Please review Mineral Research Laboratory Mila’s privacy statement and learn how we handle our customers’ data.
DATA PROTECTION STATEMENT ACCORDING TO THE PERSONAL DATA ACT (523/1999) SECTIONS 10 AND 24
1. DATA CONTROLLER
Name: Mineraalilaboratorio Mila Oy (engl. Mineral Research Laboratory Mila Ltd.)
Business ID: 0483929-2
Postal Address: Sirrikuja 4 B 20, 00940 Helsinki
In the case of their own patients, a medical center or practicing physician is the data controller. The laboratory register is a sub-register of the patient register. MILA acts as a data processor.
2. REGISTER NAME
Mineraalilaboratorio Mila Oy’s customer and laboratory register.
3. PURPOSE OF PROCESSING PERSONAL DATA
The primary purpose of the register is to conduct nutrient analysis. The personal data in the register is used for providing services to customers, communication with customers, invoicing for services, and collecting payments from customers. The legal basis for maintaining the register and processing personal data is customer consent.
The secondary purpose of the laboratory register is to use patients’ stored analysis results for laboratory quality control, planning, and statistical purposes.
Directly provided personal data is mainly retained for organizing, analyzing, monitoring, and evaluating patient examinations.
Additionally, user online behavior is tracked and analyzed using Google Analytics, Instagram, and Facebook services. These services are used for website development, customer service, and targeted marketing.
The data controller is guided by key legislation: the EU General Data Protection Regulation (679/2016) and the Data Protection Act (1050/2018). Additionally, healthcare legislation is followed in cases where they contain instructions or regulations regarding the processing of personal data.
4. CONTENT OF THE REGISTER
The following information is stored in the register:
Basic information such as name, personal identification number or date of birth, address, phone number, possible guardian, dependents, email address, and other necessary contact information.
Information provided by the person or customer related to research orders, collected via email, phone, or forms. Results of sample tests and research history.
Customer history, including usage, cancellation, and purchase information, as well as billing and payment behavior.
Prohibitions, restrictions, consents, and other choices.
Information related to data processing, such as storage date and data source.
Data is stored and processed in accordance with the classification ”confidential,” except for laboratory results, which are classified as ”very confidential.”
5. REGULAR SOURCES OF INFORMATION
Information is collected from the registered person when establishing a customer relationship. Personnel and healthcare professionals, as well as the results of tests conducted for laboratory results, also act as sources of information.
Identification, verification, address, update, credit information, or other similar services may be provided by a third party.
We also receive tracking information on how you use our website and services.
6. STORAGE PERIOD OF PERSONAL DATA
The laboratory retains patient data as provided in the regulation on patient documents issued by the Ministry of Social Affairs and Health (2009/298).
The storage period is generally 12 years from the patient’s death.
7. PROCESSORS OF PERSONAL DATA
Unauthorized access to data and access to data-containing devices and materials are prevented by various technical and administrative means.
All laboratory employees are bound by confidentiality. Laboratory staff handle customer and customer-provided personal and patient data.
Mineraalilaboratorio Mila Oy may, if necessary, partially outsource the processing of personal data to third parties. In such cases, we ensure through contractual arrangements that personal data is processed in accordance with applicable data protection laws and otherwise properly.
Mineraalilaboratorio Mila Oy does not have access to customer patient data, except for laboratory test results ordered through the laboratory.
In addition to its own Laboratory Register, Mila processes customer data of healthcare center customers when conducting sample analysis for their end customers. In such cases, Mila acts as a processor of personal data.
8. REGULAR DISCLOSURES AND TRANSFERS OF DATA OUTSIDE THE EU OR THE EUROPEAN ECONOMIC AREA
The data controller does not disclose personal data in the register to external parties, except as required for the implementation of the rights and obligations of the customer and the data controller or as required by Finnish authorities. The data controller does not transfer personal data in the register outside the EU or EEA, except as required for the implementation of the rights and obligations of the customer and the data controller or as required by Finnish authorities.
Personal data may also be transferred outside the European Union or the European Economic Area in accordance with data protection regulations, if necessary, for example, to procure research services. The registered person has the opportunity to inquire about the specific location of the research sample analysis before the examination from the healthcare professional who issued the referral.
Information sent to research institutions outside the European Union and the European Economic Area is transferred, whenever possible, in a way that individual patients are not identifiable to the research institution.
The purposes for which research results are used include:
• Scientific research
• Development and innovation
• Government oversight and control
• Government planning and investigation tasks
• Information management
9. PRINCIPLES OF REGISTER SECURITY
The customer register is treated as confidential.
Manually processed documents containing personal data are properly destroyed after processing.
Digitally Stored Information
Only employees who are authorized to process customer data for their work are entitled to use the system containing customer information. The personal and patient information provided by the customer is kept confidential. Data is stored in databases protected by firewalls, passwords, and other technical means. Databases and their backups are kept in locked premises, and only designated individuals have access to the information. Digital materials can only be accessed by an authorized employee, practitioner, or partner with a personal username and password. Access rights vary, and each user is granted sufficient but as restricted access as possible for their role.
10. RIGHTS OF THE REGISTERED IN RELATION TO THE PROCESSING OF PERSONAL DATA
The registered person has the opportunity to view and verify information concerning themselves, and information can be corrected if necessary, in accordance with the instructions and guidelines given by the data controller.
Data is deleted, and the registered person can request the deletion of their data after the termination of the customer relationship, once all the rights and obligations of the customer and the data controller have been fulfilled. Information may be marked as archived/non-active before this. Long-term archiving requires the anonymization or pseudonymization of personal data. The register is regularly checked for outdated information.
In certain situations, the data controller may, for justified reasons, refuse to fulfill the registered person’s requests. For example, a total deletion request cannot be accepted because the retention period and obligation for data storage are defined by law. Instead, individualized correction or deletion requests are implemented if a healthcare or laboratory professional determines that the information is incorrect or unnecessary for the purpose of the patient register.
Requests concerning rights should be made in writing and signed to the address mentioned in section 1 by mail or by phone at +358400411938, or by email to karina.moslova(a)milalab.fi. Mineraalilaboratorio Mila Oy will respond within one (1) month.
Mineraalilaboratorio Mila Oy ensures the accuracy and integrity of customer information.
The registered person’s right to file a complaint with the supervisory authority
The registered person has the right to file a complaint with the competent supervisory authority if the data controller has not complied with applicable data protection regulations.
11. CONTACT INFORMATION
For all matters related to the processing of personal data, please contact Mineraalilaboratorio Mila Oy’s Data Protection Officer.
Data Protection Officer Karina Moslova, karina.moslova(a)milalab.fi.
Register description updated on October 13, 2022.