Privacy policy

  • Privacy policy of the patient register
  • Online shop privacy policy
  • Newsletter Privacy Policy
  • About cookies

Privacy policy of the patient register

This is the Ebeling Beauty's register and privacy policy in accordance with the EU General Data Protection Regulation (GDPR). Established 1.8.2023. Last modified 7.2.2025.

 

1. The controller

E-Hammas Doctors, Työpajankatu 10A, 00580 Helsinki, Finland
2602955-7

Myöh. "Company"

2. Contact person responsible for data protection in the patient register

Jani Halonen, [email protected]

E-Hammas Doctors, Työpajankatu 10A, 00580 Helsinki, Finland

3. Name of the register

Company patient register

4. Legal basis and purpose of the processing of personal data

The processing of patient data is based on the patient's consent. In order to become a patient, information about the person must be able to be recorded in a patient register. The information recorded in the patient register is used to organise, plan and monitor the patient's treatment. It may also be used, with the consent of the data subject, to send electronic messages about their health and well-being and about services and interests relating to them.

5. Data content of the patient register

  • Patient identification data: name, personal identification number
  • Patient contact details (address, email address, phone number)
  • Patient's guardian(s) and/or trustee
  • Information on the patient's health status and health care; information necessary for the organisation, planning, implementation and monitoring of care (medical history, health records generated during care, patient/client history, examination records and results, referrals, statements, diagnoses, appointment records and history, billing records).
  • Information on the consents and prohibitions given by the patient (data subject) and the time of giving them
  • Patient photos

6. Regular sources of information

  • Patient and patient's guardian(s) or other legal representative
  • Medical staff and health professionals involved in the patient's care (information on the patient's care and examination is collected from the data generated by the examinations and interventions carried out in the Company).
  • With the patient's consent, other health care providers or health professionals

7. Regular disclosures and transfers of data outside the EU or EEA

Patient data may only be disclosed to third parties with the consent of the patient or his/her legal representative or if expressly provided for by law. In cases where data are disclosed on the basis of a specific provision, for example to other public authorities, notwithstanding the provisions on confidentiality, the confidential data disclosed to them are processed by those organisations in the performance of their statutory tasks and only for the purposes provided for by law.

Where the disclosure of data requires the patient's consent, the data subject has the right to withdraw his or her consent at any time. Patient data will not be transferred or disclosed outside the EU or EEA.

8. Retention periods and destruction of personal data

Personal data is stored in the patient register in accordance with the Patient Records Decree of the Ministry of Social Affairs and Health (298/2009), and for as long as the patient data must be stored in accordance with the Decree. Detailed retention periods for categories of patient records are specified in the Annex to the Patient Records Regulation of the Ministry of Social Affairs and Health (298/2009).

In accordance with the Act on the Electronic Processing of Social and Health Care Customer Data (159/2007) and the Electronic Prescription Act (61/2007), patient data is archived in the national archiving service (eResepti and eArkisto) maintained by the National Social Insurance Institution.

Due care is taken when disposing of medical records and the data is disposed of securely so that no unauthorised persons have access to it.

9. Principles of register protection

Patient information is confidential. Those handling the data are obliged to maintain confidentiality and secrecy with regard to all information obtained in connection with the patient's treatment. The controller ensures that stored data, server access rights and other information critical to the security of personal data are handled confidentially and only by employees whose job description includes this.

Access to register data (patient information system) is restricted to designated persons only. To use the system and access patient data, a personal user ID and password are required. User data must not be made available to others. Each member of staff is trained and instructed when they receive an ID.

Due care is taken in the processing of register data and the data processed by the information systems are adequately protected. Where the register data are stored on Internet servers, the physical and digital security of their hardware shall be adequately ensured.

10. Right of access and rectification of information

Every person in the register has the right to check the information stored in the register and to request that any inaccurate or incomplete information be corrected or completed.

As a general rule, the right of inspection is free of charge. In the case of repeated requests or manifestly unfounded or unreasonable requests, the controller may charge a fee based on its administrative costs for executing the request.

A request for rectification of data cannot be carried out as requested by the patient if the data are processed for the purpose of fulfilling a legal obligation of the controller and there are therefore legal grounds for keeping the data. If the controller refuses to provide the information, the data subject will be given a written reply to the request for information, stating the reasons for the refusal.

A request to exercise the right of access or rectification should be sent in writing (by e-mail or post) to the controller at the address mentioned in section 2 of this Privacy Policy.
The controller may only provide the data subject to the request for verification against proof of identity or other reliable means of identification. The controller shall determine on a case-by-case basis the methods of adequate identification.

The controller will respond to the data subject's request without undue delay and within the time limit set by the GDPR (usually one month). If the customer's request is complex or numerous, the time limit may be extended by up to two months, if necessary. In such cases, the data subject will be informed of the extension within one month of receipt of the request and the reasons for the delay.

11. Other rights relating to the processing of personal data

The data subject has the right to request the erasure of personal data concerning him or her from the register ("right to be forgotten"). Data subjects also have other rights under the EU General Data Protection Regulation, such as the right to restrict the processing of personal data in certain circumstances and the right to obtain their personal data from the controller in a machine-readable form and to transfer those data to another controller. This requires that the personal data in question are the data provided by the patient to the controller.

The right to be forgotten cannot be exercised in the manner required by the patient if the data are processed for the purpose of fulfilling a legal obligation of the controller and there are therefore grounds for keeping the data in accordance with the law. If the controller refuses to comply with the request, the data subject will be provided with a written reply to the request for information, stating the reasons for the refusal.

Requests should be sent in writing to the controller by e-mail or by post to the address mentioned in section 2 of this Privacy Notice.

The controller may only execute the request against proof of identity or other reliable means of identification. The controller shall determine on a case-by-case basis the methods of adequate identification.
The controller shall respond to the data subject's request without undue delay and within the time limit laid down in the GDPR (one month as a general rule). If the customer's request is complex or numerous, the deadline may be extended by up to two months if necessary. In such cases, the data subject will be informed of the extension within one month of receipt of the request and the reasons for the delay.

Online shop privacy policy

1. The controller

E-Hammas Doctors, Työpajankatu 10A, 00580 Helsinki, Finland
2602955-7

Myöh. "Company"

[email protected]
010 323 3964

2. The contact person responsible for data protection in the online shop

Jani Halonen, [email protected]

E-Hammas Doctors, Työpajankatu 10A, 00580 Helsinki, Finland

3. Name of the register

E-commerce user register

4. Legal basis and purpose of the processing of personal data

  • Statutory obligation: including obligations regarding the security of personal data
  • Contract: order confirmations and other communication regarding the processing and completion of the order
  • Consent of the data subject

The personal data stored in the user register of the E-Beauty e-commerce store is used, for example, to manage customer relations, to manage contacts and for other purposes related to online services.

5. Contents of the register

The register collects basic information about the data subjects, such as

  • Name
  • Address
  • telephone
  • email

6. Regular sources of information

The controller registers the information about the user of the online shop that the user provides when making online purchases.

7. Regular disclosures and transfers of data outside the EU or the European Economic Area

No regular disclosure of data to third parties. No disclosure of data outside the EU or EEA.

8. Principles of register protection

Only certain predefined employees of the controller have access to and are entitled to use the data contained in the register. Due care is taken in the processing of the data in the register and the data processed by the information systems are adequately protected. Where the register data are stored on Internet servers, the physical and digital security of their hardware shall be adequately ensured.

9. Rights of the data subject

The data subject has the right to inspect and obtain copies of the personal data stored in the register. The request for inspection must be made in writing and addressed to the person responsible for the register.

The controller shall correct, erase or complete personal data in the register which are inaccurate, unnecessary, incomplete or outdated for the purposes of processing, on its own initiative or at the request of the data subject. The data subject shall contact the controller's person responsible for the register in order to obtain the correction of the data.

10. Retention periods and destruction of personal data

Core customer data is stored for the duration of the customer relationship.
The customer account is considered terminated and will be automatically deleted unless the customer logs into the account at least once every 6 years. When a customer account is closed, all data associated with it, including subscription history, will be deleted or anonymised.

Newsletter Privacy Policy

E-Beauty publishes a newsletter which can be subscribed to via the subscription form. The newsletter is sent by e-mail to subscribers. Personal data will only be used to send the newsletter.

For letter subscribers, the e-mail address is stored as mandatory information.

Upon receipt of each newsletter, the subscriber has the possibility to unsubscribe.

The newsletter register is handled with care. The data stored in the register will be properly protected. When the data in the register is stored on internet servers, digital security is ensured in accordance with the law.

1. The controller

E-Hammas Doctors, Työpajankatu 10A, 00580 Helsinki, Finland
2602955-7

Myöh. "Company"

[email protected]
010 323 3964

2. Contact person responsible for data protection in the newsletter

Jani Halonen, [email protected]

E-Hammas Doctors, Työpajankatu 10A, 00580 Helsinki, Finland

3. Name of the register

E-Beauty newsletter subscribers

4. Legal basis and purpose of the processing of personal data

We process personal data with the consent of the data subject.

The purpose of the processing of personal data is to target marketing activities to promote the company's business.

5. Contents of the register

The information stored in the register includes the e-mail address and the date of subscription to the newsletter.

6. Regular sources of information

The information is obtained from the registrant when they subscribe to the newsletter and provide their email address.

7. Regular disclosures and transfers of data outside the EU or EEA

The processing of personal data takes place in the EU/EEA. Personal data will not be transferred outside the company.

8. Rights of the data subject

  • A member of the newsletter register has the right to know for what purposes and in what way his or her personal data is processed.
  • The data subject has the right to know whether the Company processes personal data concerning him or her. If so, the data subject has the right to obtain a copy of that information, unless the Company has a legitimate ground for refusing to exercise that right.
  • If the personal data concerning the data subject is incorrect, the data subject may request the Company to correct the data.
  • If a person wishes to check or request rectification of the data stored about him or her, the request should be sent in writing (by e-mail or post) to the controller at the address mentioned in section 2 of this Privacy Policy.
  • If necessary, the company may ask the applicant to prove his or her identity. The company will respond to the data subject's request within the time limit set by the EU Data Protection Regulation (usually within one month).

9. Retention periods and destruction of personal data

Personal data will be stored for as long as necessary to send the newsletter (until the subscription is cancelled or the newsletter service ceases to exist).

 

Cookies

The E-Beauty website uses cookies. By clicking on the "Accept cookies" button, you agree to the use of cookies. Cookies make using our website easy, fast and user-friendly. Cookies also enable us to develop our business.

A cookie is a small text file that an internet browser stores on a user's device. Cookies are only placed on the user's terminal device when the user visits a website. Only the server that sent the cookie can later read and use the cookie. Cookies or other technologies do not harm the user's terminal equipment or files, nor can cookies be used to run programs or spread malware. Cookies alone do not allow the user to be identified.

 

Uses of cookies

  • Analytics. Cookies are important for analytics, so that the use of the site can be monitored and improved.
  • Targeting marketing. Cookies are used to target marketing by reaching people who have previously visited the site and to serve reminder advertising through different channels.
  • Remembering the contents of your shopping cart. Cookies can be used to store products selected by the customer in the shopping cart, so that they remain there even if the customer leaves the site and returns later.

Book Now

  • Työpajankatu 10A, Kalasatama Helsinki
  • Vantaanaukio 1, Tikkurila Vantaa
  • 010 323 3964
  • [email protected]
Instagram
TikTok
Facebook (F)
Ebeling Beauty, E-Beauty
Powered by GDPR Cookie Compliance
Cookie settings

This website uses cookies to enhance your browsing experience. Cookies are stored in your browser, allowing us to recognize you when you return. They also help our team understand which parts of the site you find most interesting and useful.