Privacy Policy and Data Protection
This is a summary translation of Rentokorpi's privacy policy. Please note that the official and primary version of the policy is in Finnish. This English version is provided for informational purposes only to help English-speaking clients understand how personal data is handled.
1. Data Controller
Rentokorpi, Puutarhakatu 16 B 3.floor 307, 33210 Tampere, Finland
2. Contact Person for Registry Matters
Lasse Rintakorpi
lasse.rintakorpi@gmail.com
+358 50 3434 268
3. Name of the Register
Customer Register – includes client contact information, booking details and treatment history.
Patient Register (required for healthcare professionals)
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data includes:
- Consent (given during appointment booking)
- Contract between client and service provider
- Legal obligation (based on Finnish healthcare legislation)
- Legitimate interest (customer relationship, documentation of treatments, customer service, marketing with consent)
Purpose of the processing includes:
- Managing customer relationships and appointments
- Maintaining treatment history
- Improving service quality
- Fulfilling legal obligations (e.g. record retention)
- Handling feedback or legal matters
- Targeted marketing and communication (with consent)
No automated decision-making or profiling is carried out.
5. Data Content of the Register
Customer Register (appointment and relationship management)
- Name, date of birth
- Contact details: phone, email, address
- Service data: booked and performed treatments, history of visits
- Billing data (not including card details)
- Other: special wishes or notes provided by the client
Patient Register
- Health background and treatment needs
- Treatment plans and procedures
- Assessment and recommendations
- Medications, allergies reported by the client
- Client’s written consents or cancellations
Patient data is handled in accordance with Finnish laws: Act on the Status and Rights of Patients (785/1992) and the Act on Health Care Professionals (559/1994).
Storage of Patient Data
- Records are stored for at least 10 years from the last treatment, as required by law
- After the retention period, data is securely deleted or anonymized
- Paper records: shredded
- Electronic records: permanently deleted from system including backups
6. Data Security
- Files are stored in secure systems accessible only by the data controller
- Paper records are kept in locked storage
- Electronic files are encrypted and access is secured with strong authentication
- Health data received by email or SMS is deleted after saving to the official system
7. Right to Access and Correct Data
Clients have the right to receive a copy of their patient records once per year free of charge.
Additional requests may incur a reasonable administrative fee.
Clients may request corrections to inaccurate or incomplete data. Corrections are usually handled within 30 days.
8. Patient Injuries and Data Breaches
If a client suspects a patient injury, they may contact the Finnish Patient Insurance Centre.
If a data breach occurs (e.g. data leaks), the data controller will notify the Data Protection Ombudsman and affected clients without delay.
9. Disclosure of Data
- Data is not shared with third parties unless required by law
- May be disclosed to authorities (e.g. Valvira, Tax Authority, Kela)
- Data may be used in legal or insurance cases if necessary
10. Other Rights Related to Personal Data
Clients may request deletion of their data ("right to be forgotten") unless data must be retained by law.
All requests will be answered within the time limits set by the GDPR (typically 30 days).
Google Analytics
Sivusto käyttää Google Analytics -palvelua kävijäliikenteen seuraamiseen ja verkkosivuston kehittämiseen. Google Analytics kerää tietoja esimerkiksi siitä, millä sivuilla vieraillaan ja kuinka kauan sivustolla viivytään. Tiedot kerätään anonyymisti, eikä niitä yhdistetä yksittäisiin henkilöihin. Lisätietoja saat Googlen tietosuojakäytännöstä.
