Privacy notice
The Health Service Provider (HSP, henceforth also “we”) that has joined MinuDoc platform, whose Medical Worker you have chosen to provide a service for you, highly values the privacy of each client (henceforth “you”). In this privacy notice, we will explain to you what kinds of data we collect about you, why we do it and what we do with your data.
In effect as of 11.02.2018
-
Who are we?
The HSP is a provider of health and/or healthcare services to clients, who has opened an account with MinuDoc via MinuDoc platform.
-
What kind of data do we collect about you and from whom?
We collect the following data about you:
-
personal data: first and last name, personal identification code;
-
transaction data: information about the time, duration and cost of your transactions on MinuDoc platform;
-
special categories of data (information on health): at your consent, your health information, descriptions of health problems, video and audio recordings taken when providing health and/or healthcare services through Minudoc platform, health information entered into your user account on Minudoc platform
In general, we get data directly from you in the course of providing health and/or healthcare services, and when you forward us descriptions of your health problems. We also get your data from the Health information system.
-
-
Why do we need your data? What happens if you don’t submit data to us?
We need and we use your data through Minudoc platform to provide health and/or healthcare services.
Some examples:
-
personal data – we need this data to verify your identity;
-
transaction data – we use this data in relation to health and/or healthcare services that have been provided for you for accounting purposes with Minudoc OÜ;
-
special categories of data (information on health) – this is data we use only when providing health and/or healthcare services for you
If you do not submit information to us and if you do not provide the consent outlined in section 4 of this notice, it will not be possible for us to provide health and/or healthcare services for you through Minudoc platform.
-
-
What are the legal bases for us when processing your data?
When processing your data, we rely on various following legal bases:
-
the need to enter into a contractual relation with you or execute a contract we have signed with you;
-
your consent – this is our basis when processing special categories of data (health information)
Without your consent, we cannot provide health and/or healthcare services for you through the Minudoc platform. At any moment, you have the right to revoke your consent. To give and withdraw consent, please see the My consents subsection of your account; -
our need to fulfil legal obligations – for example, the obligation to store accounting documents for 7 years, which stems from the Accounting Act;
-
the need to protect your vital interests or those of any other person (for example, when disclosing your information in case of an accident to an emergency medical service worker);
-
other legal bases.
-
-
With whom do we share your data?
We do not share the data you have entrusted with us, except in a limited number of cases described below, and in case if it is necessary to fulfil the objectives described in this privacy notice:
-
Our subsidiaries and related companies: we can share your personal data with our subsidiaries and related companies, which are all located in the European Union
-
Service providers: like many other companies, we may outsource data processing services to trusted third party providers, such as IT and consultation services
-
Public authorities and government institutions: we may share data with the authorities if we are legally obligated to share said data or if the sharing of data is necessary to protect our rights;
-
Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other providers of consultation services;
-
Third persons in relation to the company’s transactions: From time to time, we may share your data with third persons during a corporate transaction, for example, the sale of the company or part of the company to another company. This may also occur during company restructuring, the establishment of a joint enterprise, a merger, or any other type of reorganisation of the company’s assets or shares.
If we share your data with the persons listed above, we will guarantee the protection of your data through a data processing contract that we will enter into with this person.
We do not store or send your personal data outside the EEA or to countries that are have not taken a decision on the adequate level of data protection in relation to Article 25 section 6 of Directive 95/46/EC or its extension regulation (EU) 2016/679 Article 45 section 1
-
-
How long do we store your data?
In general, we store your data until it is needed to fulfil the various objectives of data processing.
We store data collected in relation to the provision of healthcare services according to the Health Services Organisation Act and the 18.09.2008 regulation nr 56 of the Minister of Social Affairs “Documentation of Provision of Health Services and Conditions and Arrangements for Retention of these Documents”. For example, according to § 35 of the regulation, your anamnesis is stored at least 30 years after its closure.
For determining the storage period of other data, we use the following criteria:
-
How long do we need to store data to offer you our services?
-
If we have a legal, contractual or any other type of obligation of the kind to store your data, we will do so until that obligation applies to us.
-
-
What are your rights in relation to your data?
As a data subject, you have the following rights:
-
Right of access to the data – you have the right to know what kinds of data about you are being stored. As a general rule, you have the right to access documented evidence of any health and/or healthcare services that have been provided to you.
-
Right to rectification – you have the right to demand the correction of your personal data if they are incorrect.
-
Right to erasure (‘right to be forgotten’) – in certain cases, you have the right to demand us to erase your personal data (for example, if we do not need the data anymore, if you withdraw the consent you have given us for processing your personal data, etc.).
-
Right to restriction of processing – in certain cases, you have the right to prohibit or limit the processing of your personal data for a certain period (for example, if you have submitted an objection in relation to data processing).
-
The right to object – depending on a concrete situation, you have the right to submit objections to the processing of your personal data if the processing of your data is based on our legitimate rights or on public interest.
-
Right to data portability – you have the right to demand that information you have given us be given to you in a machine-readable format. You can also demand for your data to be transferred to another data controller, but only if it is technically feasible. The right to data portability only applies to data that we process based on your consent or to fulfil the obligations of a contract we have entered into with you.
If you have any questions about information in this privacy notice or if you want to submit a claim for the execution of your rights as a data subject, please contact us via e-mail at info@minudoc.ee.
We will do our utmost to address your claims and wishes in a timely manner and free of charge, except in cases, where it would entail a disproportionate cost. If you are not satisfied with our reply, you have the right to take your claim to the Data Protection Inspectorate.
-