Privacy and Data Protection Statement

This is Proximant’s GDPR-compliant privacy and data protection statement. Drafted on 17.12.2024.

1. Data Controller
Proximant TMI
Business ID: 3481817-7
Mastokatu 6,
00160 Helsinki

2. Contact Person Responsible for the Register
Jasse Heikki Hallstrom
jasse.hallstrom@proximant.fi
+358449718906

3. Name of the Register
Proximant’s Customer and Patient Register

4. Legal Basis and Purpose of Processing Personal Data

We process our customers’ data on the Proximant website and in the Timma Oy booking management system.

The legal basis for processing personal data under the EU General Data Protection Regulation (GDPR) is:

• Consent of the individual

• Contract in which the data subject is a party

Data collection is based on the following laws and regulations:

• Ministry of Social Affairs and Health Decree on Patient Records (298/2009)

• Act on the Status and Rights of Patients, Section 13 (785/1992)

Purpose of Personal Data and Patient Register

• Collecting and storing customer information

• Maintaining patient records and treatment notes

• Ensuring the best possible care

• Ensuring smooth continuity of care

• Supervision and quality control by healthcare professionals

Data is not used for automated decision-making or profiling.

Usage Data
When visiting and using our website, automatic usage data is collected, such as your device’s IP address, browser type and version, time spent on our site, pages and tabs visited, and diagnostic data.

5. Contents of the Register

The register consists of an electronic booking system, a manual patient register, and a billing register. Patient records include basic information necessary for patient care. Retention periods are determined according to the Ministry of Social Affairs and Health regulations.

Visitors’ IP addresses and cookies necessary for website functions are processed based on legitimate interest, e.g., for security and website analytics when they can be considered personal data. Consent is obtained separately for third-party cookies if needed.

6. Regular Sources of Data

Data recorded in the register is obtained from the customer or patient, for example, via web forms, emails, phone calls, social media services, contracts, treatment sessions, or other situations where the customer or patient provides information. Information about company contacts or other organizations may also be collected from public sources, such as websites, directories, and other businesses.

7. Regular Data Disclosure and Transfer Outside the EU/EEA

Data is not regularly disclosed to third parties. Data may be shared with other healthcare professionals only if agreed with the patient.

Data is not transferred outside the EU or EEA.

8. Principles of Data Protection

Processing of the register is conducted with care. Data stored on IT systems is appropriately protected. When data is stored on internet servers, physical and digital security is ensured. The data controller ensures that stored data, server access rights, and other critical information are handled confidentially and only by employees whose job responsibilities require it.

9. Right of Access and Rectification

Every individual in the register has the right to access their data and request correction of incorrect or incomplete information. Requests must be submitted in writing to the data controller. The controller may require proof of identity. Responses are provided within the timeframe stipulated by the GDPR (generally within one month).

Cookies

We use cookies on the Proximant website to improve and secure site usage, and to ensure proper marketing and functioning of our services.

Updated: 27.12.2024