Register and Data Protection Statement

FINENTRY Service
User Information, December 14th 2020
Regulation 2016/679 of the European Parliament and of the Council (EU Data Protection Regulation)

Register and Data Protection Statement

1 ProcessorService provider: Joint Authority for the Hospital District of Helsinki and Uusimaa (HUS)
Address: Stenbäckinkatu 9, PO Box 100, 00029 HUS, Finland
Switchboard: +358-9- 4711
E-mail: keskuskirjaamo@hus.fi
Postal Address: HUS Central Registry, PO Box 200, 00029 HUS, Finland
2 Person Responsible for the RegisterMarkku Mäkijärvi, Chief Medical Officer
E-mail: markku.makijarvi@hus.fi
3 Data Protection OfficerHUS Keskuskirjaamo
PL 200
00029 HUS
E-mail: eutietosuoja@hus.fi
4 Contact Details for Matters Concerning the RegisterHUS Keskuskirjaamo
PL 200
00029 HUS
E-mail: eutietosuoja@hus.fi
5 Name of the Personal RegisterFINENTRY database processed by the Hospital District of Helsinki and Uusimaa (HUS). Finnish healthcare units (hospital district or municipality) that have adopted the service operate as the controllers for the coronavirus sampling of entrants in their respective areas.
6 Purpose of Processing Personal DataArranging sampling appointments and informing entrants on the instructions by the authorities during the COVID-19 pandemic.
7 Basis of Processing Personal DataEU’s General Data Protection Regulation (679/2016):
* Article 6(1c): Processing is necessary for compliance with a legal obligation to which the controller is subject.
* Article 6(1e): Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
* Article 9(2h): Processing is necessary for the purposes of medical diagnosis.
Finnish Legislation, www.finlex.fi:
Data Protection Act (1050/2018) and Communicable Diseases Act (1227/2016)
8 Data Content of the RegisterName, sex, date of birth, phone number, e-mail address, border crossing point, place of residence in Finland, means of transport, names and dates of birth of fellow passengers in case the data subject books a sampling appointment for them. Temporary identity code generated by the service.
9 Regular Sources of DataData will be collected from the registered subject (patient).
10 Receivers of Personal DataHealthcare professionals working at the helpdesk of a point of entry and COVID-19 sampling points. Communicable disease authority of the hospital district or municipality.
11 Regular Data Disclosuresa) Regional booking system for coronavirus sampling
b) Sample request to the laboratory system of the hospital district
c) Data of the subjects who have received a positive coronavirus test result are transferred to the communicable disease authority of the local hospital district/municipality for tracking purposes under the Communicable Diseases Act (1227/2016).
12 Data Retention TimeData contained in the FINENTRY database will be retained for 12 years, and logs related to its use will be retained for 12 years (logs referred to in Section 5 of the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare).
13 Rights of the Data SubjectUsers are informed on the application of data in the terms of service, which the user accepts upon registering to the service.
14 Transfer of Information Outside the EU/EEANo data will be transferred.  
15 Principles of Register ProtectionA Information Processed by IT
The professional who uses data in sampling or enters data provided to FINENTRY service by the user is required to undergo strong authentication to enter the system using an authentication card. Telecommunications and database of the service are protected in accordance with HUS IT Management’s data security and protection practices. The permission settings in the interface of the database restricts the access of healthcare operators to view only the data of the respective subjects/patients.
B Manual Material
The operations of FINENTRY database do not create manual material.
16 Right to Lodge a Complaint with a Supervisory AuthorityEvery registered data subject has a right to lodge a complaint to a supervisory authority, especially in the member state in which his or her habitual residence or work place is located or alleged infringement has occurred, in case the registered subject considers that Data Protection Regulation is violated in the data processing of his or her personal data, without prejudice to any other administrative or judicial remedy.
Details of the supervisory authority: Office of the Data Protection Ombudsman
Street address: Ratapihantie 9, 6th floor, 00520 Helsinki, Finland
Postal address: PO Box 800, 00521 Helsinki, Finland
Switchboard: +358-29- 56 66700
E-mail: tietosuoja@om.fi

Updated on November 29th, 2020