Offer request
Remote reception & Booking

Privacy Policy

Register Details

1. Name of Register

TT Botnia – Patient and Client Register of Yritys Botnia Oy

2. Data Controller(s)

TT Botnia Oy, Business ID 2995396-4
Yritys Botnia Oy, Business ID

Official in charge of the register: name, title, and contact details
Chief Medical Officer Tiina Lehtinen
Pitkäkatu 35, 65100 Vaasa, FINLAND
tel. +358 6 521 5500

TT Botnia Oy YritysBotnia Oy
Pitkäkatu 35, 65100 Vaasa, FINLAND
tel. +358 6 521 5500
https://www.ttbotnia.fi

3. Register Contact Person and Contact Details

tietosuojavastava@ttbotnia.fi

4. Processing of Personal Data in the Register has been Outsourced under a Commission Contract

Yes

Maintenance tasks connected to electronic information systems and their servers as well as
application specialist support involve commissions. These include e.g. electronic appointment
booking, the TT Botnia website, and external health care operators who process personal data on
behalf of TT Botnia to the extent required by the contract and for the performance of tasks,
including laboratory and imaging services.

Privacy Notice
EU General Data Protection Regulation
(2016/679), Articles 13 and 14

5. Purpose of Personal Data Processing

  • Organisation and implementation of occupational health care services.
  • Planning, implementing, and archiving examinations and treatment of clients.
  • Invoicing of customers and business customers.
  • Planning and compilation of statistics of the data controller’s own activities
  • Compliance with regulations and provisions governing private healthcare activities.

6. Legal Basis for the Processing of Personal Data

  • Legal obligation
    • Governing legislation key acts include:
      • EU Artificial Intelligence Act (2024/1689) 
      • EU General Data Protection Regulation (2016/679)
      • Cybersecurity Act (124/2025)
      • Act on the Supervision of Certain Artificial Intelligence Systems (1377/2025)
      • Act on the Status and Rights of Patients (785/1992)
      • Act on the Processing of Client Data in Social and Health Care (703/2023)
      • Act on Organizing Social and Health Care (612/2021)
      • Act on the Secondary Use of Social and Health Data (552/2019)
      • Act on Electronic Prescriptions (61/2007)
      • Act on Healthcare Professionals (559/1994)
      • NIS2 Directive (2025/2555)
      • STUK regulations
      • Radiation Act (859/2018)
      • Communicable Diseases Act (1227/2016)
      • Data Protection Act (1050/2016)
      • Occupational Health Care Act with decrees (1383/2001)
      • Occupational Safety and Health Act (738/2002)


Consent

  • Data in the register shall be used for automated individual decisions, including profiling.

Personal Data, Data Sources, and Data Disclosure

7. Personal Data in the Register

  • For occupational health care clients: professional title, employer, employer contact details, insurance company information, and potential health hazards related to the workplace.
  • Client health and patient records.
  • Laboratory, imaging, and other examination data.
  • Information about persons making or viewing entries.

8. Register Data Maintenance Systems (name[s] of system[s] or application[s])

  • Acute patient information system, Vitec-Acute Oy
  • Audioconsole hearing test equipment, Oscilla A/S
  • Diktamen dictation system, Diktamen Oy
  • LifeCare Laboratory Service, TietoEvry Finland Oy
  • Medikro spirometer, Medikro Oy
  • Movendos Health Platform, Movendos-OivaHealth Oy
    Includes the following product modules:
    • mBooking appointment scheduling solution
    • mClinic remote consultation solution
    • mClinic-Lite video consultation
    • mShare occupational health portal
    • mSurvey health questionnaires
  • My+ laboratory system, Mylab Oy
  • Orla remote measurement, Orla DTx Oy
  • Opiferus enterprise resource planning system, Softwave ohjelmistot Oy
  • Opiferus financial planning, Softwave ohjelmistot Oy
  • Timecon WorkTime time tracking, Securitas Technology Oy
  • Telia ACE customer service solution, Telia Oyj
  • 73Health software service, 73Health Oy

9. The Register Contains Hard Copy (Paper) Material

Yes

10. Data Sources

  • Digital and Population Data Services Agency
  • The client or patient
  • Staff, data collected in connection with examinations and treatment, and responses to consultations
  • Documents received from rehabilitation institutions and other healthcare units
  • Occupational health care client companies
  • Insurance companies
  • HR interfaces

11. Data Protection Principles

Data storage, archiving, destruction, and other processing are guided by a records management plan and data security and data protection guidelines. Data stored electronically in the register are protected so that only authorized persons may access them. Each user accepts a confidentiality and data system usage commitment when granted access rights.

12. Disclosure of Personal Data in the Register

  • Regular Disclosure of Register Data: Yes
  • To whom? Data are disclosed to authorities maintaining national social and healthcare registers for research, planning, and statistical purposes, as well as in other situations required by law
  • Legal basis for disclosure: Governing legislation and regulations

13. Disclosure of Register Data to a Third Country or International Organization (Outside the EU or the European Economic Area EEA)

No

14. Retention Periods for Personal Data or Criteria for Determining Retention Periods

Retention is carried out in accordance with the records management plans of TT Botnia and Yritys Botnia.

15. Rights of the Data Subject

The rights of the data subject and instructions on how to exercise them are described in Appendix 1.