other close person
  • If the reason for your being in treatment is unconsciousness or a similar condition, your next of kin or other close person may receive information about you and your health unless there is reason to assume that you would have prohibited that.
  1. Disclosure of information on a deceased person
  • The obligation for confidentiality and need for protection of privacy extends beyond the person’s death. Therefore, information concerning a deceased person must not be disclosed without grounds specified by the law.
  1. Use for research purposes
  • The provisions laid down in section 13 (4) of the Patients Act apply to the disclosure of information in the patient records for scientific research.
  • Any other use of health data for research purposes is subject to your consent.


Your personal data is neither processed nor disclosed outside the EU area, except by your own request.


From what sources is my date collected?

From you personally

  • Information provided by you. If you are a minor, also information provided by your guardian.

Medical staff

  • Information generated during your examination and treatment.

Third party healthcare unit or healthcare professional

  • Information obtained from other healthcare institutions.
  • For the purposes of ensuring correct invoicing, information regarding who was treated, the procedures carried out along with their cost is stored. The information is either based on an outsourcing agreement or a referral issued by an external unit.

Other sources of information

  • Insurance company


Your rights

Right of access

You may view your data through Helena Medical Group’s service. The service covers the personal information provided by you and the most important information related to your health.

Right to erasure

Data provided by you can be erased upon your request.

Withdrawal of consent

When the processing of data is subject to your consent, you may withdraw your consent at any time.

Right to lodge a complaint with a supervisory authority

If you consider that the processing of personal data relating to you infringes the Data Protection Regulation, you have the right to lodge a complaint with a supervisory aythority.

You may lodge your complaint also in the Member State of your habitual residence or place of work.


How is my personal data protected?

Clinic Helena applies appropriate physical, technical, and administrative protection measures to protect the data from misuse. These measures include, among others, control and filtering of network traffic, use of encryption techniques and safe data centers, appropriate access control, controlled granting of access rights and supervision of their use, giving instructions to staff participating in personal data processing, and risk management related to the planning, implementation, and maintenance of our services. Clinic Helena chooses its subcontractors carefully and uses agreement and other arrangements to ensure that they also process data compliance with law and good privacy practices.


Whom can I contact?

Data Protection Officer

Data Protection Officer Anneli Kettunen

Patient Ombudsman

The Patient Ombudsman Anneli Kettunen

The task of the patient ombudsman is

  • To provide advice and, where necessary, assist with matters related to the application of the Patient Act, such as submitting an objection and/or a noutification of patient injury
  • To inform patient of their rights and to act also otherwise for the promotion of patients’rights.

Do You want more information?