As you book an appointment and visit our practice, we will collect information on you that is necessary in order for us to plan, arrange, implement and follow up on your treatment. Your personal details will be handled confidentially, and they will not be handed over to any third parties outside of the circumstances described in this statement. Information collected during treatment will be archived for a period of time dictated by law, and it will be stored in a patient information system fulfilling all legal requirements. You are entitled to know what information we have collected on you. Instructions for making an inquiry and information on your other rights as outlined in the General Data Protection Regulation can be found here. Your details will only be used for the electronic marketing of Oral services with your consent.

Joint controller details

Oral Hammaslääkärit Plc, its subsidiaries, health care professionals working either independently or as representatives of other companies in the Oral facilities.

Oral Hammaslääkärit Plc
Tekniikantie 4A
02150 Espoo

Head of Data Protection: Group Attorney Sanna Elomaa
e-mail tietosuojavastaava@oral.fi

Purpose and legal grounds for the processing of personal data

Your personal details will primarily be used to plan, arrange, implement and follow up on your treatment, so that we can offer you the best treatment possible. Additionally, your details will be used for customer communications, maintaining and monitoring your customer relationship, invoicing and monitoring of payments as well as payment collection. If necessary, your details may also be used to plan
and develop our business operations, collection and analysis of statistics and in checking credit information. Your details will also be used for customer service and marketing purposes in the manner detailed below.

Patient information refers to patient histories, examination and other personal data that has been collected during the arrangement, implementation and follow-up of a patient’s treatment. Based on the Act on the Status and Rights of Patients, the collection of patient information is a legal requirement for health care operators.

The collection of other information is either contractually based, based on a justified benefit (e.g. customer relationship or subscription to the Oral newsletter) or on consent given upon making an appointment, filling in an anamnesis form or some other form of consent.

Appointments

Upon making an appointment with Oral, you will be asked for information necessary for arranging your appointment and treatment. This collection of information is based on your request for treatment: providing the requested details upon making an appointment is a prerequisite for arranging your appointment. We require personal identity codes in order to identify individual patients, and to ensure that all details recorded at the practice are entered into the correct patient history.

In addition to appointments booked at the practice or via phone, you can also make an appointment using the MyOral online service. Identification for MyOral is carried out using online banking details (tupas), allowing for the verification of your identity. You can also make an appointment without signing in using the MyOral service or the Oral online chat.

Providing preliminary details

Upon your first appointment at Oral, you will be asked to fill in an anamnesis form with questions concerning your current state of health. You may also provide the reason for having made an appointment and list your symptoms here. These preliminary details are necessary for the planning and implementation of your treatment, and their accuracy and validity will be confirmed at the commencement of each treatment period.

You can fill in the anamnesis form before your appointment either online using the MyOral service, or on a printed form available at the practice. Details given in MyOral will be securely transferred using an encrypted connection to our patient information system, where they will be entered into your patient history. Details given on a paper form at the practice will be entered into the patient information system by our personnel.

At the practice

During your appointment, the dentist or dental hygienist treating you will record details concerning your health for diagnostic purposes as well as for the planning and arranging of your treatment. This data becomes patient information in the sense intended in the Act on the Status and Rights of Patients, and it will be stored in the Oral patient information system. Any X-rays taken of you at Oral as well as laboratory test results and other data required for diagnostic purposes will be stored either in the Oral patient information system or in a separate imaging system.

Post-appointment invitations for treatment

Upon the end of your treatment period, the dentist or dental hygienist treating you will set check-up or treatment intervals based on your personal treatment needs. You can choose the form of contact used to invite you in for treatment in the future . If you wish to change your chosen form of contact or wish for us to not contact you any longer, please contact our customer service.

Invoicing

For invoicing purposes, we require your contact details, details on the purpose and time of your appointment as well as your personal identity code and invoicing details. For corporate invoicing (e.g. in case of occupational dental health care services) and for granting contractual benefits, we may also require employer details. In case an invoice is covered by someone other than the patient, invoicing details will also include details of the person paying for the treatment and an invoicing address. Invoicing details also include information on any possible discounts and National Pensions Institute (Kela) subsidies .

Marketing and directed marketing

According to consent given by you, Oral will use information relating to your customer relationship and/or patient history in directing marketing relevant to your needs, including current information concerning treatment and/or offers and discounts offered by Oral.

We will use the address details for the regional directing of our marketing on social media and online as well as in addressed and e-mail marketing. We will direct our communications based on reasons given for need of treatment upon making an appointment, so that we can offer information and benefits that are optimally relevant for you.
Upon customer consent, we will also use interests listed by customers in order to direct relevant content and offers at customers in our communications and marketing taking place online or via other channels.

Customer details are also used for monitoring customer feedback and satisfaction
as well as for conducting market research and surveys. We will send you our customer
satisfaction survey form after your appointment.

Updating information

The accuracy and validity of your details will be confirmed with you as you come in for your appointment. Us having correct and current information ensures that details concerning your health will not be abused. You can update your details and other information using the MyOral service or by contacting our customer service.

We will ensure that your information stays up to date and intact with regular updates, conducted through our partner Fonecta at the Population Register Centre.

If you do not wish for your details to be given out by the Population Register Centre for the updating of the Oral customer register, you can disallow it with the Population Register Centre customer service.

Secure handling of patient information

Your patient details will only be processed by persons involved in the planning, arrangement, implementation and follow-up of your treatment. Health care professionals and other personnel are bound by confidentiality regarding all information collected during a patient’s treatment. Your patient information will be stored electronically in systems that only persons involved in the planning, arrangement,
implementation and follow-up of your treatment have access to. Each person using the information systems containing patient information has a personal user ID and a password. The viewing, changing and removal of your patient details will generate a log record that you are entitled to upon request.

General data security

All Oral personnel have been trained to ensure a high level of data protection and security. This training is also a compulsory part of all new employees’ induction. The training aims to improve the personnel’s understanding of the importance of data protection and security, as well as of the actions taken to ensure that patients’ rights are protected.

The anti-virus software protecting the information systems and work stations in daily use is regularly updated. Work stations are password-protected and will lock automatically when not used. Work is carried out in the Oral local network, which is protected from outside online traffic with a firewall and anti-virus and other protective software.

Electronic patient records are stored in secure information systems and paper documents in locked storage.

Handing over of information

We will not sell, lease or divulge your personal details to third parties under any circumstances other than those described in this statement.

Legal enquiries

Based on chapter 13 of the Act on the Status and Rights of Patients, your details may be handed over e.g. to a court of justice, other authority or a community with a legally decreed right to the data (e.g. the police and insurance companies), or for research purposes.

National Pensions Institute (Kela)

Oral can apply for the Kela subsidy on your behalf, in which case the details of treatment and referrals qualifying for the subsidy will be delivered to Kela.

Health care professionals and service providers

Upon making an appointment, you consent to our health care personnel having access to your details. Both independent dentists and dental hygienists as well as dentists and dental hygienists working as representatives of other companies provide services for Oral. Regardless of the partnership arrangement, all Oral patient information is stored in a patient information system maintained by Oral which is used by our health care personnel in
processing your data. You have the right to limit access to your details for different operators, and you can do this by contacting our customer service. However, limiting access is not recommended, as in the most severe cases it can result in compromised patient safety.

S Group bonus card details

Oral is an S Group bonus partner, and you can collect bonus points for your dental care services when you pay for your treatment at the practice and present your S Group bonus card upon payment.

By presenting your bonus card, you consent to Oral notifying the S Group of the total sum and time of payment for your oral health services for the purpose of calculating your bonus points.

Transferring of data to third countries

We will not transfer your data outside of the European Union or the European Economic Area.

Retention periods

We will store your data only for as long as is necessary for it to fulfil its purpose in compliance with the relevant legislation.

The retention periods for patient data are legally decreed (Ministry of Social Affairs and Health Decree on Patient Records). In practice, your patient details will be stored for 12 years after you pass away, or for 120 years from your birth, if there is no knowledge of you passing away.

Log records on patient data must legally be stored for a period of at least 12 years after their generation.

Your customer information will be stored for five years following your last appointment or visit to a practice. The archiving period for recorded phone calls and chat messages is 2 years. However, we are legally required to store the information collected during your treatment at minimum for the duration of your life.

All information collected for invoicing purposes is stored for a period decreed in the Accounting Act.

Your rights

Right to inspection
You have the right to know what information Oral holds on you.

Right of correction
You have the right to request that your personal details are corrected or to correct them yourself using the MyOral service.
Details in the patient history can only be corrected if they are erroneous.

Right of extraction
According to the General Data Protection Regulation, you have the right to have your details extracted under certain circumstances.
You may request the extraction of your customer details if you don’t have a current treatment plan, appointments made according to the plan or any outstanding invoices.

However, Oral is legally required to store the information collected during your treatment at minimum for the duration of your life. For this reason, we cannot fulfil requests for the extraction of patient information.

Other rights
According to the General Data Protection Regulation, you have the right to disallow the processing and transferring of your data, or to request that the processing of your data is limited.

In addition, you have the right to disallow the use of information concerning you in direct marketing, marketing research or surveys and profiling. Such prohibition may be given at any time, e.g. by unsubscribing to the mailing list as instructed in our marketing e-mails.

Get in touch with us
To ensure that these and the other rights detailed in articles 12–22 of the General Data Protection Regulation remain protected, please contact our central customer service or our dental practice personnel.

Right of complaint to the regulating authority
If you feel that your rights and liberties concerning your personal data have been violated, you have the right to file a complaint with the Data Protection Ombudsman’s office.Instructions for filing a complaint can be found on the Data Protection Ombudsman’s website: www.tietosuoja.fi

Right of complaint to the regulating authority
If you feel that your rights and liberties concerning your personal data have been violated, you have the right to file a complaint with the Data Protection Ombudsman’s office. Instructions for filing a complaint can be found on the Data Protection Ombudsman’s website: www.tietosuoja.fi