Last updated April 26, 2021
Medified Solutions processes your data with due care in accordance with all applicable laws and regulations.
The following Privacy Statement explains what data we process, how we do that, and how you may use your rights as a data subject and as an End-User (e.g., right to object and right of access). If you have any other questions or concerns about our policy or our practices, feel free to contact us through this email. You can also download a pdf version from here.
Do you want to see this in Finnish? Here you go. Tietosuojapolitiikka
1. Identity of the controller of the processing of your personal data
The controller of the processing of the personal information is: Medified Solutions Oy
Company ID in Finnish Trade Register: 2986607-8
Correspondence address: Tampellan Esplanadi 11 A 146, 33100 Tampere
E-mail address: email@example.com
In cases where the End User uses the Medified solution as a part of the services provided by a Mental Healthcare Service Provider, Medified will be a Dual Controller with the service provider. In this case both the Mental Healthcare Provider and Medified fully share Controller responsibilities. You can find our Dual Contoller Partners on www.medified.fi under ”Data Sharing Partners”. Medified only shares patient data with the Partners found on this list when the End User has given consent and is receiving treatment services from the partner.
What, why, and when we collect information
2. Personal data processed, sources of data, purposes of processing and legal grounds for processing
Medified collects two types of information from our End-User:
Although we do not normally use Technical Data to identify you as an individual, you can sometimes be recognized from it (i.e. IP Address). In such situations, Technical Data can also be considered personal data under applicable laws
More precisely, we process the following groups of personal data for below identified purposes and on the legal grounds as presented hereunder:
Group of personal data
Source of personal data
Purpose of processing
Legal ground for processing
End-User identification and contact data such as first and last name and e-mail address
You as End-User through our website and/or mobile platform
Identification of you as End-User; Provision of our services to you; Maintaining our services; Developing our services; Providing necessary information to you regarding our services; Marketing; and Customer satisfaction surveys
Legitimate interest except for marketing that requires your consent.
End-User health and health services provision related data, namely, gender, date of birth, healthcare service location, mental health data, caregiver/patient assignment, height and weight, healthcare professional contact info and title and other data that may be incorporated within.
You as End-User through our website and/or mobile platform
Provision of our services to you; Enabling you to share your mental health and treatment/care related it with your healthcare professional treating you; and Enabling your healthcare professional treating you to asses your care/treatment based on your own experience
Consent provided by you as End-User to us and agreement (Terms of Service) executed with you and an agreement executed with the health care professional
Technical data such as browser name, the type of computer or device, time spent on website, interaction with the Services, URL of the website you visited before and after visiting the Services, the time and date of user visits, browsing habits, IP address, operating system and the Internet service providers utilized
Collected automatically while you visit or interact with our services or websites
Provision of our services to you; Maintaining our services; and Developing our services; Quality improvement and quality related analyses; Use of service related analyses
Consent provided by you as End-User to us
Customer satisfaction data
You as End-User via surveys directed to you
Maintaining our services; and Developing our services; Quality improvement; Use of service related analyses
Consent provided by you to us
Quality improvement and use of service-related analysis
As identifies above, we may process information about your use of the services to improve the quality of our services e.g. by analyzing any trends in the use of our services e.g. by analyzing any trends in the use of our services. When possible, we will do this using only aggregated, non-personally identifiable data.
We may process information about your use of services to research purposes which aim at e.g. increasing scientific knowledge in field of psychiatrics and nursing science. When possible, we will do this using only aggregated, non-personally identifiable data. Anonymized data can be shared to third parties in research purposes. Legal basis of the personal data’s anonymization is our privilege as the register holder. Regulations on data privacy don’t apply to the anonymized data because registered persons are not identifiable.
Data transfers outside EU/EEC
3. Transfer of personal data to countries outside EU/EEC
Medified may transfer your personal data to countries outside the European Union and the European Economic Area (EEA) which the European Commission has decided to provide an adequate level of data protection (“Data Protection Adequacy Decision”) without additional measures required. For more detailed information: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
When we transfer any data to a country for which no adequacy decision of the European Commission exists, such transfer will be subject to the provisions of the (standard or other) clauses adopted by the European Commission, separate contractual clauses adopted by the European Commission apply, and only when such countries provide for the same level of contractual protection of personal data as within the EEA. For more detailed information: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en
If you as End-User, use our services outside the EEA then your data will be transferred to your device. If you wish to know more about international transfers of your personal data, you may contact us via the contact details above.
Whit whom and why we share your data
4. Recipients and processors of personal data
We only share your personal data within the organization of Medified if and as far as reasonably necessary to perform and develop our services, e.g. with our customer service and marketing employees.
We do not share your personal data with third parties outside of Medified unless one of the following circumstances applies:
It is necessary for the purposes of this Privacy Statement
To the extent that third parties need access to personal data to perform such services, Medified has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Statement and in accordance with all applicable laws and regulations. Furthermore, we may provide your personal data to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in accordance with our Privacy Statement and any other appropriate obligations of confidentiality and security measures.
For legal reasons
We may share your personal data with third parties outside Medified if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Medified, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.
With your explicit consent
We may share your personal data with third parties outside Medified for other reasons than the one mentions before, when we have your explicit consent to do so, unless such is necessary for the provisions of our services. You have the right to withdraw this consent at all times.
Information of third parties
For Medified company webpage, Medified.fi we share data with the following Technical Partners:
At the moment there are no Technical Partners for this cause.
Medified only shares End User email addresses with AWS for accessing the Medified Application, which has a mobile and web component. For more information on AWS privacy, please visit here https://aws.amazon.com/privacy/
Our sites may use Google Analytics and other web analytics services to compile reports on visitor usage and to help us improve our sites and services. For an overview of Google Analytics, please visit http://www.google.com/analytics/. You can opt-out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout.
How long do we keep your data
5. Storage period
Medified does not store your personal data longer than is legally permitted and necessary for the purposes for which the data were collected. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use. In general, we store data for the provision of services for a maximum of five years after our relation ends to maintain service continuity.
Your health and provision of health services related data may be subject to laws and regulations related to patient data and its retention which sets more detailed requirements for storing such data. Most commonly, such data should be stored for 12 years after the specific care/treatment was finished. For more information, please see applicable regulation: https://www.finlex.fi/fi/laki/ajantasa/2009/20090298.
What other rights you have as a user
6. Your rights as data subject
Right to access
Medified offers you access to the personal data we process. This means you can contact us asking us to inform you about your personal data that we have collected and processed and the purposes such data are used for.
Right to correct
You have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us.
Right to deletion
You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data have been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems.
Right to object
You may object to certain use of your personal data if such data are processed for other purposes than necessary for the performance of our services or for compliance with a legal obligation. You may also object any further processing of your personal data after prior given consent. If you object to the further processing of your personal data, this may lead to fewer possibilities to use our websites and other services.
You have the right to opt-in/opt-out of receiving electronic direct marketing communications from us by clicking on the opt-out link provided in all marketing communications we send you and choosing not to receive marketing communications from us in the future. You also have the right to prohibit us from using your personal data for direct marketing purposes and market research by contacting us on the addresses indicated above.
Right to restriction of processing
You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our websites and other services.
Right to data portability
You have the right to receive your personal data from us in a structured, commonly used format in order to transmit the data to another controller.
How to use your rights
You may use these rights by sending a letter or e-mail, including your name, address, phone number and a copy of a valid ID to us to the addresses set out above. If your request regards personal data in a cookie, you have to enclose a copy of the said cookie. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
How to lodge a complaint:
In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection. For more information, see www.tietosuoja.fi.
How we protect your data
7. Information security
We will take all reasonable, appropriate technical, security and organizational means and measures appropriate considering the nature and purposes of processing and the nature of personal data processed, to protect Medified and our customers from unauthorized access to or unauthorized alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should, despite the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible.
9. Applicability and changes
Our Privacy Statement applies worldwide, to all of the services offered by Medified. This Privacy Statement is published in English. Our Privacy Statement may change from time to time. You can find the current version on our website medified.fi. We will not make substantial changes to this Privacy Statement or reduce your rights under this Privacy Statement without providing you with a notice.