Skip to content

The TEHDAS1 project has ended. This page is archived and no longer updated. For the latest information, please visit our new website on TEHDAS2.

Project Packages Partners Events Results

Data protection

Updated on 7 July 2022

The terms of use specified on this page are applied to the website maintained by the Finnish Innovation Fund Sitra and the material presented on the website.

Through the forms used on the website, we also collect personal data for the TEHDAS Stakeholder Opel Call (specified below under the heading Privacy policy for the TEHDAS Stakeholder Open Call).

Terms of Use

Purpose of the website

The objective of website is to disseminate the views and outcomes realised in the work of the Joint Action Towards the European Health Data Space (TEHDAS) project. The website contains news, articles, blogs, publications, descriptions of the project and other similar content.

Right of use

As a user of this website, you may share the content found on the website pages in external web communities and services in accordance with the terms of use of these communities and services as well as with separate terms of use applicable to them. When using the comment tools of other community services, the terms of use specific to these tools shall apply. Should the user share content outside this website, Sitra or the other TEHDAS project partners will not be responsible for the processing of information subject to third party terms of use.

As a user, you may copy, distribute and edit content found on the website in accordance with these terms of use on the condition that the content producer and source are cited when being used. However, the use of photographs found on this website is prohibited. The sale or use of this website’s content or any part of it in a manner that diminishes its value or purpose is prohibited.

Intellectual property

Sitra holds the ownership rights of the material and content found on the website, with the exception of material produced by third parties, for which Sitra only holds a right of use. The copyrights and other rights to these types of texts, images and other third-party materials found on this website belong to the producers or registration holders of said materials.

Sitra reserves all rights to use the registered trademark “Sitra” and other equivalent intellectual property. Use of these rights shall always require the advance written consent of Sitra.

Exemption from liability

Texts found on this website contain the personal thoughts and opinions of authors. They are not the official opinions of the organisations represented by these authors. The authors are personally responsible for the content of their texts.

Under no circumstances shall Sitra be held liable for any indirect or incidental damages or damages that may arise from the use of or confidence in the information and material presented. Sitra shall also not be held liable for any damages caused by an interruption of website use or an inability to access the pages.

The website contains web communities maintained by the project partners as well as links to websites owned or maintained by third parties. By accessing these linked websites, the user hereby agrees to the fact that these pages are not under the control of Sitra, nor does Sitra have any possibility of influencing the content of materials created or published on them. The linked websites may also be subject to terms restricting use, which must be read before using the website. Sitra is in no way responsible for the material contained on third-party websites.


What information do we collect about the users of the website and why?

Sitra collects information about the users of its website through Matomo Analytics and Siteimprove services and cookies.

A cookie is a small text file sent to the user’s browser and it usually contains an anonymous identification number. The cookie is not harmful to the terminal device. Some cookies are related to website functions, such as the selection of a graphical or plain text version or enlarging the font size. Others are used for keeping statistics on website use. If you wish, you may decline the use of cookies by changing your browser settings or changing your cookie settings from the link at the bottom of this page.

With the help of the cookies, Matomo Analytics and Siteimprove, general statistical information is collected on website use for improving the service. Such information includes the number of visitors, the user’s country, time spend using the website, the browser used, the content accessed by the visitor and the website from which the visitor accessed the service. An individual user is identified using the data stored in Matomo and Siteimprove, but the data cannot be used to connect the individual to a natural person.

For more information on Matomo Analytics, please visit You can find more information on Siteimprove at You can refuse the collection of data by adjusting your cookie settings from the link at the bottom of this page.

The terms of use and other conditions of the third party concerned are applied to services offered or applications supplied by a third party on Sitra’s website.

Possible changes and the applicable law

These terms of use shall enter into force on 1 March 2021 and remain in effect until further notice. Information about possible changes to the terms of use will always be displayed on this page.

With the exception of its choice of law provisions, Finnish law shall apply to any disputes arising from these terms of use as well as the content or use of the website.

Privacy policy for the TEHDAS Stakeholder Open Call

1   Controller

Controller of the register:
Sitra, the Finnish Innovation Fund (business ID 0202132-3)

Contact person in matters concerning the register:
Taru Ryske
Project Coordinator

Sitra, the Finnish Innovation Fund
Address: Itämerenkatu 11-13, PO Box 160, FI-00181 Helsinki
Tel: +358 294 618 991

Data Protection Officer:
Janika Skaffari
Specialist, Administration

2  Name of the register

TEHDAS Stakeholder Open Call

3  Purpose of personal data processing

The Joint Action Towards the European Health Data Space (TEHDAS) is inviting stakeholders to join the project. TEHDAS has opened a Stakeholder Open Call to involve the stakeholders from Europe in the project. Sitra shall process personal data for the purposes of selecting experts for the group or forum and arrangements concerning events, workshops and meetings.

Sitra shall also process personal data in connection with other communication targeted at interest groups and collaboration partners, such as surveys, informing and reporting (e.g. newsletters), calls for ideas, as well as providing information on them and marketing them to the target audience.

4  Legal basis for personal data processing

Sitra processes personal data based on consent.

5  Data content of the register (processed personal data categories)

The register contains the following personal data about stakeholders. The data in section (a) to (d) are collected about all data subjects and the data in sections (e) to (g) are collected when necessary.

(a) The person’s (data subject’s) basic data, such as name, telephone number, e-mail address,

(b) Data on the person’s (data subject’s) work and position, such as title, education, place of work (organisation) and job title,

(c) Data on the person’s (data subject’s) professional knowledge, skills and networks,

(d) Data on the person’s (data subject’s) consents to the data processing,

(e) Direct marketing permissions and prohibitions expressed by the person (data subject).

(f) Data related to communication between the data subject and Sitra, such as subscriptions to newsletters and other lists, registration for and participation in events and meetings, as well as any correspondence that may be necessary for maintaining the interest group relationship.

In addition to the above-mentioned personal data, the register may contain the following personal data on persons (data subjects) who use Sitra’s information systems that require identification.

(g) Transactions in electronic information systems for a restricted period of time (opened page/file, time stamp, user ID and IP address).

6  Regular data sources

Personal data shall be collected from the data subject.

7  Personal data retention period

The collected data shall be retained only for the duration and to the extent necessary for the original or compatible purposes for which the data was compiled.

In addition, the data listed below shall be retained as per the following retention periods.

(a)  The basic data on the data subjects contained by the register shall be retained as long as is necessary for approval of the experts for the group or forum.

(b)  Stakeholders’ (data subjects’) personal data related to the organisation of a meeting or other similar occasion organised by Sitra shall be retained for the duration project. The data on participants of meetings organised by Sitra are archived.

Sitra shall regularly assess the need to retain the data as per the internal Code of Conduct. Furthermore, Sitra shall perform all possible and required measures to ensure that such personal data that are inaccurate, erroneous or outdated for the purposes of processing are deleted or corrected without delay.

8  Recipients of personal data (recipient categories) and the regular disclosure of data

The personal data contained in the register shall be disclosed to third persons or organisations as follows.

Disclosing personal data to  TEHDAS Competent Authorities (26). In TEHDAS joint action there are three types of Competent Authorities: 14 countries are represented by their ministry of health, 8 countries by their national health institutions and the rest by either regional agencies or other type of public bodies. Personal data may be disclosed for the purpose of reviewing and selecting the stakeholders, communication purposes and for work related to different Forums and Groups during TEHDAS Joint Action.

Bunderministerium für Arbeit, Soziales, Gesundheit und Konsumentenschutz (ATNA), Austria

Sciensano, Belgium

Ministerstvo na Zdraveopazvaneto (MoH-BG), Bulgaria

Hrvatski Zavod za Zdravstveno Osiguranje HZZO (CHIF), Croatia

Ministry of Health of the Republic of Cyprus (MoH-CY), Cyprus

Ministerstvo Zdravotnictvi Ceske Republiky (MZCR), Czech Republic

Region Midtjylland (RM), Denmark

Sotsiaalministeerium – Estonian Ministry of Social Affairs (MoSA), Estonia

Plateforme des données de santé (FR-HDH), France

Bundesministerium für Gesundheit (BMG), Germany

Dioikisi 6is Ygeionomikis Perifereias Peloponnisou Ionion Nyson Ipeirou Kai Dytikis Elladas (6th Y. PE.), Greece

OKFŐ Országos Kórház Főigazgatóságba, National Healthcare Service Center (AEEK), Hungary

Department of Health (DoH-IE), Ireland

Ministero Della Salute (MINSAL), Italy

Lietuvos Reespublikos Sveikatos Apsaugos Ministerija (SAM-LT), Lithuania

Ministry for Health – Government of Malta (DHIR), Malta

Agentia de Transplant (ATRM), Moldova

Ministerie van Volksgezondheit, Welzijn en Sport (VWS), Netherlands

The Norwegian Ministry of Health and Care Services (MoH-NO), Norway

Servicos Partilhados do Ministerio da Saude Epe (SPMS), Portugal

Institut za Zastitu Zdravlja Srbijedr Milan Jovanovic Batut (IPHS ”Batut”), Serbia

Nacionalni Institut za Javno Zdravje (NIJZ), Slovenia

Instituto Aragones de Ciencias de la Salud (IACS), Spain

E-Halsomyndigheten (SEHA), Sweden

NHS Confederation (NHSC), United Kingdom

9  Transferring data outside of the EU or the EEA

The data contained in the register may be transferred outside of the EU or the EEA. When transferring personal data, Sitra observes the model contract clauses approved by the European Commission concerning the transfer of personal data to third countries, implements other appropriate protection measures as necessary or ensures that the adequate level of data protection is guaranteed in the third country.

10  Register protection principles

Any physical data material containing personal data shall be retained in a locked facility that can only be accessed by appointed persons whose duties require access authority.

The databases containing personal data are on servers which are kept in locked facilities that can only be accessed by appointed persons whose duties require access authority. The servers are protected by an appropriate firewall and technical protection.

The databases and systems can only be accessed with separately granted personal user IDs and passwords. Sitra has restricted the access rights and the authorisations to access the data systems and other mediums in such a way that the data can only be accessed and processed by persons who are needed with regard to lawful processing. In addition, the database and system transactions are registered in the logs of Sitra’s IT systems.

Sitra’s employees and other personnel have undertaken to comply with the obligation of secrecy and to keep confidential the information they receive in connection with the personal data processing.

11  Rights of the data subject

The data subject shall have the following rights laid down in the EU’s General Data Protection Regulation.

(a) The right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:

(i) the purposes of the processing;

(ii) the categories of personal data concerned;

(iii) the recipients or recipient groups to whom personal data have been disclosed or will be disclosed;

(iv) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(v) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;

(vi) the right to lodge a complaint with a supervisory authority;

(vii) where the personal data are not collected from the data subject, any available information as to their source;

(viii) the existence of automatic decision-making and relevant information about the logic related to such processing, as well as the relevance of this processing and its possible consequences for the data subject.

(b) The right to cancel consent at any time without this affecting the lawfulness of the processing performed on the basis of the consent.

(c) The right to demand that the controller rectify without undue delay any inaccurate and erroneous personal data on the data subject and the right to have incomplete personal data completed.

(d) The right to obtain from the controller the erasure of the personal data concerning the data subject without undue delay in situations determined in the EU’s General Data Protection Regulation.

(e) The right to obtain from the controller restriction of processing in situations determined in the EU’s General Data Protection Regulation.

(f) The right to receive the personal data concerning him or her, which the data subject has provided to Sitra, in a structured, commonly used and machine-readable format and the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, if the processing is based on the consent referred to in the Regulation and the processing is carried out automatically.

(g) The right to file a complaint with the supervisory authority if the data subject considers that the processing of the personal data concerning him or her violates the EU’s General Data Protection Regulation.

Requests concerning the realization of the data subject’s rights shall be addressed to Sitra’s contact person mentioned in Section 1.

12  Making changes to the privacy policy

We reserve the right to alter this privacy policy by notifying of any changes on our website. The changes may be based on changes in legislation and other similar reasons. We recommend that you read the content of the privacy policy regularly.

Cookie declaration