Tietosuojaseloste

Privacy notice:

General Data Protection Regulation (2016/679)

Privacy notice for the Varha app

The Varha app is the e-service of the Wellbeing Services County of Southwest Finland providing access to all digital services for local residents. The service is used by both residents and professionals. It enables remote and digital interaction between residents and professionals. The service can be used in a web browser and via a mobile app.

The service is provided by the healthcare and social welfare services and specialised healthcare services of the Wellbeing Services County of Southwest Finland. The scope of e-services varies according to the location and the sector. The service can be used for purposes such as chatting, sending non-urgent messages, joining a pre-booked remote consultation, or completing surveys and forms. The service allows the user to make specific appointments digitally (booking, checking, rescheduling and cancelling appointments). A professional can add the client to a digital care path.

This privacy notice is intended to inform users about the processing of personal data.

Controller

Wellbeing Services County of Southwest Finland (Varha), Business ID: 3221065-1, Kiinamyllynkatu 4–8, FI-20520 TURKU, email: kirjaamo(a)varha.fi

Purposes of and basis for the processing of personal data

The processing of personal data is based on the provision of care, treatment and services to the client. Personal data is processed as part of the provision of the services and as part of client and patient data. The personal data is used for the purpose of providing the Varha app to the residents and professionals of the Wellbeing Services County of Southwest Finland. The data is processed to enable equal access to the Varha app to all residents of the wellbeing services county.

The Varha app can be used to securely communicate with the wellbeing services county’s professionals. The service can only be used through strong identification. When registering, the client must accept the terms of use of the Varha app to be able to use the service. The service uses notifications to draw attention to changed information. The client gives his/her consent to receiving notifications either via the mobile app, by text message or via email to ensure client and patient safety. Personal data is processed in the system by the client him/herself, any person using the service on behalf of the client and professionals who have the right to process the data.

Categories of personal data processed

Client The nationwide suomi.fi e-identification system is used to identify the service users, and basic data is retrieved from the Varha patient information system.

The Varha app collects the following data:

Basic personal data (first name, last name, personal identity code, gender, language, address and municipality of residence) is saved for an identified client according to each service used
Information provided by the client (telephone number, email address)
Client and patient data saved by the client and other information provided by the client in connection with the processing of the matter and assessment of the processing of the matter
Information related to the processing of the e-service (such as the recording date and data source)
Events completed via the e-service (such as appointment booking data, the content of completed digital forms and other communications via the service)
Initiating or completing an administrative procedure concerning the collection of the client’s basic data or matter-specific data via the e-service
Collecting and processing of client feedback and client satisfaction data

No automated decision-making is applied to clients’ personal data. There is no statutory obligation for the client to submit data to the controller. However, failure to provide data may prevent the patient from receiving effective service and treatment.

Persons authorised to act on behalf of another person

For persons using the service on behalf of another person, basic personal data (first name, last name, personal identity code, address and municipality of residence) is saved in accordance with the service used. Using the service on behalf of another person is possible if the client has issued a suomi.fi e-authorisation (for handing social welfare/healthcare matters) or if the person using the service has custody of the client who is a child under the age of 12.

Using the Varha app on behalf of persons aged 12 to 17 has been restricted due to regulations on the status and rights of underaged persons. Young persons can use the service with their own means of identification (e.g. online banking credentials, a Mobile Certificate or the Citizen Certificate associated with their ID card).

Professionals

Professionals use the service in accordance with the user rights management system of the Wellbeing Services County of Southwest Finland. Access rights to client data are determined by the employee’s service-specific tasks. The processing of personal data and other use of the system are monitored with system logs. Professionals use personal data only to the extent necessary for the treatment or client relationship.

The healthcare and social welfare professional uses the client’s data to draft patient/client entries in a separate patient or client information system in order to treat the client or provide the requested service. Administrative procedures are recorded in the case management system.

Professionals use strong identification when logging in to the service. The system saves the professional’s details (name, job title, username, email). Professionals who process data are bound by an obligation to remain silent, which remains in force after the end of the employment relationship.

Cookies

The service uses cookies. Cookies are small text files that are saved on the user’s computer or mobile device. The service uses essential cookies that are necessary for the website to work properly, and for it to remain secure and pleasant to use. By using the service, a user automatically accepts the essential cookies. The essential cookies contain data related to the management of the session, such as the session ID. The service does not use any marketing cookies.

The anonymised statistics collected by the analytics tool can only be viewed by service developers, who use the data to make the service more user-friendly.

The anonymised statistical data generated from the use of the Varha app may be used for service development, analysis and reporting.

Personal data retention periods

The service-related data saved in the Varha app is retained for a period of three (3) years. Customer data processing logs are retained for 12 years. Log data transferred from suomi.fi e-authorisation or the Population Information System is retained for five (5) years.

The professional records a summary of the matter in the client/patient information system/case management system, where the information is retained for the period required by law.

Personal data storage locations

The personal data saved in the Varha app is retained within the EU/EEA. No personal data is transferred to outside the EU/EEA.

Data sources

The suomi.fi service, Varha’s client and patient information systems, and information provided by the client.

Processing and disclosure of personal data

Data may only be disclosed with the consent of the client, the client’s custodian or guardian, or when required by law.

Data subject’s rights

Data subjects have the right to know what personal data is being processed and how. Data subjects may submit written audit requests to the controller. The controller will decide whether an audit under Article 15 of the General Data Protection Regulation (EU 2016/679) will be carried out.

Data subjects may supplement or amend the information provided in the Varha app, such as their basic personal data.