Privacy notice
Minudoc OÜ (henceforth also “we”) highly values the privacy of each client (henceforth “you”). In this privacy notice, we will explain to you what kind of data we collect about you, why we do it and what we do with your data.
Revised on 03.05.2023
-
Who are we?
Minudoc OÜ is a company that manages and administrates Minudoc platform and mediates clients registered via Minudoc platform to registered Minudoc health and healthcare service providers and vice versa. Minudoc OÜ does not itself provide healthcare services under any circumstances.
Minudoc OÜ applies the necessary technical, physical and organisational security measures to Minudoc platform to protect the client’s personal data from loss or unlawful processing.
The cookie policy of Minudoc OÜ can be found here: https://www.minudoc.ee/cookie-policy
-
What kind of data do we collect about you and from whom?
We collect the following data about you:
-
personal data: first and last name, personal identification code;
-
contact information: e-mail address, phone number, contact address;
-
transaction data: information about the time, duration and cost of your transactions on the Minudoc platform, language preferences;
-
special categories of data (information on health): descriptions of health issues directed to the health or healthcare service provider through the Minudoc platform, including services like previsit, which mediates health tickets from patient to their family doctor office. Also, we collect the feedback given to these from the service provider, audio recordings made during the provision of health or healthcare services on the Minudoc platform.
-
optional data: such as profile photos that can be uploaded by our customers, and/or pictures or videos shared with health service providers via chat for better clinical decisions;
-
in case you are using our mental health services, you can create a mental well-being profile based on our proprietary questionnaires across 5 dimensions of your mental well-being. These questionnaires have clinical surveys incorporated, but also use feedback on other aspects of your life;
-
Minudoc platform support and quality related information: feedback on the quality of service you used on Minudoc platform, mobile device logs like phone OS, make and model, user given permissions, our mobile application version;
In general, we get the information directly from you, when you create your account in Minudoc and use the health and healthcare services that it mediates.
Also, your information is entered into the Minudoc platform by the persons providing the health and healthcare service for you, with the objective of that information being forwarded to you.
-
-
Why do we need your data? What happens if you don’t submit data to us?
We need and we use your data through Minudoc platform to mediate health and/or healthcare services to you. For example, for creating a user account, for managing it, and for connecting it through the Minudoc platform to the services offered, including for creating references between you and the service provider.
Some examples:
-
personal data – we need this data to verify your identity. In previsit services, we use that data to interface to Estonian public health databases via X-road requests with the purpose of checking your family doctor details, your public insurance status and prescription data. Your profile picture, if uploaded on Minudoc, is shown to the service provider for visual purposes.
-
contact information – we need this to get in touch with you, send you notifications about your service (for example, about a booked time with a health or healthcare service provider).
-
transaction data – we use this information for billing with the health or healthcare service provider, and for providing you information about transactions you have carried out in Minudoc.
-
special categories of data (information on health) – this is data we use only when forwarding it to the person providing the health or healthcare service for you, and vice-versa, when forwarding their feedback back to you.
-
optional data such as photos and videos – this is needed for better clinical decisions by service providers. But you can choose not to supply these and can still use our services.
-
support and quality related information – this is needed for troubleshooting any technical or service usage issues. Some of the feedback can not be shared with us, i.e. service ratings. Most of this is collected automatically on your login.
If you do not submit information to us and if you do not provide the consent outlined in section 4 of this notice, it will not be possible for us to provide health and/or healthcare services for you through the Minudoc platform as for health and healthcare related decisions our service providers need that data.
-
-
What are the legal bases for us when processing your data?
When processing your data, we rely on various following legal bases:
-
the need to enter into a contractual relation with you or execute a contract we have signed with you;
-
your consent – this is our basis when processing special categories of data (health information).
Without your consent, we cannot provide health and/or healthcare services for you through the Minudoc platform. At any moment, you have the right to revoke your consent. To give and withdraw consent, please see the My consents subsection of your account; -
our need to fulfil legal obligations – for example, the obligation to store accounting documents for 7 years, which stems from the Accounting Act;
-
the need to exercise our legitimate interests, for example, company management and carrying out general business activities, detection of violations of law and fraud;
-
the need to protect your vital interests or those of any other person (for example, when disclosing your information in case of an accident to an emergency medical service worker);
-
other legal bases.
-
-
With whom do we share your data?
We do not share the data you have entrusted with us, except in a limited number of cases described below, and in case if it is necessary to fulfil the objectives described in this privacy notice:
-
Service providers: like many other companies, we may outsource data processing services to trusted third party providers, such as IT and consultation services;
-
Public authorities and government institutions: we may share data with the authorities if we are legally obligated to share said data or if the sharing of data is necessary to protect our rights;
-
Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other providers of consultation services in very limited cases, such as for instance legal due diligence process;
-
Third persons in relation to the company’s transactions: From time to time, we may share your data with third persons during a corporate transaction, for example, the sale of the company or part of the company to another company. This may also occur during company restructuring, the establishment of a joint enterprise, a merger, or any other type of reorganisation of the company’s assets or shares.
If we share your data with the persons listed above, we will guarantee the protection of your data through a data processing contract that we will enter into with this person.
We do not store or send your personal data outside the EEA or to countries that are have not taken a decision on the adequate level of data protection in relation to Article 25 section 6 of Directive 95/46/EC or its extension regulation (EU) 2016/679 Article 45 section 1
-
-
How long do we store your data?
In general, we store your data until it is needed to fulfil the various objectives of data processing.
We store your special categories of data (information on health) for 7 days starting from their entry into the platform by you or by your chosen health or healthcare service provider.
For determining the storage period of other data, we use the following criteria:
-
How long do we need to store data to offer you our services?
-
If you have created an account with us, we store your data for the entire time that your account is active or until the data are needed for providing services for you.
-
If we have a legal, contractual or any other type of obligation of the kind to store your data, we will do so until that obligation applies to us. Examples of such obligations are laws that set requirements for data storage, the regulations and decisions of the government, according to which data necessary for proceedings have to be maintained, or data that are needed for settling court disputes.
-
-
Deleting account
You can delete your account anytime. For that you will need to navigate to Profile tab via web or mobile app and hit Delete account. That will erase your account on Minudoc and will anonymize your personal data, which can not be deleted (i.e in service provider's bookings history).
-
What are your rights in relation to your data?
As a data subject, you have the following rights:
-
Right of access to the data – you have the right to know what kinds of data about you are being stored. You can access your data through the account you created on the Minudoc platform through the subsection My data.
-
Right to rectification – you have the right to demand the correction of your personal data if they are incorrect. If needed, you can change the data you have submitted to us (except your identification code) yourself in the Minudoc platform through the subsection My data.
-
Right to erasure (‘right to be forgotten’) – you have the right to demand us to erase your personal data (for example, if we do not need the data anymore, if you withdraw the consent you have given us for processing your personal data, etc.).
-
Right to restriction of processing – in certain cases, you have the right to prohibit or limit the processing of your personal data for a certain period (for example, if you have submitted an objection in relation to data processing).
-
The right to object – depending on a concrete situation, you have the right to submit objections to the processing of your personal data if the processing of your data is based on our legitimate rights or on public interest. Data processing for the purpose of direct marketing can be objected at any time.
-
Right to data portability – you have the right to demand that information you have given us be given to you in a machine-readable format. You can also demand for your data to be transferred to another data controller, but only if it is technically feasible. The right to data portability only applies to data that we process based on your consent or to fulfil the obligations of a contract we have entered into with you.
-
Automatic individual decision-making (including profiling) – if we have notified you that we are carrying out automated individual decision-making (including profiling), which will entail legal consequences for you or will impact you in a significant way, you have the right to demand that decisions are not made based on automated processing alone.
If you have any questions about information in this privacy notice or if you want to submit a claim for the execution of your rights as a data subject, please contact us via e-mail at info@minudoc.ee.
We will do our utmost to address your claims and wishes in a timely manner and free of charge, except in cases, where it would entail a disproportionate cost. If you are not satisfied with our reply, you have the right to take your claim to the Data Protection Inspectorate
-