Privacy Policy

Last updated September 22, 2020

 

Medified Solutions processes your data with due care in accordance with all applicable laws and regulations.

 

Medified Solutions Oy ("Medified", "we", "us" or "our") has implemented this Privacy Policy to provide users of the Medified website (www.medified.fi) (Website) and the Medified (former Mielipäiväkirja) application (App) with information about how we collect, hold and use Information you provide to us through the Website or the App or if you email one of the contact emails or forms listed on the Website or the App. 

 

This Privacy Statement applies to all personal data that we process during the execution of our services, including the personal data of visitors of the Medified Solutions websites. We may update this Privacy Statement from time to time in response to changing legal, technical or business developments. All information collected by us through the Website or the App will be governed by our most recent Privacy Policy, posted on the Website and the App.

 

The following Privacy Statement explains what data we process, how we do that, and how you may use your rights as a data subject and as an End-User (e.g., right to object and right of access). If you have any other questions or concerns about our policy or our practices, feel free to contact us through this email. You can also download a pdf version from here.

General Information

 

1. Identity of the controller of the processing of your personal data

 

The controller of the processing of the personal information is: Medified Solutions Oy

Company ID in Finnish Trade Register: 2986607-8

 

Correspondence address: Tampellan Esplanadi 11 A 146, 33100 Tampere

 

E-mail address: info@medified.fi

 

https://www.medified.fi

In cases where the End User uses the Medified solution as a part of the services provided by a Mental Healthcare Service Provider, Medified will be a Dual Controller with the service provider. In this case both the Mental Healthcare Provider and Medified fully share Controller responsibilities. You can find our Dual Contoller Partners on www.medified.fi under ”Data Sharing Partners”. Medified only shares patient data with the Partners found on this list when the End User has given consent and is receiving treatment services from the partner.

What, why and when we collect information

 

2. Personal data processed, sources of data, purposes of processing and legal grounds for processing

 

Medified Solutions collects two types of information from our End-User:

 

  • User Data

  • Technical Data 

 

Although we do not normally use Technical Data to identify you as an individual, you can sometimes be recognized from it (i.e. IP Address). In such situations, Technical Data can also be considered personal data under applicable laws.
 

We may collect and process the following User Data:

  • End-User identification and contact data such as first and last name and e-mail address

  • End-User health and health services provision related data

    • namely 

    • gender 

    • date of birth 

    • healthcare service location

    • mental health data

    • caregiver/patient assignment

    • height and weight

    • healthcare professional contact info and title

    • other data that may be incorporated within

  • Technical data

    • browser name

    • the type of computer or device

    • time spent on website

    • interaction with the Services

    • URL of the website you visited before and after visiting the Services

    • the time and date of user visits

    • browsing habits

    • IP address

    • operating system

    • the Internet service providers utilized

  • Customer satisfaction data

More precisely, we process the following groups of personal data for below identified purposes and on the legal grounds as presented hereunder:

Group of personal data
Source of personal data
Purpose of processing
Legal ground for processing
End-User identification and contact data such as first and last name and e-mail address
You as End-User through our website and/or mobile platform
Identification of you as End-User; Provision of our services to you; Maintaining our services; Developing our services; Providing necessary information to you regarding our services; Marketing; and Customer satisfaction surveys
Legitimate interest except for marketing that requires your consent.
End-User health and health services provision related data, namely, gender, date of birth, healthcare service location, mental health data, caregiver/patient assignment, height and weight, healthcare professional contact info and title and other data that may be incorporated within.
You as End-User through our website and/or mobile platform
Provision of our services to you; Enabling you to share your mental health and treatment/care related it with your healthcare professional treating you; and Enabling your healthcare professional treating you to asses your care/treatment based on your own experience
Consent provided by you as End-User to us and agreement (Terms of Service) executed with you and an agreement executed with the health care professional
Technical data such as browser name, the type of computer or device, time spent on website, interaction with the Services, URL of the website you visited before and after visiting the Services, the time and date of user visits, browsing habits, IP address, operating system and the Internet service providers utilized
Collected automatically while you visit or interact with our services or websites
Provision of our services to you; Maintaining our services; and Developing our services; Quality improvement and quality related analyses; Use of service related analyses
Consent provided by you as End-User to us
Customer satisfaction data
You as End-User via surveys directed to you
Maintaining our services; and Developing our services; Quality improvement; Use of service related analyses
Consent provided by you to us

Quality improvement and use of service-related analysis

As identifies above, we may process information about your use of the services to improve the quality of our services e.g. by analyzing any trends in the use of our services. When possible, we will do this using only aggregated, non-personally identifiable data.

Data transfers outside EU/EEC

 

3. Transfer of personal data to countries outside EU/EEC

 

Medified Solutions may transfer your personal data to countries outside the European Union and the European Economic Area (EEA) which the European Commission has decided to provide an adequate level of data protection (“Data Protection Adequacy Decision”). More information: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfersoutside-eu/adequacy-protection-personal-data-non-eu-countries_en

When we transfer any data to a country for which no adequacy decision of the European Commission exists, such transfer will be subject to the provisions of the (standard or other) clauses adopted by the European Commission, separate contractual clauses adopted by the European Commission apply, and only when such countries provide for the same level of contractual protection of personal data as within the EEA. For more detailed information: https://eur-lex.europa.eu/legalcontent/EN/TXT/PDF/?uri=CELEX:32010D0087&from=en

If you as End-User, use our services outside the EEA then your data will be transferred to your device. If you wish to know more about international transfers of your personal data, you may contact us via the contact details above.

Whit whom and why we share your data

 

4. Recipients and processors of personal data

 

We only share your personal data within the organization of Medified Solutions if and as far as reasonably necessary to perform and develop our services, e.g. with our customer service and marketing employees.

 

We do not share your personal data with third parties outside of Medified Solutions unless one of the following circumstances applies:

 

It is necessary for the purposes of this Privacy Statement

To the extent that third parties need access to personal data to perform such services, Medified Solutions has taken the appropriate contractual and organizational measures to ensure that your data are processed exclusively for the purposes specified in this Privacy Statement and in accordance with all applicable laws and regulations. Furthermore, we may provide your personal data to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in accordance with our Privacy Statement and any other appropriate obligations of confidentiality and security measures.

 

For legal reasons

We may share your personal data with third parties outside Medified Solutions if we have a good-faith belief that access to and use of the personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of Medified Solutions, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.

 

With your explicit consent

We may share your personal data with third parties outside Medified Solutions for other reasons than the one mentions before, when we have your explicit consent to do so, unless such is necessary for the provisions of our services. You have the right to withdraw this consent at all times.

Information of third parties

For Medified company webpage, Medified.fi we share data with the following Technical Partners:

  • At the moment there are no Technical Partners for this cause.

Medified only shares End User email addresses with AWS for accessing the Medified Application, which has a mobile and web component. For more information on AWS privacy, please visit here https://aws.amazon.com/privacy/

Our sites may use Google Analytics and other web analytics services to compile reports on visitor usage and to help us improve our sites and services. For an overview of Google Analytics, please visit http://www.google.com/analytics/. You can opt-out of Google Analytics with this browser add-on tool: https://tools.google.com/dlpage/gaoptout.

How long do we keep your data

 

5. Storage period

 

Medified does not store your personal data longer than is legally permitted and necessary for the purposes for which the data were collected. The storage period depends on the nature of the information and the purposes of processing. The maximum period may therefore vary per use. In general, we store data for the provision of services for a maximum of five years after our relation ends to maintain service continuity.

 

Your health and provision of health services related data may be subject to laws and regulations related to patient data and its retention which sets more detailed requirements for storing such data. Most commonly, such data should be stored for 12 years after the specific care/treatment was finished. For more information, please see applicable regulation: https://www.finlex.fi/fi/laki/ajantasa/2009/20090298.

What other rights you have as a user

 

6. Your rights as data subject

Right to access

Medified Solutions offers you access to the personal data we process. This means you can contact us asking us to inform you about your personal data that we have collected and processed and the purposes such data are used for.

Right to correct

You have the right to have incorrect/unprecise, incomplete, outdated, or unnecessary personal data we have stored about you corrected or completed by contacting us.

Right to deletion

You may also ask us to delete your personal data from our systems. We will comply with such request unless we have a legitimate ground to not delete the data. After the data have been deleted, we may not immediately be able to delete all residual copies from our active servers and backup systems.

Right to object

You may object to certain use of your personal data if such data are processed for other purposes than necessary for the performance of our services or for compliance with a legal obligation. You may also object any further processing of your personal data after prior given consent. If you object to the further processing of your personal data, this may lead to fewer possibilities to use our websites and other services.

You have the right to opt-in/opt-out of receiving electronic direct marketing communications from us by clicking on the opt-out link provided in all marketing communications we send you and choosing not to receive marketing communications from us in the future. You also have the right to prohibit us from using your personal data for direct marketing purposes and market research by contacting us on the addresses indicated above.

Right to restriction of processing

You may request us to restrict certain processing of your personal data. If you restrict certain processing of your personal data, this may lead to fewer possibilities to use our websites and other services.

 

Right to data portability

You have the right to receive your personal data from us in a structured, commonly used format in order to transmit the data to another controller.

 

How to use your rights

You may use these rights by sending a letter or e-mail, including your name, address, phone number and a copy of a valid ID to us to the addresses set out above. If your request regards personal data in a cookie, you have to enclose a copy of the said cookie. We may request the provision of additional information necessary to confirm your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.

 

How to lodge a complaint:

In case you consider our processing activities of your personal data to be inconsistent with the applicable data protection laws, you may lodge a complaint with the local supervisory authority for data protection. For more information, see www.tietosuoja.fi.

How we protect your data

 

7. Information security

We will take all reasonable, appropriate technical, security and organizational means and measures appropriate considering the nature and purposes of processing and the nature of personal data processed, to protect Medified and our customers from unauthorized access to or unauthorized alteration, disclosure or destruction of personal data we hold. Measures include, where appropriate, encryption, firewalls, secure facilities and access rights systems. Should, despite the security measures, a security breach occur that is likely to have negative effects to your privacy, we will inform you about the breach as soon as reasonably possible.

Cookies

 

8. Cookies

We use various technologies to collect and store information when you visit a Medified Solutions website, including cookies. Cookies allow us to calculate the aggregate number of people visiting our websites and monitor the use of the websites. This helps us to improve our websites and better serve our users. We also use cookies that make the use of the website easier for you, for example by remembering usernames, passwords and (language) preferences. We also use tracking and analytics cookies to see how well our services are being received by our users.

You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, note that some parts of our sites and services may not function properly. For more information about cookies and how to delete them, visit www.allaboutcookies.org.

Applicability and changes to our privacy policy

 

9. Applicability and changes

 

Our Privacy Statement applies worldwide, to all of the services offered by Medified Solutions. This Privacy Statement is published in English. Our Privacy Statement may change from time to time. You can find the current version on our website Medified.fi. We will not make substantial changes to this Privacy Statement or reduce your rights under this Privacy Statement without providing you with a notice.