Mo-Fr 8.00 am - 12.00 am and 1.00 pm - 5.00 pm
0
et en ru

Privacy policy

Valid from: 11.05.2020

 

  1. Personal data processing notice
    1. 1. This personal data processing notice is addressed to:
  • our individual clients and partners;
    1. 2. OÜ LOOTE ULTRAHELISKRIINING, registry code 11665665, (hereinafter referred to as we) process personal data only in accordance with the applicable personal data protection law and this notice. This notice contains information on how we collect and process your personal data, and your rights regarding your personal data.
    2. 3. While providing services to you, the controller of your personal data is:

 

OÜ LOOTE ULTRAHELISKRIINING (registry code 11665665)

A. H. Tammsaare tee 47

11316 Tallinn

Estonia

 

Please read this notice carefully. If you have any questions about this notice or about your rights, you can contact us at: info@ultraheli.ee.

 

  1. Collecting and processing personal data
    1. 1. We collect and process your personal data, which we have received:
  • from you;
  • from digital channels that we manage and which you have used (including e-mail, websites, e-shop).
    1. 2. We collect and process personal data as little as possible for the purpose of fulfilling the objectives listed in section 3.

 

  1. Objectives and legal bases for processing personal data
    1. 1. We always process your personal data for a specific purpose and process only such personal data that is directly related to that purpose.
    2. 2. We process the personal data of our individual clients and partners for the following purposes:
  • to provide you with specific healthcare services;
  • to provide you with other services (e.g., to take a color image of the fetus);
  • to manage the contractual relationship between you and us (including for the purpose of invoicing healthcare services) and to organize the provision of healthcare or other services (e.g., to send you a reminder of the time of the reception);
  • to check and improve the quality of the healthcare or other services we provide and to enhance your patient experience;
  • to comply with legal requirements.
    1. 3. We process the personal data of the representatives and contact persons of our clients and partners who are legal entities for the following purposes:
  • to perform the contract concluded with our clients and partners who are legal entities;
  • to comply with legal requirements.
    1. 4. We always have a legal basis for processing your personal data. The legal basis for the processing of your personal data for the above purposes is either the contract between us and you (GDPR Art. 6(1)b), our legal obligation (GDPR Art. 6(1)c), our legitimate interest (GDPR Art. 6(1)f) or your consent (GDPR Art. 6(1)a). If you have given us consent to the processing of your personal data, you have the right to withdraw your consent at any time.

 

  1. Types of personal data
    1. 1. We process the following personal data for the purposes listed in section 3:
  • general identification data (including name, personal identification number, and contact details);
  • health-related data necessary for the provision of healthcare services. The exact type of health-related data depends on the healthcare service provided to you;
  • data on healthcare services provided to you by us;
  • data on other services provided to you by us;
  • your bank account information.

 

  1. Transfer of personal data
    1. 1. In connection with our activities, we may transfer your personal data to third parties for the purposes listed in section 3, if permitted by applicable law. We transfer your personal data (including health-related data) in the following cases and ways:
  • to the e-Health Patient Portal information system, located at https://www.digilugu.ee/ and controlled by the Ministry of Social Affairs (registry code 70001952, address Suur-Ameerika 1, 10122 Tallinn ) and the authorized processor is the Health and Welfare Information Systems Centre (registry code 70009770, address Uus-Tatari tn 25, 10134 Tallinn). In case you have questions regarding the Patient Portal, you can contact the customer support of the Health and Welfare Information Systems Centre by phone +372 794 3943 or e-mail at abi@tehik.ee;
  • to the Estonian Medical Prescription Center, controlled by the Estonian Health Insurance Fund (registry code 74000091, address Lastekodu 48, 10144 Tallinn), if this is necessary for providing healthcare services to you. If you have any questions regarding the Estonian Medical Prescription Center, you can contact the data protection expert of the Estonian Health Insurance Fund via mail at Lastekodu 48, 10144 Tallinn or e-mail at andmekaitse@haigekassa.ee;
  • to our partners whose services help us improve the organization of our activity (e.g., IT service providers) or enhance our healthcare and other services and check their quality. In such cases, we ensure that all persons to whom we transfer your personal data as an authorized processor shall strictly process personal data in accordance with our instructions, only to the extent limited by the legal basis for processing personal data, purposefully, to the minimum extent necessary and otherwise in accordance with applicable data protection law;
  • to public bodies, if transferring personal data is necessary for fulfilling legal obligations or to prevent or investigate potential offenses;
  • other third parties, if it is necessary to protect our property and rights or to protect ourselves against legal claims.
    1. 2. Your personal data will not be transferred outside the European Economic Area.

 

  1. Security of personal data

We shall take appropriate technical and organizational measures to protect your personal data, taking into account in particular the risks arising from the processing of personal data, primarily the accidental or unlawful destruction, loss, alteration and unauthorized disclosure of or access to personal data transferred, retained or otherwise processed.

 

  1. Retention of personal data
    1. 1. We process your personal data while providing healthcare or other services to you, then retain your personal data either digitally or on paper, as long as necessary for the purposes for which we collected them, including for fulfilling any applicable legal obligation that we are subject to. Inter alia, on the basis of Health Services Organisation Act and the regulation of the Minister of Social Affairs “Conditions and Procedures for Documenting the Provision of Health Care Services,” we retain:
  • data certifying the provision of outpatient and inpatient health care service for 30 years from the confirmation of the data regarding the service provided to the patient;
  • logs of our information system for 5 years.
    1. 2. Personal data related to the provision of healthcare and other services may be part of our accounting and business documentation and shall be retained for 7 years from the end of the year in which they were recorded.
    2. 3. Generally, we retain the collected personal data, if there is no longer retention period stated in the applicable law, as long as necessary in connection with the provision of health care services or for up to 3 years after the provision of the service.
    3. 4. We retain your personal data for more than 10 years only in case there is a relevant legal basis or if there is a legitimate interest (for example, in case of making or fulfilling a claim).
    4. 5. At the end of the retention period, we shall delete personal data or make it anonymous.

 

  1. Your rights
    1. 1. In accordance with the GDPR and applicable law, you have the following rights regarding your personal data:
  • the right to request access to your personal data;
  • the right to receive a copy of your personal data in a structured, commonly used machine-readable format;
  • the right to request the updating or correction of your personal data. Please note that we may need to verify the accuracy of the information you provide;
  • the right to request the deletion of your personal data. Please note that for legal reasons, we may not always be obliged to comply with your request (for example, if personal data is necessary to make, file or defend a claim), of which we shall inform you in our response to your claim;
  • the right to request the suspension or restriction of the processing of your personal data;
  • the right to request the transfer of personal data;
  • the right to object to the processing of your personal data;
  • if the processing is based on your consent, the right to withdraw your consent to the processing of your personal data at any time.
    1. 2. You may exercise your rights in accordance with the requirements of the General Data Protection Regulation and applicable law. Depending on the applicable law, these rights may be limited depending on the specific circumstances and the processing operations. For exercising your rights, please contact us by e-mail at info@ultraheli.ee.
    2. 3. When exchanging information about your rights regarding the processing of your personal data, we may need to ask you for certain information or documents in order to identify you. This is necessary to ensure that personal data is not disclosed to anyone else besides you or to someone who is not entitled to receive your personal data.
    3. 4. If you believe that your data protection rights have been violated, you have the right to file a complaint with the Data Protection Inspectorate.

 

Data Protection Inspectorate

Tatari 39, 10134

Tallinn, Estonia

E-mail: info@aki.ee

Phone: +372 627 4135

 

  1. Amendments to this notice

This personal data processing notice may be updated as necessary. Amendments to this notice shall become effective when posted on this website.