Privacy policy

1. Data controller

Rokua Kuntoutus Ltd
Business ID: 0786611-4
Kuntoraitti 2, 91670 Rokua
020 7819 200, sales(at)

2. Contact information regarding privacy policy

Rokua Kuntoutus Ltd
Kuntoraitti 2, 91670 Rokua

3. Registry name

Rokua Kuntoutus Ltd’s customer registry.

4. Personal information handling legal basis

Personal information handling is based on the data controller’s legitimate interest, an agreement with the controller and the data subject, the consent given by the data subject or the law.

Handling of the personal information in the customer registry is based on the consumer customers and customer relationships with organization customers at Rokua Kuntoutus Ltd.  In addition the data controller handles personal information data also based on to the agreement with data controller and registered party. On this basis the information handled is provided by the customer regarding booking accommodation and meeting reservations, equipment rentals and service bookings. Consent based on event registration information.  In addition the information saved in the registry is used for services created for the registered and other uses in accordance with the law and consents.

5. Personal information usage

  • Developing customer care and relationship.
  • Accommodation and meeting reservations, event registrations planning, handling and controlling.
  • Operation planning, developing and keeping statistics.
  • Other registry holders rights, duties and tasks required for its implementations.
  • Customer relationship communication, services and product marketing.
  • Service sales, planning, controlling and implementations.
  • Product sales.
  • Processing of personal data information in connection with payment, invoicing, and the control and collection of payments.
  • Business and customer service development.
  • Rehabilitation client information management.
  • Processing of the rehabilitation client’s payment commitments.
  • Services reporting and keeping statistics.
  • Generating information that is transferred to the systems used to provide services through interfaces.
  • The contact information provided by the registered can be used for customer feedback and customer satisfaction mapping as well as marketing research and implementation of opinion polls.
  • Any special dietary information provided by the registered will only be used for the  preparation and organization of the event requested at the time when preparing and serving food.

In addition to the digital register, the business unit has separate manual patient record folders which are stored in a separate locked archive. The folders include old manual patient records and may include information about patient consents and prohibitions on disclosing patient information.

6. Personal data processed

Data controller processes the following personal data:

  • First and last name, social security number, address, phone number and e-mail address of the registered.
  • Possible consents regarding data processing and disclosure of data and the grounds for disclosure.
  • Information regarding bookings.
  • Payment method information, invoice information, possible payment delay information.
  • Information regarding purchase and use of services.
  • Information if, the registered client has forbidden to use their information on direct marketing.
  • Information if, the registered client has allowed to use their information on direct marketing (e-mail and mobile services).
  • Possible feedback and complaint information.
  • The phone number, the time and recording of the voice message left by the caller in the phone answer service. Data preservation is 90 days.
  • chat-service conversation parties, the time and conversation recording. Data preservation maximum 90 days.

In addition data controller processes information in provided health services:

  • Marital status, profession, next of kin/guardian of the registered and their address, zip code, city, registered legal representation and other possible ID information, next of kin phone number, relationship (mother/father/sister or similar), partner’s social security number, name, allergies and consent given by the customer.
  • Information provided to ensure arrangement, planning, implementation and monitoring (report information, referrals, forms and statement information.) Health, care and other information provided by the registered.
  • Information provided to ensure arrangement, planning, implementation and monitoring (report information, referrals, forms and statement information.) Health, care and other information provided by the patient.
  • Invoice information regarding services and inspections. Payer information related to health services.

Data controller processes the following personal data of its organization customers:

  • Organization contact person name, address, e-mail and phone number.
  • Prohibition of remote selling and other direct marketing information provided by the organization contact person.
  • Possible feedback and complaint information.

7. How the data is collected?

You directly provide Rokua Kuntoutus Ltd with most of the data we collect. Data sources are registered customer, their guardian, registered legal representation or next of kin. Data sources can also be health services professionals, and other health care units or professionals through the Finnish National Health Archives (KANTA/OmaKanta) by the consent given by the register.

8. Personal data receivers and receiver parties 

System does not give out information to the European Union or outside of Europe economic area.
Patient information are confidential (Act on the Status and Rights of Patients 785/1992) and the staff has confidentiality obligation on all information obtained in the registered treatments.

The data subject information can be admitted with consent of the data subject or if expressly provided for by law. If the data subject is not in a position to asses the significance of the consent to be given, the information may be provided with the consent of their legal representative under explicit legislation.

Upon disclosure of the data subject’s consent, the data subject has a right to withdraw the consent at any given time.

Electronic prescriptions are saved in the Prescription Centre, which registry holder is Kela (the Social Insurance Institution of Finland).

Based on the Act on the Electronic Processing of Client Data in Healthcare and Social Welfare (159/2007) patient information recorded by professionals is archived to Finnish National Health Archives (KANTA) maintained by Kela.

In addition, Rokua Kuntoutus Ltd has subcontractors suppliers of information systems and software services, as well as maintenance and support services which process personal data as appropriate processors of the data controller’s data protection regulation.

9. Data transfer outside of European Union

Data is not transferred outside of European Union.

10. Data storage criteria regarding personal data 

The customer’s personal data in the customer registry is processed during the customer customer relationship. Data provided from organization’s contact person is removed in a similar way when the organization’s customer ship shall be deemed terminated. Data can be stored after the customer ship, on proper grounds if necessary.

After the customer ship, data can be stored and processed, if it’s necessary for handling of complaints. The data storage periods in the customer registry follow the retention periods such as the Accounting Act are also complied with. The information required by the Accounting Act is retained for as long retained by the Accounting Act.

When data is processed according to the contract between the data controller and data subject, the data information is kept for long as necessary for the performance of the contract. When the contract is fulfilled, the data information is kept as long as the customer relationship is in effect or there is another reason for processing.

The data processed during the customer relationship apply to only the information necessary due to intended use. The data controller performs regular check ups to remove unnecessary data information.

When the customer relationship is deemed terminated, customer data can be moved to the direct marketing register for such persons who have not prohibited the use of their data for direct marketing.

Patient registry follows the data retention periods in accordance with the regulations in use at the time on patient data retention periods.

11. Cookies

Rokuan Kuntoutus Ltd uses cookies on its websites to improve user experience.

12. Data protection rights 

The right to access data (right to inspect the data)

Data subject has the right to request Rokua Kuntoutus Ltd for copies of their personal data.

The data is provided by the doctor or other health care professional determined by the health care unit, which makes an entry in the patient register of the act of the right of inspection. The information is given in written form.

The right to rectification (right demand for correction, removal, restriction of processing or the right or the right to file a complaint on supervisory  authority)

Registry holder has to without any undue delay correct, remove, fill out missing information or unnecessary, incomplete or out of date for the purpose of the processing by the demand of the data subject.

The data subject has a right to demand the data controller to restrict processing of personal data, under certain conditions ie. cases where data subject waits for data controller to correct or remove personal data.

The data subject has a right to file a complaint to a competent supervisory authority, if the data controller has not followed the appropriate data protection rules.

Implementation and organization of data correction and processing restriction

Correction request and requests regarding restricting processing of personal data is to be done in written form designated to the data controller and are to be delivered personally to the data controller. During the delivery of the request, the identity of the data subject is verified. If the request is justified, the corrections or other possible measures  regarding data restricting of data is concluded by a person entitled to do the actions.

Regarding the corrections of health services, the person’s name, job position, correction date and grounds are marked when correcting data. Any incorrect entries are transferred to the background file so that the incorrect and correct information can be inspected later. Consents to patient data from the National Health Archive (KANTA) can be directed in the Omakanta-service.

Changes to the privacy policy

Rokua Kuntoutus Ltd reserves the rights to make changes to the privacy policy at any given time.