Customer register and Privacy policy

Personal Data Act (523/1999) Section 10
EU General Data Protection Regulation (EU 2016/679)
Prepared: 19.7.2022

Kotatuli Oy

Sammalseläntie 1120, 97320 Marrasjärvi
Y ID: 1550273-2

Contact person in matters concerning the register
Name: Katja Kiuru

Address: Sammalseläntie 1120, 97320 Marrasjärvi
Phone: 0440505174

Register Name
Kotatuli Oy patient and customer register

Purpose of personal data processing

  • Customer data maintenance for service implementation, appointment booking and invoicing
  • Implementation, planning and monitoring of psychotherapy services
  • Evaluation of patient treatment and treatment procedures
  • Statutory reporting of operations and explanations to the authorities

Data content of the register
Information and documents in accordance with Section 12 of the Patients Act (785/1992) collected in connection with treatment and consultations.

Basic information: Patient's name, social security number, contact information. If necessary, also the profession, the patient's next of kin/guardians of the minor patient and other similar identifying information.

Possible referral information and information necessary for treatment from previous patient information such as statements and epicrisis.

Information on whether the patient agrees to the transfer of data to other healthcare units, for example when the care relationship is transferred. Information on whether the patient agrees to the release of data for possible scientific research.

If necessary, information about the insurance company and compensation decisions or Kela's decisions.

Maintenance of customer data for the implementation of services, appointment booking and invoicing.

Information required to apply for compensation granted by Kela to the customer on behalf of the customer.

Regular sources of information

  • Information provided by the patient
  • Information generated in connection with treatment and consultations
  • Information received from other healthcare units
  • For customers of occupational health care: Information received from the employer
  • Any information received from the insurance company or Kela
  • Information possibly received from neighbors

Regulatory transfers of information
Patient information must be kept confidential (Section 13 of the Patient Act). Information will only be disclosed to a third party with the patient's express consent, for example to another health care unit, or if mandatory legislation so requires. Using the information for scientific research requires the patient's express consent.

    Customer data is processed by AtCare Oy, which takes care of the technical maintenance of the customer register.

    Transfer of data outside the EU or EEA area
    Data will not be transferred outside the EU or EEA area.

    Register protection principles
    The patient and customer register meets the requirements of the EU data protection regulation in terms of data security. We use cookies on our site to improve the user experience with the help of the Google Analytics service.

    Patient records are stored in the Patient Information Archive (Kanta), which is maintained by Kela. Logging into the database requires strong identification. To transfer data to Kanta, Atostek Oy's eRA system is used, whose data security policy is at the level required by KanTa services. This has been confirmed externally