Privacy Policy: Register of notifiers of electronic cancer notifications
This is the privacy policy prepared by the Finnish Cancer Registry. The privacy policy of the registry is required by the EU General Data Protection Regulation (GDPR) and concerns the purposes for which the personal data of registered individuals is used and the legal basis for the use of their data.
1. Controller
National Institute for Health and Welfare, THL
P.O. BOX 30
00271 Helsinki
tel. 029 524 6000
2. Processor and technical administrator of personal data
Cancer Society of Finland/ Finnish Cancer Registry
Mäkelänkatu 2, 00500 Helsinki
tel. 09 135 331
3. Contact person for matters concerning the registry
Elina Hermiö
tel. 040 7595 106
Address: see point 2
E-mail: kysy(at)cancer.fi
4. Name of registry
Notification registry of electronic cancer notifications
5. Purposes and legal basis for processing personal data
The data in the register is used to identify the creator of the cancer notification and the unit that treated the patient. The data is used to carry out any follow-up surveys and to complete statistical data. The legal basis for processing personal data is compliance with the legal obligation of the controller (Article 6(1)(c) of the GDPR (2016/679), the Act on the National Institute for Health and Welfare (668/2008) and the Government Decree on Screenings (339/2011) as amended (908/2018) and (752/2021)).
6.Data content of the registry
The following data about the notifier is stored by the registry:
- The name, email address and telephone number of the notifier
- The notifier’s place of work (entity/institution), branch and department, and position within the department
- The notifier’s sickness insurance number or National Supervisory Authority for Welfare and Health registration number
- The language of the notifier
- Other data relating to the client relationship
7. Regular sources of data
The data to be entered on the register is obtained through the registry form filled in by the notifier, possibly also by telephone or e-mail. The registry form is completed at the time of the first login, and the data from this is stored by the registry.
8. Regular disclosures and transfers of data outside the EU or EEA
As a general rule, notifier data is not disclosed to other parties. Data relating to the sending organisation may be included as part of the data in the case of data transfers.
Disclosures are based on data permits granted by the Finnish Social and Health Data Permit Authority (Findata) or the National Institute for Health and Welfare (THL). Information on the cancer notifier/reporting institution may be disclosed for research or statistical purposes. Data may be disclosed outside the EU and EEA for research and statistical purposes. The transfer of data complies with the data permit authorisation and protection requirements and safeguards.
9.Principles for the protection of the registry
The data is stored by the Finnish Cancer Registry. The registry data is managed with care and the data processed by the computing systems are adequately protected. The physical and digital security of the equipment is adequately ensured.
The technical administrator ensures that stored data, server access rights and other data critical to the protection of personal data are handled confidentially and only by employees whose job description includes this.
10. Rights of the data subject
A) The right to inspect and correct personal data
The data subject has the right to check what data relating to them have been recorded in the registry of personal data. A person who has registered as a user of the service may inspect and correct their own personal data after registering with the service. It is the responsibility of the data subject to ensure that the information is up to date.
B) The right to restrict the processing of personal data
The data subject may have the right to restrict the processing of personal data in the cases provided for by law. The right of restriction may arise, for example, if the data subject considers that their personal data is inaccurate or is being processed unlawfully. In this case, personal data may only be processed with the data subject’s consent, for the establishment, exercise or defence of legal claims, in the public interest or for the protection of another person’s rights.
C) The right not to be subject to automated decision-making without legal justification
The processing of personal data does not involve automated decision-making or profiling. No cookies are attached to personal data.
The Finnish Cancer Registry is obliged by law to retain data registered on behalf of the THL for the duration of the customer relationship and beyond, as the processing of data is necessary to comply with legal obligations. The identification data of the organisations or the notifying person cannot be altered or removed from the data collected for scientific or statistical purposes.
All requests should be sent by e-mail to kysy(at)cancer.fi. The registry administrator will respond to clients within the time limits set by the EU General Data Protection Regulation (as a general rule, within one month). The request must state that the request concerns the data contained in the electronic cancer notification register of notifiers.
You have the right to lodge a complaint with the supervisory authority: the Office of the Data Protection Ombudsman, P.O. Box 800, 00531 Helsinki, visiting address: Lintulahdenkuja 4, Helsinki, telephone: 029 56 66700, e-mail: tietosuoja(at)om.fi.
Updated 1 March 2023