BOOKINGS
Book a time
Home
Privacy statement
Privacy statement of the patient register +
22.1.2025
Controller
When you purchase laboratory and imaging services directly from SYNLAB, a care relationship is established between you and SYNLAB, and SYNLAB acts as the controller of your Personal Data.
SYNLAB Suomi Oy (Business ID 2674625–7)
Kivihaantie 7
00310 Helsinki
Responsible for the register:
SYNLAB Medical Director
Other services
When you purchase or receive services from another healthcare provider that orders laboratory and imaging services from SYNLAB, your treatment relationship with that other healthcare provider is formed. In this case, the controller of your patient data is the party from whom you purchase or receive the service. SYNLAB will then serve you in accordance with agreements between companies. However, SYNLAB acts as a data controller when it processes Personal Data to comply with its legal tasks and requirements.
What data do we process and why?
To provide our services, we process the following data:
- Name, social security number for identification, contact information (address, telephone number and e-mail) and communication language. If you do not have a Finnish social security number, a personal identity code will be created for authentication. Other identifiers and identification that uniquely identify you or events may also be used.
- Designated next of kin, guardian of a minor or patient's legal representative and his/her contact information. The contact information of the next of kin, guardian and legal representative is processed in order to reach the patient in situations requiring contact, such as planning, arranging, implementing and monitoring treatment, mailing patient records or invoices and related collection measures.
- Information necessary to ensure the organization, planning, implementation and follow-up of treatment
- Data generated during examinations and treatment, such as data and results generated during imaging and laboratory examinations and related biological material
- Consents and prohibitions concerning the processing of personal data, including the disclosure permits you have given in the Kanta service
- Information on patient received from third parties, such as other healthcare units, (based on an agreement on service provision or consent)
- Information obtained or stored in telephone conversations with you or with legitimate parties (e.g. customer service contacts)
- Information related to billing and payments
- Video recordings
- With regard to users of online services, for justified reasons, e.g.
- IP address
- Information related to identification
- Service purchase, usage, history and log data
In particular, the purpose of using and processing your personal information is to organize, plan, implement and monitor your treatment, for other legal and patient administration purposes, and for purposes based on your consent and SYNLAB's legitimate interest.
When you interact with SYNLAB or SYNLAB's online services, SYNLAB is legally required to make patient records of all your service transactions. In accordance with the Customer Data Act (703/2023), patient data that a health care professional has entered in your patient records in accordance with an assessment made based on their professional competence is considered necessary. Health care professionals may only process necessary patient data while the treatment relationship is in force and only as required by the treatment relationship.
Your treatment relationship with SYNLAB applies, for example:
- When you have booked an appointment for services
- When you use the Services (use medical or non-medical Services)
- When you order diagnostics through online services
- When you otherwise deal with matters related to your customer relationship, for example, you ask for your own patient information.
SYNLAB processes your Personal Data in accordance with national legislation on the processing of patient data (e.g. the Act on the Processing of Client Data in Social Welfare and Health Care (703/2023), the "Customer Data Act") and the EU General Data Protection Regulation (2016/679, GDPR) and the National Data Protection Act (1050/2018).
Data generated from the use of services can be processed based on legislation, for example, as follows:
- Planning, arranging, and implementing treatment and monitoring (Customer Data Act 703/2023)
- Retention of data generated by healthcare services (Customer Data Act 703/2023)
- Obligations of the Communicable Diseases Act for healthcare service providers (Communicable Diseases Act 1227/2016)
- Data processing, ensuring the quality of care and patient safety (Patient Act 785/1992)
- Access management and supervision of patient data processors, prevention of misuse, ensuring data security and enabling the correction of data (Customer Data Act 703/2023)
- Invoicing (Accounting Act 1336/1997)
- Research and statistical purposes (Act on the Secondary Use of Health Care 552/2019)
- Knowledge management (Act on the Secondary Use of Information 552/2019)
- Regarding the EU General Data Protection Regulation, the processing of your personal data is based, for example, on:
- your consent to data processing
- for the performance of a contract with the controller
- compliance with a legal obligation to which the controller is subject
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests of the data subject or by your fundamental rights and freedoms, which require the protection of personal data
- special categories of personal data (health data and biometric data) are processed based on the EU's General Data Protection Regulation and national data protection law
Processing based on consent includes:
- Obtaining and disclosing your patient data
- Making your information available to professional users treating you through SYNLAB Professional Online Services (adding and retrieving information from the portal is based on your consent to your caring physician)
- Marketing purposes
Based on legitimate interest, your data is processed for
- Planning, developing, managing, reporting, and monitoring our operations, unless it is based on the previously mentioned legal bases.
- As necessary to establish, exercise and defend legal claims relating to your relationship with SYNLAB.
Where do we get information from?
Personal data is primarily obtained directly from you in connection with the use of the service or during your customer relationship. Personal data may also be obtained from the following sources:
- A close relative, guardian or legal representative associated with your profile.
- A party providing identification, verification, address, update, credit information, payment transfer or other similar services.
- From another healthcare service provider or nursing staff, for example through the Kanta service
- Based on your consent from our partner
- From the population register
- From the Finnish Cancer Registry when producing screening studies for wellbeing services counties
- National Institute for Health and Welfare
- From your insurance company
- Authority
How long do we keep the data?
Our obligation to store patient data is based on the Customer Data Act (703/2023), which also defines the length of the data retention periods. Patient records are mainly stored for at least 12 years after the patient's death or 120 years after the patient's birth.
To whom do we disclose data?
Patient data is permanently confidential, and our staff is bound by professional secrecy with regard to the customer data they process and other personal information concerning our customers. The obligation of professional secrecy continues even after the termination of the employment relationship.
Patient data may only be disclosed to another healthcare organization or authority or to other parties prescribed by law with the consent of the patient or his/her legal representative or based on legislation.
Health care service providers have the right to receive and use the patient data of other healthcare service providers in order to organize and implement the patient's health service. The right of access to information requires the customer's consent or permission to disclose to Kanta, i.e. the Patient Data Repository's Will Express Service, for which My Kanta serves as the patient's user interface. The permission to disclose the stock applies to all patient records, and the patient can limit its scope by means of prohibitions.
If, due to a memory disorder, mental disorder, mental retardation or similar reason, a patient is not in a position to assess the significance of the transfer permit granted to Kanta and does not have a legal representative, or if the transfer permit cannot be obtained due to the patient's unconsciousness or other comparable reason, the service provider has the right, notwithstanding secrecy provisions, to receive and use the necessary patient data of other health care service providers for the purpose of the patient's necessary to organize or implement health services without the patient's consent to patient data.
The service provider may, on its own initiative or at the request of a foreign health care service provider, disclose necessary patient data for the organization or implementation of the patient's health service if the patient is not in a position to assess the significance of the transfer permit due to a memory disorder, mental disorder, mental retardation or similar reason and does not have a legal representative, or if the transfer permit cannot be obtained due to the patient's unconsciousness or other comparable for a reason. (Act on the Processing of Client Data in Social Welfare and Health Care (703/2023).)
Data may be disclosed to a debt collection agency for the collection of receivables (Act on the Recovery of Receivables (513/1999), Section 16).
Patient data is transferred to the patient archive of Kanta Services maintained by Kela, from where the disclosure of data is based on the patient's consent. (Act on the Processing of Client Data in Social Welfare and Health Care 703/2023).
Data may be disclosed to another natural or legal person for whose vital interests the data is necessary if the information is necessary and the right to privacy does not override the aforementioned need for use (EU General Data Protection Regulation, Article 6 (1.e)).
Patient data may be disclosed for research and statistical purposes (Data Protection Act, section 31).
The disclosure and receipt of patient data is recorded in the patient's data. Patients have the right to receive, upon written request, information on who has used or to whom data concerning them has been disclosed and the grounds for the use or disclosure in order to clarify or exercise their rights related to the processing of their customer data. (Act on the Processing of Client Data in Social Welfare and Health Care 703/2023).
Do we transfer data outside the EU or EEA?
The patient information systems we use are located within the European Union (EU) or the European Economic Area (EEA) and we mainly process patient data within the EU/EEA. However, data may be transferred outside the EU/EEA in accordance with the EU General Data Protection Regulation if it is necessary for the provision of our services. In these cases, the transfer will be carried out using a transfer mechanism approved by the EU Commission's data protection legislation.
Typical situations in which data may need to be transferred outside the EU/EEA include, for example, technical maintenance, servicing and fault repair of patient information systems and medical devices, which cannot always be implemented from the EU/EEA due to the location of the support functions of system and device suppliers.
How do we ensure the security of the processing of personal data?
Data security measures prevent inappropriate and unauthorized processing of personal data and the destruction, loss or accidental or unauthorized alteration of personal data. We protect your personal data with various technical and organisational measures, and the level of protection is continuously assessed. The means of protection include firewalls, monitoring of the technical environment, continuous maintenance of personnel competence, planning, directing and monitoring data processing, access management, access rights management and access control, auditing, selecting our partners, agreeing on the processing of personal data with our partners, defining roles and responsibilities, reacting immediately to process deviations and feedback, performing corrective actions and monitoring indicators.
The processing of personal data may also be outsourced to external service providers. When SYNLAB purchases services from third parties to support its own services, the processing and protection of personal data is contractually agreed.
What are your rights as a data subject?
The implementation of the rights of the data subject is requested from the controller. Please note that if you have a treatment relationship with another healthcare service provider that uses SYNLAB as a subcontractor, the controller is the service provider responsible for your treatment (e.g. the wellbeing services county) or with whom you have made an agreement on the service (for example, another private healthcare service provider). SYNLAB is not the data controller in these cases.
Due to confidentiality obligations in the patient registry, when a data subject invokes his or her rights (access, rectification, erasure, restriction of processing), SYNLAB must reliably identify the patient. E-mail enquiries can only be answered with general advice.
A guardian cannot exercise the right of inspection of an incompetent person or a person under guardianship, unless the decision on guardianship has extended the right to guardianship to the person's medical records. A certificate of guardianship must be presented.
As a data subject, you have::
Right of access to your personal data:
You have the right to know whether we process personal data concerning you. If we are processing, you have the right to receive a copy of the data, unless we have a legal basis for refusing to do so.
When reviewing your personal data, we need to identify the person requesting the information. We may also request additional information in unclear situations. If you wish, you can also check your contact information, referrals, data protection form and received diagnostic results through our online service.
Right to request rectification of incorrect data:
You can ask us to rectify, i.e. correct, your data if it is incorrect or outdated. If we are unable to carry out the rectification, we will inform you of the legal grounds for this.
You can also change your contact information through our online service or when visiting our office.
Right to request deletion:
Health care professionals are obligated to make patient records of all patient service events. Medical records must be stored in accordance with the Customer Data Act (703/2023). The statutory obligation to retain patient data excludes the possibility of erasing data. Patient records are mainly stored for at least 12 years after the patient's death or 120 years after the patient's birth.
Right to request restriction of processing of your data:
If you believe that the data we process about you is inaccurate, is being processed unlawfully or you have objected to the processing of your data, you can ask us to restrict the processing of your data. The request shall state the reasons on which it is based. In this case, we will only process your data
- With your consent
- If we need the data for the establishment, exercise or defense of legal claims;
- in the public interest, or
- to protect the rights of another person
If we restrict the processing of data on the basis of your request, we are obliged, where possible, to inform all parties to whom the data has previously been disclosed of the restriction.
Right to object to the processing of your data:
You can object to the processing of your personal data when the legal basis for processing is the controller's legitimate interest. You can do so at any time based on your particular situation. In this case, we may no longer process your personal data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
Please note that in order to fulfil the above-mentioned rights, we must receive sufficient information about your dealings with us and verify your identity adequately. For more information and guidance on exercising the rights of data subjects, please visit our website.
If you wish, you also have the right to lodge a complaint about the processing of personal data with a supervisory authority, which in Finland is the Office of the Data Protection Ombudsman www.tietosuoja.fi.
Further information on your rights and the processing of personal data in healthcare can be found on the website of the Office of the Data Protection Ombudsman: https://tietosuoja.fi.
Contact details
Contacts in matters concerning the register:
SYNLAB Suomi Oy / Medical Director
Kivihaantie 7
00310 Helsinki
info@synlab.fi
Contact details of SYNLAB Finland's Data Protection Officer:
SYNLAB Suomi Oy / Data Protection Officer
Kivihaantie 7 00310 Helsinki
tietosuojavastaava@synlab.fi
Controller
When you purchase laboratory and imaging services directly from SYNLAB, a care relationship is established between you and SYNLAB, and SYNLAB acts as the controller of your Personal Data.
SYNLAB Suomi Oy (Business ID 2674625–7)
Kivihaantie 7
00310 Helsinki
Responsible for the register:
SYNLAB Medical Director
Other services
When you purchase or receive services from another healthcare provider that orders laboratory and imaging services from SYNLAB, your treatment relationship with that other healthcare provider is formed. In this case, the controller of your patient data is the party from whom you purchase or receive the service. SYNLAB will then serve you in accordance with agreements between companies. However, SYNLAB acts as a data controller when it processes Personal Data to comply with its legal tasks and requirements.
What data do we process and why?
To provide our services, we process the following data:
- Name, social security number for identification, contact information (address, telephone number and e-mail) and communication language. If you do not have a Finnish social security number, a personal identity code will be created for authentication. Other identifiers and identification that uniquely identify you or events may also be used.
- Designated next of kin, guardian of a minor or patient's legal representative and his/her contact information. The contact information of the next of kin, guardian and legal representative is processed in order to reach the patient in situations requiring contact, such as planning, arranging, implementing and monitoring treatment, mailing patient records or invoices and related collection measures.
- Information necessary to ensure the organization, planning, implementation and follow-up of treatment
- Data generated during examinations and treatment, such as data and results generated during imaging and laboratory examinations and related biological material
- Consents and prohibitions concerning the processing of personal data, including the disclosure permits you have given in the Kanta service
- Information on patient received from third parties, such as other healthcare units, (based on an agreement on service provision or consent)
- Information obtained or stored in telephone conversations with you or with legitimate parties (e.g. customer service contacts)
- Information related to billing and payments
- Video recordings
- With regard to users of online services, for justified reasons, e.g.
- IP address
- Information related to identification
- Service purchase, usage, history and log data
In particular, the purpose of using and processing your personal information is to organize, plan, implement and monitor your treatment, for other legal and patient administration purposes, and for purposes based on your consent and SYNLAB's legitimate interest.
When you interact with SYNLAB or SYNLAB's online services, SYNLAB is legally required to make patient records of all your service transactions. In accordance with the Customer Data Act (703/2023), patient data that a health care professional has entered in your patient records in accordance with an assessment made based on their professional competence is considered necessary. Health care professionals may only process necessary patient data while the treatment relationship is in force and only as required by the treatment relationship.
Your treatment relationship with SYNLAB applies, for example:
- When you have booked an appointment for services
- When you use the Services (use medical or non-medical Services)
- When you order diagnostics through online services
- When you otherwise deal with matters related to your customer relationship, for example, you ask for your own patient information.
SYNLAB processes your Personal Data in accordance with national legislation on the processing of patient data (e.g. the Act on the Processing of Client Data in Social Welfare and Health Care (703/2023), the "Customer Data Act") and the EU General Data Protection Regulation (2016/679, GDPR) and the National Data Protection Act (1050/2018).
Data generated from the use of services can be processed based on legislation, for example, as follows:
- Planning, arranging, and implementing treatment and monitoring (Customer Data Act 703/2023)
- Retention of data generated by healthcare services (Customer Data Act 703/2023)
- Obligations of the Communicable Diseases Act for healthcare service providers (Communicable Diseases Act 1227/2016)
- Data processing, ensuring the quality of care and patient safety (Patient Act 785/1992)
- Access management and supervision of patient data processors, prevention of misuse, ensuring data security and enabling the correction of data (Customer Data Act 703/2023)
- Invoicing (Accounting Act 1336/1997)
- Research and statistical purposes (Act on the Secondary Use of Health Care 552/2019)
- Knowledge management (Act on the Secondary Use of Information 552/2019)
- Regarding the EU General Data Protection Regulation, the processing of your personal data is based, for example, on:
- your consent to data processing
- for the performance of a contract with the controller
- compliance with a legal obligation to which the controller is subject
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests of the data subject or by your fundamental rights and freedoms, which require the protection of personal data
- special categories of personal data (health data and biometric data) are processed based on the EU's General Data Protection Regulation and national data protection law
Processing based on consent includes:
- Obtaining and disclosing your patient data
- Making your information available to professional users treating you through SYNLAB Professional Online Services (adding and retrieving information from the portal is based on your consent to your caring physician)
- Marketing purposes
Based on legitimate interest, your data is processed for
- Planning, developing, managing, reporting, and monitoring our operations, unless it is based on the previously mentioned legal bases.
- As necessary to establish, exercise and defend legal claims relating to your relationship with SYNLAB.
Where do we get information from?
Personal data is primarily obtained directly from you in connection with the use of the service or during your customer relationship. Personal data may also be obtained from the following sources:
- A close relative, guardian or legal representative associated with your profile.
- A party providing identification, verification, address, update, credit information, payment transfer or other similar services.
- From another healthcare service provider or nursing staff, for example through the Kanta service
- Based on your consent from our partner
- From the population register
- From the Finnish Cancer Registry when producing screening studies for wellbeing services counties
- National Institute for Health and Welfare
- From your insurance company
- Authority
How long do we keep the data?
Our obligation to store patient data is based on the Customer Data Act (703/2023), which also defines the length of the data retention periods. Patient records are mainly stored for at least 12 years after the patient's death or 120 years after the patient's birth.
To whom do we disclose data?
Patient data is permanently confidential, and our staff is bound by professional secrecy with regard to the customer data they process and other personal information concerning our customers. The obligation of professional secrecy continues even after the termination of the employment relationship.
Patient data may only be disclosed to another healthcare organization or authority or to other parties prescribed by law with the consent of the patient or his/her legal representative or based on legislation.
Health care service providers have the right to receive and use the patient data of other healthcare service providers in order to organize and implement the patient's health service. The right of access to information requires the customer's consent or permission to disclose to Kanta, i.e. the Patient Data Repository's Will Express Service, for which My Kanta serves as the patient's user interface. The permission to disclose the stock applies to all patient records, and the patient can limit its scope by means of prohibitions.
If, due to a memory disorder, mental disorder, mental retardation or similar reason, a patient is not in a position to assess the significance of the transfer permit granted to Kanta and does not have a legal representative, or if the transfer permit cannot be obtained due to the patient's unconsciousness or other comparable reason, the service provider has the right, notwithstanding secrecy provisions, to receive and use the necessary patient data of other health care service providers for the purpose of the patient's necessary to organize or implement health services without the patient's consent to patient data.
The service provider may, on its own initiative or at the request of a foreign health care service provider, disclose necessary patient data for the organization or implementation of the patient's health service if the patient is not in a position to assess the significance of the transfer permit due to a memory disorder, mental disorder, mental retardation or similar reason and does not have a legal representative, or if the transfer permit cannot be obtained due to the patient's unconsciousness or other comparable for a reason. (Act on the Processing of Client Data in Social Welfare and Health Care (703/2023).)
Data may be disclosed to a debt collection agency for the collection of receivables (Act on the Recovery of Receivables (513/1999), Section 16).
Patient data is transferred to the patient archive of Kanta Services maintained by Kela, from where the disclosure of data is based on the patient's consent. (Act on the Processing of Client Data in Social Welfare and Health Care 703/2023).
Data may be disclosed to another natural or legal person for whose vital interests the data is necessary if the information is necessary and the right to privacy does not override the aforementioned need for use (EU General Data Protection Regulation, Article 6 (1.e)).
Patient data may be disclosed for research and statistical purposes (Data Protection Act, section 31).
The disclosure and receipt of patient data is recorded in the patient's data. Patients have the right to receive, upon written request, information on who has used or to whom data concerning them has been disclosed and the grounds for the use or disclosure in order to clarify or exercise their rights related to the processing of their customer data. (Act on the Processing of Client Data in Social Welfare and Health Care 703/2023).
Do we transfer data outside the EU or EEA?
The patient information systems we use are located within the European Union (EU) or the European Economic Area (EEA) and we mainly process patient data within the EU/EEA. However, data may be transferred outside the EU/EEA in accordance with the EU General Data Protection Regulation if it is necessary for the provision of our services. In these cases, the transfer will be carried out using a transfer mechanism approved by the EU Commission's data protection legislation.
Typical situations in which data may need to be transferred outside the EU/EEA include, for example, technical maintenance, servicing and fault repair of patient information systems and medical devices, which cannot always be implemented from the EU/EEA due to the location of the support functions of system and device suppliers.
How do we ensure the security of the processing of personal data?
Data security measures prevent inappropriate and unauthorized processing of personal data and the destruction, loss or accidental or unauthorized alteration of personal data. We protect your personal data with various technical and organisational measures, and the level of protection is continuously assessed. The means of protection include firewalls, monitoring of the technical environment, continuous maintenance of personnel competence, planning, directing and monitoring data processing, access management, access rights management and access control, auditing, selecting our partners, agreeing on the processing of personal data with our partners, defining roles and responsibilities, reacting immediately to process deviations and feedback, performing corrective actions and monitoring indicators.
The processing of personal data may also be outsourced to external service providers. When SYNLAB purchases services from third parties to support its own services, the processing and protection of personal data is contractually agreed.
What are your rights as a data subject?
The implementation of the rights of the data subject is requested from the controller. Please note that if you have a treatment relationship with another healthcare service provider that uses SYNLAB as a subcontractor, the controller is the service provider responsible for your treatment (e.g. the wellbeing services county) or with whom you have made an agreement on the service (for example, another private healthcare service provider). SYNLAB is not the data controller in these cases.
Due to confidentiality obligations in the patient registry, when a data subject invokes his or her rights (access, rectification, erasure, restriction of processing), SYNLAB must reliably identify the patient. E-mail enquiries can only be answered with general advice.
A guardian cannot exercise the right of inspection of an incompetent person or a person under guardianship, unless the decision on guardianship has extended the right to guardianship to the person's medical records. A certificate of guardianship must be presented.
As a data subject, you have::
Right of access to your personal data:
You have the right to know whether we process personal data concerning you. If we are processing, you have the right to receive a copy of the data, unless we have a legal basis for refusing to do so.
When reviewing your personal data, we need to identify the person requesting the information. We may also request additional information in unclear situations. If you wish, you can also check your contact information, referrals, data protection form and received diagnostic results through our online service.
Right to request rectification of incorrect data:
You can ask us to rectify, i.e. correct, your data if it is incorrect or outdated. If we are unable to carry out the rectification, we will inform you of the legal grounds for this.
You can also change your contact information through our online service or when visiting our office.
Right to request deletion:
Health care professionals are obligated to make patient records of all patient service events. Medical records must be stored in accordance with the Customer Data Act (703/2023). The statutory obligation to retain patient data excludes the possibility of erasing data. Patient records are mainly stored for at least 12 years after the patient's death or 120 years after the patient's birth.
Right to request restriction of processing of your data:
If you believe that the data we process about you is inaccurate, is being processed unlawfully or you have objected to the processing of your data, you can ask us to restrict the processing of your data. The request shall state the reasons on which it is based. In this case, we will only process your data
- With your consent
- If we need the data for the establishment, exercise or defense of legal claims;
- in the public interest, or
- to protect the rights of another person
If we restrict the processing of data on the basis of your request, we are obliged, where possible, to inform all parties to whom the data has previously been disclosed of the restriction.
Right to object to the processing of your data:
You can object to the processing of your personal data when the legal basis for processing is the controller's legitimate interest. You can do so at any time based on your particular situation. In this case, we may no longer process your personal data, unless there are compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.
Please note that in order to fulfil the above-mentioned rights, we must receive sufficient information about your dealings with us and verify your identity adequately. For more information and guidance on exercising the rights of data subjects, please visit our website.
If you wish, you also have the right to lodge a complaint about the processing of personal data with a supervisory authority, which in Finland is the Office of the Data Protection Ombudsman www.tietosuoja.fi.
Further information on your rights and the processing of personal data in healthcare can be found on the website of the Office of the Data Protection Ombudsman: https://tietosuoja.fi.
Contact details
Contacts in matters concerning the register:
SYNLAB Suomi Oy / Medical Director
Kivihaantie 7
00310 Helsinki
info@synlab.fi
Contact details of SYNLAB Finland's Data Protection Officer:
SYNLAB Suomi Oy / Data Protection Officer
Kivihaantie 7 00310 Helsinki
tietosuojavastaava@synlab.fi
Terms of Use
SYNLAB Customer Online Services Terms of Use +
1. Application of the Terms of Use
The use of this customer online service (hereinafter "Online services" or “Service”) provided by SYNLAB Suomi Oy (hereinafter referred to as the "Company") requires that the user logged for the Service (hereinafter referred to as the "User") accepts these terms and undertakes to comply with them. The User must read these Terms carefully before using the Service.
2. Acceptance of the Terms of Use and logging in to the Service
The use of Online services is voluntary for the User. In addition to Online services, the User can access their key health data through the nationwide My Kanta Pages, agree on the delivery of test results with the Company's office, or make a separate request to the Company for the delivery of copies of patient documents.
The User accepts these terms of use when logging in and when using the Online services. Logging in to the Service are carried out using the User's strong authentication. When logging in for the first time, the User will be asked for contact information.
The right to use the Online services is personal and the User must always use their own means of identification when logging in to the Service. The User may not disclose the credentials used for strong authentication to a third party.
The User is solely responsible for the use of personal Online services as required by these Terms of Use. The User must notify the Company immediately if the User detects or suspects misuse of their Online services.
The Company has the right to block the User's access to the Online services either in whole or in part for any reason and at any time.
The Service can also be used by minors who have a personal means of strong electronic identification, such as a mobile certificate or online banking credentials. The guardian of a minor does not have the right to use Online services with the minor's credentials.
3. Purpose and use of Online services
Online services are intended for private customers. By accepting the terms of use, the customer gets access to the system for viewing their own data. Through the Online services, the User's contact information, research results, consents, or other information relevant to the Service can be viewed and managed, as well as payments made for the use of the Services. The data in Online services are patient data, the processing of which is subject to national regulations.
The Company may use the User's Online service to manage customer relationships, to create, monitor and analyze customer history, feedback, satisfaction data, surveys, to communicate with customers, target marketing and services, and for other purposes mentioned in the organization, development, and provision of services and for the purposes mentioned in data protection information concerning the service. Online services may also provide information about third-party services or links to such services. The Company has the exclusive right to decide to what extent and in what content it provides the Service to the User.
The User is responsible for the appropriate security of his/her own devices, systems, IDs, and operations.
Online services work on the Internet and can be used via a secure data connection, for example, through the browser of a computer, mobile phone, tablet, or other device.
4. Payments and other services
The use of Online services or related services may be free of charge. The User shall be informed in advance of fees and other charges as well as of any changes thereto in the Online service.
If a payment for the use of Services related to Online transactions has not been made, the Company may prevent the survey response in question from appearing in the Online services until the payment has been made.
When the User uses any third-party services mediated in the Online service, the price lists, and terms of the third party in question shall be applied to them. The User shall be informed in advance of fees and other charges as well as of any changes thereto in the Online service.
The User is solely responsible for the costs incurred by the User in using the Online services, such as their own data connection, hardware, and software costs.
5. Content of Online services and third-party services
Information presented in the Online services cannot be considered an offer, invitation, commitment, or other binding expression binding on the Company, unless otherwise stated.
In online transactions, third-party services or links to such services may also be offered or transmitted. With their consent, the User may allow the transfer of their personal data and other information from third-party services to Online services or from Online services to third-party services. When the User uses third-party services through Online services, a contractual relationship is established between the User and the third party. The Company is not a contracting party in connection with the use of third-party services. The Company is not responsible for the availability, content, or functionality of a third-party service, for information transmitted or provided by the User and a third party, or for their accuracy or delivery, regardless of whether the information is provided for or from Online services. The Company is not otherwise responsible for any information, services, actions, or omissions provided by the User or a third party. Before using third-party services, the User must separately accept the terms of use of these services.
6. Rights and obligations of the User and the Company
The User undertakes to use the Service in accordance with good practice, legal requirements, and terms of use valid at any given time, as well as other Company regulations and instructions. The Service may not be used for commercial purposes.
The User is responsible for the accuracy and arrival of the information provided and stored in the Service. The user must take all reasonable steps to ensure that the material does not contain viruses or is otherwise harmful.
The company has the right to check the accuracy of the name, personal and address information of individuals from the population information system or other known systems.
If the User notices or suspects that his/her own or another person's information may be incorrect or incomplete or use contrary to these terms and conditions, he/she shall immediately notify the Company.
The User is also responsible for ensuring that no illegal or otherwise inappropriate material is sent to or from the Online services. If the User sees another person's information, the Company must be notified without delay.
The User shall be liable for any damage or omission caused by the User's actions, including damages or omissions related to the processing of personal data.
The Company is responsible for the data security of online transactions and the protection of data other than those performed by the User.
The Company is not responsible for the comprehensiveness, accuracy or uninterruptibility of online transactions or for the consequences of using or not using the Service. The Company has the right to restrict, suspend or remove content from the Service at its sole discretion, for example due to load or other technical reasons, or due to maintenance, suspected misuse, or connection problems.
7. Use of personal and other information
Users logged in to the Online services will have access to their own personal information generated using the Company's services, such as contact information, appointments, consents, and results, as well as invoices and payment information. The Service contains health information. The information is confidential. In addition to the terms of use, logging in to the Service requires acceptance of data protection information. The logged-in user's activity in Online services is recorded in log data.
The User can enter or change information in Online services to the extent that Online services allow it at any given time. Other personal data displayed to the User in Online services originates from the patient register of the Company or another service Provider purchasing services from the Company. The processing of personal data is described in the privacy policy of the Company's patient register or in other information about the data protection of the Service Provider using the Company's services (e.g. the Privacy Policy). Privacy Policy).
The Company processes personal data in accordance with mandatory legislation and other data protection regulations valid at any given time, these terms of use and the consents, prohibitions and restrictions given by the User and ensures the implementation of privacy protection in their processing. Personal information will only be used in accordance with the Company's privacy policies.
Personal data will not be used for marketing purposes without the User's consent. If the User wishes to receive electronic direct marketing concerning the Company or third parties, he/she may give his/her separate consent in the Online services. You can withdraw and manage your consent at any time.
The Company may collect, process, and analyze data on the use of Online services, traffic, events and other statistical data related to the pages. The Company may also obtain such information from reliable third parties. Such information cannot be restored to an individual identifiable person.
Third-party services and websites have their own personal data protection policies. The Company is not responsible for the operation of such third-party sites or services. Before accessing websites maintained by third parties through Online services or before using third-party services, the User must familiarize themselves with the principles of personal data protection of their pages and services.
The Company uses essential cookies to facilitate the usability of the website, such as navigating the pages and using the forms on the site. If the User does not allow the use of mandatory cookies, the website may not function properly. If the Company uses other cookies, the Company will inform you about them separately on its website.
8. Intellectual Property Rights of the Service
The Company or a third party has intellectual property rights to all content, layout, and material available from the Online services. Copying, printing, distributing, transmitting, modifying, linking to other websites and any other commercial exploitation, or making available to the public without the written permission of the Company, is prohibited. However, the User may print and save material available for or from Online services for their own private use. If material from online transactions is quoted in accordance with the Copyright Act (404/1961), the source must always be stated. However, trademarks and logos included in online transactions may not be copied, published, or further distributed without written permission from the Company.
9. Limitation of Liability
The Company produces and delivers online transactions according to the principles "as is" and "as available". The Company does not guarantee that the Online services can be used without interruptions or errors. The Company makes no warranty as to the availability, accuracy, reliability, or content of the Online services. The Company is not responsible for the content, accuracy or possible errors, omissions or delays in the information presented to the User or a third party in the Online services. The User is responsible for ensuring that they have a functional connection and sufficient technical skills and programs for using Online services. The User is also responsible for the safety and functionality of the devices and software they use.
The purpose of Online services is to support communication between the User and the Company, and the management of information related to the use of the Company's services, thereby supporting the customer relationship between the Company and the User.
The Company shall not be liable in any way for direct or indirect damages caused using the Online service or its interruption, even if the Company has been notified of the possibility of such damage. Furthermore, the Company is not responsible for any destruction or alteration of data or for any costs incurred by the User in recreating it. The Company shall also not be liable for damage if fulfilling the obligations under these Terms of Use would be contrary to the Company's statutory obligations. The Company is not responsible for the costs incurred by the User or a third party, nor for the costs caused by the use or non-use of the Online services, or otherwise for direct or indirect damages to the User or third party. In all situations, the Company's liability is limited to the total amount of payments made by the User to the Company for the use of Online services.
10. Force majeure
Neither the Company nor the User shall be liable for damage caused by non-performance of an obligation caused by an unusual or unforeseeable reason beyond the party's control. The party must be able to prove the existence of such a reason.
A party claiming force majeure must notify the other party to these Terms of Use as soon as possible of any impediment to him/her. The Company may report force majeure on its own website or in a national daily newspaper, for example.
11. Cancellation and termination of Online services
The use of the Company's Online services is voluntary for the User. The Online services serve as the User's user interface to their own patient data, and starting to use the Online services does not constitute a separate registration or account for the Service user.
The Company has a legal obligation to store and thus process patient data, which means that it cannot be deleted. Discontinuing the use of Online services does not affect storing patient data and their visibility in the Online services to the User who later logs in to the Service again. The Company also has the right to continue processing data that the Company has the right to store based on, for example, an agreement between the User and the Company (e.g. the User's address information for incomplete invoicing).
The Company has the right, for a justified reason, to close the User's access to the Online services if the use of the Online services causes harm to the Company, the User or a third party, or if the Online services have otherwise been used in violation of these Terms of Use, current legislation or in violation of good manners. The Company has the right to restrict the display of information in the User's Online services if the possible fees set as grounds for the use of the Service have not been paid.
12. Change to the Terms of Use
The Company has the right to amend these Terms of Use, limit the content, prices and terms of Online services, and issue regulations on the use of Online services unilaterally, at any time at its sole discretion. The change will enter into force on the date announced by the Company. If the User does not accept the changes, he/she may refuse to accept them by terminating and closing the Online services in accordance with these terms of use. If the User continues to use the Service, this means acceptance of the changes.
13. Governing Law and Jurisdiction
These Terms of Use are governed by Finnish law.
Disputes arising from these Terms of Use shall primarily be resolved through negotiations between the parties. If the dispute cannot be settled in this way, the dispute may be handled in the District Court of Helsinki or in the district court of the place in Finland where the User is domiciled or habitually resident.
Last update 22.1.2025
The use of this customer online service (hereinafter "Online services" or “Service”) provided by SYNLAB Suomi Oy (hereinafter referred to as the "Company") requires that the user logged for the Service (hereinafter referred to as the "User") accepts these terms and undertakes to comply with them. The User must read these Terms carefully before using the Service.
2. Acceptance of the Terms of Use and logging in to the Service
The use of Online services is voluntary for the User. In addition to Online services, the User can access their key health data through the nationwide My Kanta Pages, agree on the delivery of test results with the Company's office, or make a separate request to the Company for the delivery of copies of patient documents.
The User accepts these terms of use when logging in and when using the Online services. Logging in to the Service are carried out using the User's strong authentication. When logging in for the first time, the User will be asked for contact information.
The right to use the Online services is personal and the User must always use their own means of identification when logging in to the Service. The User may not disclose the credentials used for strong authentication to a third party.
The User is solely responsible for the use of personal Online services as required by these Terms of Use. The User must notify the Company immediately if the User detects or suspects misuse of their Online services.
The Company has the right to block the User's access to the Online services either in whole or in part for any reason and at any time.
The Service can also be used by minors who have a personal means of strong electronic identification, such as a mobile certificate or online banking credentials. The guardian of a minor does not have the right to use Online services with the minor's credentials.
3. Purpose and use of Online services
Online services are intended for private customers. By accepting the terms of use, the customer gets access to the system for viewing their own data. Through the Online services, the User's contact information, research results, consents, or other information relevant to the Service can be viewed and managed, as well as payments made for the use of the Services. The data in Online services are patient data, the processing of which is subject to national regulations.
The Company may use the User's Online service to manage customer relationships, to create, monitor and analyze customer history, feedback, satisfaction data, surveys, to communicate with customers, target marketing and services, and for other purposes mentioned in the organization, development, and provision of services and for the purposes mentioned in data protection information concerning the service. Online services may also provide information about third-party services or links to such services. The Company has the exclusive right to decide to what extent and in what content it provides the Service to the User.
The User is responsible for the appropriate security of his/her own devices, systems, IDs, and operations.
Online services work on the Internet and can be used via a secure data connection, for example, through the browser of a computer, mobile phone, tablet, or other device.
4. Payments and other services
The use of Online services or related services may be free of charge. The User shall be informed in advance of fees and other charges as well as of any changes thereto in the Online service.
If a payment for the use of Services related to Online transactions has not been made, the Company may prevent the survey response in question from appearing in the Online services until the payment has been made.
When the User uses any third-party services mediated in the Online service, the price lists, and terms of the third party in question shall be applied to them. The User shall be informed in advance of fees and other charges as well as of any changes thereto in the Online service.
The User is solely responsible for the costs incurred by the User in using the Online services, such as their own data connection, hardware, and software costs.
5. Content of Online services and third-party services
Information presented in the Online services cannot be considered an offer, invitation, commitment, or other binding expression binding on the Company, unless otherwise stated.
In online transactions, third-party services or links to such services may also be offered or transmitted. With their consent, the User may allow the transfer of their personal data and other information from third-party services to Online services or from Online services to third-party services. When the User uses third-party services through Online services, a contractual relationship is established between the User and the third party. The Company is not a contracting party in connection with the use of third-party services. The Company is not responsible for the availability, content, or functionality of a third-party service, for information transmitted or provided by the User and a third party, or for their accuracy or delivery, regardless of whether the information is provided for or from Online services. The Company is not otherwise responsible for any information, services, actions, or omissions provided by the User or a third party. Before using third-party services, the User must separately accept the terms of use of these services.
6. Rights and obligations of the User and the Company
The User undertakes to use the Service in accordance with good practice, legal requirements, and terms of use valid at any given time, as well as other Company regulations and instructions. The Service may not be used for commercial purposes.
The User is responsible for the accuracy and arrival of the information provided and stored in the Service. The user must take all reasonable steps to ensure that the material does not contain viruses or is otherwise harmful.
The company has the right to check the accuracy of the name, personal and address information of individuals from the population information system or other known systems.
If the User notices or suspects that his/her own or another person's information may be incorrect or incomplete or use contrary to these terms and conditions, he/she shall immediately notify the Company.
The User is also responsible for ensuring that no illegal or otherwise inappropriate material is sent to or from the Online services. If the User sees another person's information, the Company must be notified without delay.
The User shall be liable for any damage or omission caused by the User's actions, including damages or omissions related to the processing of personal data.
The Company is responsible for the data security of online transactions and the protection of data other than those performed by the User.
The Company is not responsible for the comprehensiveness, accuracy or uninterruptibility of online transactions or for the consequences of using or not using the Service. The Company has the right to restrict, suspend or remove content from the Service at its sole discretion, for example due to load or other technical reasons, or due to maintenance, suspected misuse, or connection problems.
7. Use of personal and other information
Users logged in to the Online services will have access to their own personal information generated using the Company's services, such as contact information, appointments, consents, and results, as well as invoices and payment information. The Service contains health information. The information is confidential. In addition to the terms of use, logging in to the Service requires acceptance of data protection information. The logged-in user's activity in Online services is recorded in log data.
The User can enter or change information in Online services to the extent that Online services allow it at any given time. Other personal data displayed to the User in Online services originates from the patient register of the Company or another service Provider purchasing services from the Company. The processing of personal data is described in the privacy policy of the Company's patient register or in other information about the data protection of the Service Provider using the Company's services (e.g. the Privacy Policy). Privacy Policy).
The Company processes personal data in accordance with mandatory legislation and other data protection regulations valid at any given time, these terms of use and the consents, prohibitions and restrictions given by the User and ensures the implementation of privacy protection in their processing. Personal information will only be used in accordance with the Company's privacy policies.
Personal data will not be used for marketing purposes without the User's consent. If the User wishes to receive electronic direct marketing concerning the Company or third parties, he/she may give his/her separate consent in the Online services. You can withdraw and manage your consent at any time.
The Company may collect, process, and analyze data on the use of Online services, traffic, events and other statistical data related to the pages. The Company may also obtain such information from reliable third parties. Such information cannot be restored to an individual identifiable person.
Third-party services and websites have their own personal data protection policies. The Company is not responsible for the operation of such third-party sites or services. Before accessing websites maintained by third parties through Online services or before using third-party services, the User must familiarize themselves with the principles of personal data protection of their pages and services.
The Company uses essential cookies to facilitate the usability of the website, such as navigating the pages and using the forms on the site. If the User does not allow the use of mandatory cookies, the website may not function properly. If the Company uses other cookies, the Company will inform you about them separately on its website.
8. Intellectual Property Rights of the Service
The Company or a third party has intellectual property rights to all content, layout, and material available from the Online services. Copying, printing, distributing, transmitting, modifying, linking to other websites and any other commercial exploitation, or making available to the public without the written permission of the Company, is prohibited. However, the User may print and save material available for or from Online services for their own private use. If material from online transactions is quoted in accordance with the Copyright Act (404/1961), the source must always be stated. However, trademarks and logos included in online transactions may not be copied, published, or further distributed without written permission from the Company.
9. Limitation of Liability
The Company produces and delivers online transactions according to the principles "as is" and "as available". The Company does not guarantee that the Online services can be used without interruptions or errors. The Company makes no warranty as to the availability, accuracy, reliability, or content of the Online services. The Company is not responsible for the content, accuracy or possible errors, omissions or delays in the information presented to the User or a third party in the Online services. The User is responsible for ensuring that they have a functional connection and sufficient technical skills and programs for using Online services. The User is also responsible for the safety and functionality of the devices and software they use.
The purpose of Online services is to support communication between the User and the Company, and the management of information related to the use of the Company's services, thereby supporting the customer relationship between the Company and the User.
The Company shall not be liable in any way for direct or indirect damages caused using the Online service or its interruption, even if the Company has been notified of the possibility of such damage. Furthermore, the Company is not responsible for any destruction or alteration of data or for any costs incurred by the User in recreating it. The Company shall also not be liable for damage if fulfilling the obligations under these Terms of Use would be contrary to the Company's statutory obligations. The Company is not responsible for the costs incurred by the User or a third party, nor for the costs caused by the use or non-use of the Online services, or otherwise for direct or indirect damages to the User or third party. In all situations, the Company's liability is limited to the total amount of payments made by the User to the Company for the use of Online services.
10. Force majeure
Neither the Company nor the User shall be liable for damage caused by non-performance of an obligation caused by an unusual or unforeseeable reason beyond the party's control. The party must be able to prove the existence of such a reason.
A party claiming force majeure must notify the other party to these Terms of Use as soon as possible of any impediment to him/her. The Company may report force majeure on its own website or in a national daily newspaper, for example.
11. Cancellation and termination of Online services
The use of the Company's Online services is voluntary for the User. The Online services serve as the User's user interface to their own patient data, and starting to use the Online services does not constitute a separate registration or account for the Service user.
The Company has a legal obligation to store and thus process patient data, which means that it cannot be deleted. Discontinuing the use of Online services does not affect storing patient data and their visibility in the Online services to the User who later logs in to the Service again. The Company also has the right to continue processing data that the Company has the right to store based on, for example, an agreement between the User and the Company (e.g. the User's address information for incomplete invoicing).
The Company has the right, for a justified reason, to close the User's access to the Online services if the use of the Online services causes harm to the Company, the User or a third party, or if the Online services have otherwise been used in violation of these Terms of Use, current legislation or in violation of good manners. The Company has the right to restrict the display of information in the User's Online services if the possible fees set as grounds for the use of the Service have not been paid.
12. Change to the Terms of Use
The Company has the right to amend these Terms of Use, limit the content, prices and terms of Online services, and issue regulations on the use of Online services unilaterally, at any time at its sole discretion. The change will enter into force on the date announced by the Company. If the User does not accept the changes, he/she may refuse to accept them by terminating and closing the Online services in accordance with these terms of use. If the User continues to use the Service, this means acceptance of the changes.
13. Governing Law and Jurisdiction
These Terms of Use are governed by Finnish law.
Disputes arising from these Terms of Use shall primarily be resolved through negotiations between the parties. If the dispute cannot be settled in this way, the dispute may be handled in the District Court of Helsinki or in the district court of the place in Finland where the User is domiciled or habitually resident.
Last update 22.1.2025