Privacy Policy

Register Details

1. Name of Register

Patient and customer register belonging to TT Botnia Oy and YritysBotnia Oy.

2. Data Controller(s)

TT Botnia Oy, Business ID 29953964
YritysBotnia Oy, Business ID

Official in charge of the register: name, title, and contact details
Chief Medical Officer Tiina Lehtinen
Pitkäkatu 35, 65100 Vaasa, FINLAND
tel. +358 6 521 5500

TT Botnia Oy YritysBotnia Oy
Pitkäkatu 35, 65100 Vaasa, FINLAND
tel. +358 6 521 5500

3. Register Contact Person and Contact Details

4. Processing of Personal Data in the Register has been Outsourced under a Commission Contract


Maintenance tasks connected to electronic information systems and their servers as well as
application specialist support involve commissions. These include e.g. electronic appointment
booking, the TT Botnia website, and external health care operators who process personal data on
behalf of TT Botnia to the extent required by the contract and for the performance of tasks,
including laboratory and imaging services.

5. Purpose of Personal Data Processing

  • Organisation and implementation of occupational health care services.
  • Planning, implementation, and archiving of customers’ examinations and treatment.
  • Invoicing of customers and business customers.
  • Planning and compilation of statistics of the data controller’s own activities
  • Implementation of statutes and regulations issued for private health care operations.

6. Legal Basis for the Processing of Personal Data

Legal obligation

Governing legislation (most central):

  • EU General Data Protection Regulation (2016/679)
  • Data Protection Act (1050/2016)
  • Occupational Health Care Act with related Decrees (1383/2001)
  • Act on the Status and Rights of Patients (785/1992)
  • Electronic Prescriptions Act (61/2007)
  • Act on Health Care Professionals (559/1994)
  • Act on the Secondary Use of Health and Social Data (552/2019)
  • Act on Organizing Healthcare and Social Welfare Services (612/2021)
  • Act on the Electronic Processing of Client Data in Healthcare and Social Welfare (784/2021)
  • Occupational Safety and Health Act (738/2002)
  • Radiation Safety Act (592/1991) as amended
  • Communicable Diseases Act (1227/2016) as amended
  • STUK Regulations



  • Data in the register shall be used for automated individual decisions, including profiling.
  • Personal data shall be processed or collected to provide services directly to a child (under 13 years
    of age).

Personal Data, Data Sources, and Data Disclosure

7. Personal Data in the Register

  • For occupational health care customers: job title, employer, employer’s contact details, insurance
    company’s details, possible health hazards connected to the workplace
  • Customers health information and patient data
  • Laboratory, imaging, and other research data
  • Details of the authors or readers of the entry

8. Register Data Maintenance Systems (name[s] of system[s] or application[s])

  • Acute patient information system, VitecAcute Oy
  • mBooking time reservation system, Movendos Oy
  • mClinic remote appointment system, Movendos Oy
  • mSurvey digital health survey, Movendos Oy
  • Opiferus enterprise resource management, Softwave Ohjelmistot Oy
  • Opiferus economic planning, Softwave Ohjelmistot Oy
  • Timecon Worktime time tracking software, Stanley Security
  • Telia ACE customer service system, Telia Oyj
  • City of Vaasa Webtallennus, CGI

9. The Register Contains Hard Copy (Paper) Material


10. Data Sources

  • Digital and Population Data Services Agency
  • Customer/patient himself/herself
  • Personnel, data accumulated in connection to examinations and treatment, and responses from
  • Documents from rehabilitation facilities and other health care units
  • Occupational health care provider’s customer companies
  • Insurance companies
  • HR groups

11. Data Protection Principles

The storage, archiving, deletion, and other processing of data is governed by archive accumulation
plans, data protection guidelines, and information security guidelines. Data entered electronically
in the register is protected so that only authorised persons have access to it. Each individual must
sign an agreement on the nondisclosure and use of data and information systems when granted
user rights.

12. Disclosure of Personal Data in the Register

  • Regular Disclosure of Register Data: Yes
  • To whom? Data is disclosed to authorities maintaining national social welfare and health care
    registers for the purpose of research, planning, and statistical activities as well in other statutory
  • Grounds for Disclosure of Data: Governing legislation and regulations

13. Transfer of Register Data to a Third Country or an International Organization (Outside the EU or European Economic Area [EEA])


14. Personal Data Storage Period / Criteria for Determining Storage Period

Storage shall be implemented in accordance with the archiving plans of TT Botnia and YritysBotnia.

15. Rights of the Data Subject

The rights of the data subject and instructions on how to exercise them are described in Appendix 1.