Privacy statement for the processing log data file of wellbeing data stored in Kanta Services

Privacy statement for the processing log data file of wellbeing data stored in Kanta Services

This is the current version of the privacy statement for the processing log data file of wellbeing data stored in Kanta Services. The statement was last updated on 12 February 2024.

Controller

Kela (Kansaneläkelaitos) - Social Insurance Institution of Finland

Nordenskiöldinkatu 12, 00250 Helsinki
P.O. Box 450, 00056
Tel. 020 634 11

Controller's contact person

In matters that concern wellbeing data stored in Kanta Services and other questions about the service, please contact customer support for the Kanta Services by email at asiakaspalvelu@kanta.fi

In matters concerning the rights of a data subject, please email enquiries to the Kanta Services’ Data Protection Officer at tietosuoja@kanta.fi.

Name of data file

Processing log data file of wellbeing data stored in Kanta Services

Purpose of processing personal data / purpose of the data file

According to section 73 of the Act on the Processing of Client Data in Healthcare and Social Welfare (703/2023), Kela is the data controller for the wellbeing data and service usage data stored in the Kanta PHR service, which is part of the national information system services in health care, the Kanta Services.

Data in the processing log data file of wellbeing data stored in Kanta Services (Kanta PHR) is used to verify the legality of processing of data

stored in the Kanta Services at Kela. Processing log data are also used for troubleshooting by Kela.

Log data are retained for 12 years after their generation, after which the data will be deleted.

Content of the data file

The processing log data file of wellbeing data stored in Kanta Services is used to store information on granting and removing access rights to applications as well as storing, viewing, updating and deleting wellbeing data.

The processing log data file contains the following information:

  • timestamp of the event
  • the personal identity code of the person whose data the log entry concerns
  • event that caused the log entry
  • identifier of the wellbeing application that requested the processing
  • identifier of the party requesting the processing (the data subject)
  • type of processing event
  • identifier of the certificate used in the event
  • access rights of the wellbeing application that requested the processing
  • search terms
  • outcome of the event
  • returned error code
  • internal error code and description
  • number of data points returned by the search
  • identifier of the processed data
  • type of data processed
  • additional information about the processed data.

Regular sources of data

The log data file stores log data when the user logs into the service and when the user processes the wellbeing data stored in Kanta Services.

Regular disclosure and transfer of data outside the EU or the European Economic Area

Kela will not disclose data in the register to third parties.

Kela will not transfer data outside the EU or the European Economic Area.

Principles of data file security

The log data file contains confidential personal data.

Organisational measures

Kela has a data security plan covering data security, privacy protection and information system use. Kela has a designated Data Protection Officer. Kela will issue written instructions on processing in the data file and will ensure that personnel have sufficient expertise and competence for this purpose.

Kela will take the necessary measures on its own initiative if data stored in the service is processed unlawfully.

Technical protection

The processing of data in the data file requires strong identification of the administrator as well as access rights management related to the system. Logs are kept of all data processing activities by Kela for maintenance purposes.

The data in the log is used only in the event of problems in accordance with Kela's policy, and only certain Kela employees have access to data stored in the Kanta Services.

Physical protection of locations and devices

Log data is safeguarded by technical means against modification and deletion.

Kela's data centres and the physical locations where data are held are in Finland. Access to the data centres is restricted to Kela's technical maintenance personnel as required by their duties.

Rights of data subjects

As a rule, users can access wellbeing data they have stored on their own initiative in MyKanta.

The user has the right to receive the log data on processing activities carried out on their personal data from Kela.

Requests for log data can be submitted according to the instructions on the Kanta.fi website: What kind of data has been recorded of me? - Citizens - (Kanta.fi) for the log data request form. The log data request form is also available from social welfare and health care service providers, pharmacies and Kela customer service points that have joined the Kanta service. Requests for log data should be directed to Kela (Registry, P.O. Box 450, 00056 Kela). A request for data may also be made by contacting Kela's Registry by phone or email (kirjaamo@kela.fi).

Access to log data dating further back than two years will not be granted without a special reason. The user may not disclose to third parties or use the log data received for any other purpose.

The user has the right to receive the same data again if there is a legitimate reason to do so in order to safeguard the user's interests and rights. Kela has the right to charge a fee to cover the costs of providing data that have already been provided.

Right to lodge a complaint with a supervisory authority

If the user feels that their data has been processed in violation of applicable data protection regulations (Article 12–22 of the EU General Data Protection Regulation), the user has the right to lodge a complaint with the competent supervisory authority. In Finland, the supervisory authority is the Data Protection Ombudsman.

Last updated 13.2.2024