Description of file

Description of file compliant with Section 10 of the Personal Data Act (523/1999), 1 June 2011

1. Controller

Instru Optiikka Oy (Business ID 1789727-2)

Visiting address: Linnoitustie 3, FI-02600 Espoo

Mailing address: P.O. Box 6, FI-02631 Espoo

Telephone: +358 (0)201 70 7000

2. Person in charge of matters related to the data file

Heidi Azinur

Telephone: +358 (0)201 70 7000

E-mail: heidi.azinur@instru.fi

3. Name of the data file

Patient data file related to the optical services of Instru Optiikka Oy (hereinafter “Instru”)

4. Purpose of the data file

The personal data in the file is processed in adherence with the Personal Data Act, the Act on the Status and Rights of Patients and the Act on Health Care Professionals, and based on the duty to process data as laid down in the legislation and on consent provided by the data subject, for the purpose of managing the patient relationship, i.e. for planning, providing and archiving patient examinations and care. In addition, the data is used for development and statistical analysis of the activities of the controller.

The personal data may be processed by persons participating in patient care or related tasks in or under assignment from the relevant operating unit.

5. Information contained in the data file

The data file is used to process data required for the organisation, planning, implementation and monitoring of patient care, including:

Basic information, such as:

  • first and last names
  • personal identity number
  • municipality of residence
  • contact information (such as addresses, telephone numbers, e-mail addresses)
  • sex
  • language
  • occupation
  • patient’s consent and refusal regarding the disclosure of the data
  • for minor patients, name and contact information of guardians or other legal representative, and for adult patients, the name and contact information of their designated legal representative

Information related to the use of optical services, such as:

  • glasses used earlier
  • objective refraction
  • lens prescription for distance or reading glasses
  • orders, purchases and disclosure information
  • pricing information
  • name of healthcare unit or independent healthcare practitioner
  • name and position of person who entered the information, as well as date and time of entry
  • information necessary for organising, planning, implementing and monitoring the patient’s optical service events and associated care
  • information related to payment for optical services

For contact lenses, also:

  • microscopy information
  • keratometry values
  • eye examination information

Information on changes to the information listed above.

6. Regular data sources

The personal data is collected from the data subject or from their guardian or legal representative, as well as from the persons who have participated in the data subject’s care.

The personal data may be updated from the population information system and other public or private registries providing similar data services.

7. Disclosure and transfer of information

The controller may disclose the information only within the limits permitted and required by legislation in force and only based on the written consent of the data subject or their legal representative.

Due to the technical implementation of data processing, some data may be physically located on external subcontractors’ servers or equipment, from which the data is processed using a technical access connection. The data shall not be transferred outside the European Union or European Economic Area unless this is necessary for the implementation of the controller’s services. In this case, the controller shall ensure a sufficient level of data protection in the manner required by legislation.

8. Security of the data file

The databases in which the file data is stored, are secured using firewalls, passwords and other technical means. The databases and their backups are located in locked facilities. Documents processed manually and containing information on the data subjects are stored in locked facilities in such a way that unauthorised persons are unable to access them.

The controller shall ensure that only those employees of the controller and those employees of companies working for the controller, as defined in the legislation on patient information, have access to the data necessary for carrying out their work, and that data processing rights are defined based on the employee’s tasks.

9. Rights of the data subject

The data subject has the right to access their personal data recorded in the file. A request to access the data must be sent in writing and signed to the person in charge of matters related to the data file.

The request to access the data may also be presented in person at the controller premises. If the data subject uses their right to access the data more than once a year, the controller may charge a reasonable fee for the provision of the data.

The data subject has the right to demand the correction of erroneous data by contacting the person in charge of the data file.

10. Contact details of the patient advocate

Optometrists' customer representative; Tiina Toivonen tel.09 2292 2917,tiina.toivonen@yrittajat.fi

Eye doctor Patient representative;Susanna Hyvärinen, tel. 040 937 0391, susanna.hyvarinen@instru.fi

Find a store