Data controller
Data protection
Duodecim Publishing Company Ltd
Kaivokatu 8
00100 Helsinki
Tel. 09 618 851
Contact data
Customer service e-mail: info@duodecim.fi
Data subjects
The data subjects are users of the Duodecim self-care service.
Duodecim self-care service includes the following:
- Duodecim STAR® health check and coaching
- Duodecim Omahoito®
Purpose of processing personal data
Personal data are processed for the following purposes:
- Enabling the use of STAR health check and coaching programmes
- Sending coaching messages to the user’s e-mail address
- The legal basis for processing personal data is the data subject’s consent (GDPR Article 6(1)(a)).
Data content of the registers
STAR Health Check
During the STAR Health Check, the user fills in their health information in a non-identifiable form (pseudonymously), meaning the data cannot be directly linked to an individual. Based on the information provided, the service uses algorithmic reasoning to generate a personalized report. The report informs the user, for example, about potential health risks and provides an estimated life expectancy.
The data are not stored permanently in the system. They are used only during the analysis and are completely deleted once the session ends. The user may choose to save the generated report for personal use immediately after completing the health check. The system also collects anonymized usage data about how the service is used. These data cannot be linked to any individual user.
Coaching Programs
Using the coaching programs included in the service requires providing an email address. The service forwards the user’s email address and information about the selected coaching program to the LianaMailer email platform. LianaMailer stores the email address in its system for the purpose of sending coaching messages.
Self-care
No personal data are collected.
Recipients of Data
The service transmits only the user’s email address and information about the selected coaching programme to LianaMailer for the purpose of sending coaching messages. No other personal data are transferred.
Data Controller: Kustannus Oy Duodecim
Data Processor: © Liana Technologies (LianaMailer)
Transfer of Data to a Wellbeing Services County’s Digital Platform
In certain cases, the service may be integrated with the digital platform of a wellbeing services county. In such cases, the user may, on their own initiative, choose to transfer the data from the health check and coaching programme to the wellbeing services county’s system.
The transfer takes place only if the user actively selects the “Send” function in the service. During the transfer, the user logs in to the digital platform using strong electronic identification.
The data collected and analysed pseudonymously within the service are then linked to the user’s personal data (e.g., personal identity code) within the wellbeing services county’s system. Responsibility for any further processing of the data then transfers to the respective wellbeing services county, acting as the data controller.
Transfer of Data Outside the EU or EEA
Data are not transferred outside the EU or the European Economic Area (EEA).
If any data were to be transferred outside the EU or EEA in the future, such transfer would always comply with the applicable data protection legislation.
Data Retention Period
The data collected pseudonymously during the health check are automatically deleted once the session ends. LianaMailer regularly assesses the need to delete personal data through an automated review every three months. If a user has not used the service for more than 180 days at the time of review, the user’s data will be deleted from both LianaMailer and the LianaAutomation system.
Anonymised usage data are retained indefinitely for the purpose of improving and developing the service.
Principles of Register Protection
Personal data are processed securely, and appropriate technical and organisational measures have been implemented to protect the data.
Rights of the Data Subject
The data subject has the following rights.
Requests to exercise these rights should be sent to: info@duodecim.fi
Right of Access and Rectification
The data subject has the right to access the personal data stored by the data controller and to request correction of any inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”) and Right to Restrict Processing
If the data subject believes that the processing of personal data is no longer necessary for the stated purposes, they have the right to request deletion of the data.
The data controller will review the request and either delete the data or provide a justified reason why the data cannot be deleted.
If the data subject disagrees with the decision, they have the right to file a complaint with the Data Protection Ombudsman.
The data subject also has the right to request that the processing of disputed data be restricted while the matter is under review.
Right to Object to Processing
The data subject has the right to object to the processing of their personal data if they believe that the data have been processed unlawfully or without a legitimate basis.
Right to Data Portability
Where the processing of data is based on a contract, the data subject has the right to receive the personal data they have provided to the controller in a machine-readable format and to transfer those data to another controller.
Right to Lodge a Complaint
The data subject has the right to lodge a complaint with the Office of the Data Protection Ombudsman (www.tietosuoja.fi) if they believe that the data controller has violated applicable data protection legislation.
Updates to the Privacy Notice
We reserve the right to modify and update this Privacy Notice as necessary.
Any material changes will be clearly communicated within our self-care services.
Form version: Privacy Notice updated 9.10.2025