Privacy Policy

Updated: November 27, 2026

1. Data Controller

Tunturi Medical Center Ltd (Tunturin Lääkärikeskus Oy)

  • Business ID: FI09530585
  • Email: info (at) tunturinlaakari.fi
  • Phone: +358 40 040 7765

2. Contact Person for Data Protection

In matters related to data protection and request processing, please contact via email: info (at) tunturinlaakari.fi

3. Name and Purpose of the Register

Register Name: Tunturi Medical Center Patient and Client Register.

Personal data is processed for the following purposes:

  • Arranging and implementing patient care and examinations.
  • Maintaining client relationships and managing appointments.
  • Invoicing, payment monitoring, and debt collection.
  • Regulatory reporting and fulfilling legal obligations (e.g., Patient Data Act and Health Care Act).
  • Service development and quality monitoring.

4. Legal Basis for Processing

Data processing is based on one of the following:

  • Legal Obligation: For example, the Patient Data Act obligates healthcare providers to record medical records.
  • Contract: When a client books an appointment or uses our services.
  • Consent: For example, for marketing communications or feedback collection, if the law does not permit it on other grounds.

5. Data Subjects

The register contains information on the following groups:

  • Patients using Tunturi Medical Center’s services.
  • Individuals who book an appointment or contact us electronically, by phone, or in person.

6. Personal Data Processed

The register may process data necessary for care and the client relationship, such as:

  • Basic Information: Name, Personal Identity Code (social security number), contact details (address, phone, email), gender, date of birth, and citizenship.
  • Transaction Data: Appointments, visit details, and billing information.
  • Health Data: Medical records, diagnoses, test results, medications, and other data essential for treatment.
  • Other Data: Insurance details, client feedback, and correspondence with the client.

7. Retention Period

Data is retained for the period required by legislation:

  • Patient Records: Generally 12 years from death or 120 years from birth (Patient Data Act).
  • Accounting Records (e.g., invoices): At least 6 years from the end of the financial year (Accounting Act).
  • Other data is deleted when there is no longer a legal basis for processing it.

8. Data Sources

Information is primarily obtained:

  • From the data subject themselves during booking, preliminary information forms, or visits.
  • From healthcare professionals participating in the treatment.
  • From insurance companies (e.g., payment commitments) and authorities within the limits permitted by law.

9. Disclosure and Transfer of Data

Data is not disclosed to third parties without the patient’s consent, except when required by law.

  • Disclosures: Data may be disclosed to authorities (e.g., Kela, THL), insurance companies, or follow-up care providers only based on law or consent.
  • Data Transfer: Data is not transferred outside the EU or EEA without appropriate safeguards in accordance with the GDPR.

10. Data Security

Tunturi Medical Center maintains a high level of data security:

  • Digital Data: Protected by firewalls, encryption, and personal access rights. Only authorized employees have access to the data.
  • Physical Data: Stored in locked and monitored premises.
  • Personnel are bound by a confidentiality obligation.

11. Rights of the Data Subject

In accordance with the GDPR, the data subject has the right to:

  • Access and inspect their own data.
  • Request the correction of incorrect data.
  • Request the erasure of data (Note: The law obligates healthcare providers to retain patient data for a specific period, during which it cannot be deleted upon request).
  • Withdraw given consent.
  • Lodge a complaint with the Data Protection Ombudsman if they believe that the processing of data has violated the law.

Data requests must be submitted in writing to the contact person mentioned in section 2.

12. Cookies

The Tunturi Medical Center website uses cookies to ensure site functionality and for visitor statistics. Cookies are not used to collect identifiable health data. The user can manage cookie settings in their browser.

13. Changes to the Privacy Policy

We reserve the right to update this policy as legislation or our operations change. The up-to-date version is always available on our website.