|FINENTRY Service |
User Information, December 14th 2020
|Regulation 2016/679 of the European Parliament and of the Council (EU Data Protection Regulation)|
Register and Data Protection Statement
|1 Processor||Service provider: Joint Authority for the Hospital District of Helsinki and Uusimaa (HUS) |
Address: Stenbäckinkatu 9, PO Box 100, 00029 HUS, Finland
Switchboard: +358-9- 4711
Postal Address: HUS Central Registry, PO Box 200, 00029 HUS, Finland
|2 Person Responsible for the Register||Markku Mäkijärvi, Chief Medical Officer |
|3 Data Protection Officer||HUS Keskuskirjaamo|
|4 Contact Details for Matters Concerning the Register||HUS Keskuskirjaamo|
|5 Name of the Personal Register||FINENTRY database processed by the Hospital District of Helsinki and Uusimaa (HUS). Finnish healthcare units (hospital district or municipality) that have adopted the service operate as the controllers for the coronavirus sampling of entrants in their respective areas.|
|6 Purpose of Processing Personal Data||Arranging sampling appointments and informing entrants on the instructions by the authorities during the COVID-19 pandemic.|
|7 Basis of Processing Personal Data||EU’s General Data Protection Regulation (679/2016): |
* Article 6(1c): Processing is necessary for compliance with a legal obligation to which the controller is subject.
* Article 6(1e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
* Article 9(2h): Processing is necessary for the purposes of medical diagnosis.
Finnish Legislation, www.finlex.fi:
Data Protection Act (1050/2018) and Communicable Diseases Act (1227/2016)
|8 Data Content of the Register||Name, sex, date of birth, phone number, e-mail address, border crossing point, place of residence in Finland, means of transport, names and dates of birth of fellow passengers in case the data subject books a sampling appointment for them. Temporary identity code generated by the service.|
|9 Regular Sources of Data||Data will be collected from the registered subject (patient).|
|10 Receivers of Personal Data||Healthcare professionals working at the helpdesk of a point of entry and COVID-19 sampling points. Communicable disease authority of the hospital district or municipality.|
|11 Regular Data Disclosures||a) Regional booking system for coronavirus sampling |
b) Sample request to the laboratory system of the hospital district
c) Data of the subjects who have received a positive coronavirus test result are transferred to the communicable disease authority of the local hospital district/municipality for tracking purposes under the Communicable Diseases Act (1227/2016).
|12 Data Retention Time||Data contained in the FINENTRY database will be retained for 12 years, and logs related to its use will be retained for 12 years (logs referred to in Section 5 of the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare).|
|13 Rights of the Data Subject||Users are informed on the application of data in the terms of service, which the user accepts upon registering to the service.|
|14 Transfer of Information Outside the EU/EEA||No data will be transferred.|
|15 Principles of Register Protection||A Information Processed by IT |
The professional who uses data in sampling or enters data provided to FINENTRY service by the user is required to undergo strong authentication to enter the system using an authentication card. Telecommunications and database of the service are protected in accordance with HUS IT Management’s data security and protection practices. The permission settings in the interface of the database restricts the access of healthcare operators to view only the data of the respective subjects/patients.
B Manual Material
The operations of FINENTRY database do not create manual material.
|16 Right to Lodge a Complaint with a Supervisory Authority||Every registered data subject has a right to lodge a complaint to a supervisory authority, especially in the member state in which his or her habitual residence or work place is located or alleged infringement has occurred, in case the registered subject considers that Data Protection Regulation is violated in the data processing of his or her personal data, without prejudice to any other administrative or judicial remedy. |
Details of the supervisory authority: Office of the Data Protection Ombudsman
Street address: Ratapihantie 9, 6th floor, 00520 Helsinki, Finland
Postal address: PO Box 800, 00521 Helsinki, Finland
Switchboard: +358-29- 56 66700
Updated on November 29th, 2020