Skip to main content

Register for client safety incident notifications and Social/Patient Ombudsperson case documentation management

Privacy policy
General Data Protection Regulation of the European Union (2016/679)

Register for client safety incident notifications and Social/Patient Ombudsperson case documentation management

1. Data controller

The County Board of the Western Uusimaa Wellbeing Services County 

2. Person responsible for the register

Job title

Head of Quality and Customer Safety

3. Contact person of the register

Job title

Senior Specialist in Customer Safety

Contact information

Western Uusimaa Wellbeing Services County

P.O. Box 33, 02033 Western Uusimaa Wellbeing Services County

Switchboard’s phone number: 029 151 2000

4. Purposes of processing personal data and the legal grounds for processing

Purposes of processing

The purposes of processing personal data in the register is to manage safety incident notifications related to client safety in the Western Uusimaa Wellbeing Services County, as well as to handle case records maintained by Social and Patient Ombudspersons. This includes processing any necessary personal data and collecting payment information.

Legal grounds for processing

Article 6(1)(a) of the EU General Data Protection Regulation:
the data subject has given consent to the processing of their provided personal data for one or more specific purposes. Under the Act on Patient Ombudspersons and Social Services Ombudspersons (739/2023), when an Ombudsperson’s activities extend beyond general advising, personal data of service recipients may be processed. In such cases—when providing services as described in subsections 1 or 2 of Article 8—the Ombudsperson must record certain information in accordance with Section 27 of the Act on the Openness of Government Activities (906/2019). For clients or family members who file a safety incident notification, only their name and email address are collected if they choose to provide them. Notifications may also be submitted anonymously.

Article 6(1)(c) of the EU General Data Protection Regulation:
processing is necessary for compliance with a legal obligation, for all data except what is mentioned above. On this basis, personal data—including basic, special, and confidential data—may be collected on clients and patients. Such data may include: name, personal identity code, temporary identifiers, date of birth, the name and authority of a legal representative, family member, or other close individual; the person's mother tongue and preferred language of communication; the time an incoming document was received by a Social/Patient Ombudsperson; the name and role of the document's author within the unit; and the date the document was created (Act on Patient Ombudspersons and Social Services Ombudspersons (739/2023, section 12).

Key legislation

  • General Data Protection Regulation of the European Union (679/2016) 
  • Data Protection Act (1050/2018) 
  • Act on Patient Ombudspersons and Social Services Ombudspersons (739/2023, section 12)

5. Data contents of the register

Notification channel: This channel processes anonymous safety incident notifications made by clients regarding the quality and safety of services. If the client chooses to provide an email address, that address is recorded. No other data are collected.

Case documentation management by Social and Patient Ombudspersons: This register processes personal data—including basic, special, and confidential data—of clients and patients. No cookie or diagnostic data are stored. Only information entered into the system by personnel is processed. The following data are processed: 

  1. Name and personal identity code, or if unknown, a temporary identifier or date of birth
  2. Name and authority of a legal representative, family member, or other close individual
  3. The individual’s mother tongue and preferred language of communication
  4. The date a Social/Patient Ombudsperson received the document
  5. The name of the document’s author and their role in the unit
  6. The date the document was created.

When providing services as defined in subsection 1, the Social/Patient Ombudsperson must also document the advice requested, the guidance provided, any actions taken, and any other essential details related to service provision.

6. Regular disclosure of personal data

No personal data are regularly disclosed elsewhere, nor transferred outside the EU or EEA.

7. Data retention periods

Case documentation maintained by Social/Patient Ombudspersons contains personal and special categories of personal data. These records are retained for 12 years after the case is closed. Act on Patient Ombudspersons and Social Services Ombudspersons (739/2023, section 12).

Email addresses provided via the notification channel are retained for 2 years.

8. Sources of personal data

Personal data are obtained directly from the individuals themselves and from HR and payroll systems.