I. General Terms and Conditions
1. This document (hereinafter “Data Protection Terms”) explains how Implanttihoito Hambaravi OÜ (registry code 10042778), which provides services under the trademark Implanttihoito Dental Clinic (hereinafter “Implanttihoito”), uses personal data and ensures its lawful processing, confidentiality and security.
2. Implanttihoito is responsible for fulfilling its responsibilities and for ensuring the security and fair processing of personal data by its own staff and in its own systems.
3. Implanttihoito manages personal data in accordance with the principles set out in the General Regulation on the Protection of Personal Data, the Personal Data Protection Act, the Health Care Services Organization Act, the guidelines of the Data Protection Inspectorate and these Data Protection Terms.
4. Implanttihoito obeys the following principles when processing personal data:
a. Legality, fairness, and transparency
b. Purposeful limitation principle - Implanttihoito processes personal data for precisely and clearly defined legitimate purposes. The purposes of personal data processing are described in Section III of the Data Protection Terms. (What personal data does Implanttihoito process and what is the purpose?).
c. Principle of limited data collection - Implanttihoito only collects and processes the personal data that is necessary to achieve the purpose of the processing.
d. Principle of accuracy - Implanttihoito takes appropriate measures to ensure the accuracy of the data processed, while inaccurate and redundant data shall be corrected or deleted as soon as possible.
e. Principle of data limitation - Implanttihoito retains personal data for only if it is necessary for the purposeful processing of the personal data or for the fulfillment of a legal obligation.
f. Principle of reliability and confidentiality - Implanttihoito has put in place physical, organizational, and technological security measures to ensure the lawful processing and protection of personal data.
Implanttihoito has the right to unilaterally change these Data Protection Terms and Conditions at any time by notifying about it on the website Implanttihoito.ee.
II. Definitions
5. "Personal data" means any information relating to an identified or identifiable physical person. Personal data also includes special types of personal data.
6. "Specific categories of personal data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade-union membership, genetic data, biometric identifiers used for the unique identification of a physical person, health data or data concerning a person's sexual life and sexual orientation.
7. "Genetic data" means personal data relating to genetic traits inherited or acquired by the physical person concerned, that provides unique information on the physiology and health of that natural person, and in particular the personal data obtained from the analysis of a physical biological sample.
8. "Biometric data" means personal data obtained through a specific technical processing operation concerning physical, physiological and behavioral characteristics that enable that physical person to be uniquely identified or confirm the identification of that person, such as facial image and fingerprint data.
9. "Health data" means personal data concerning the physical and mental health of a person, including data relating to the provision of health care to him or her, which provide information on his or her state of health.
10. Service - Services provided by Implanttihoito such as dental services, facial and maxillofacial surgery, orthodontics, and braces.
11. Data subject - a physical person whose personal data is processed by Implanttihoito. The data subjects are primarily Implanttihoito patients and their legal representatives, but also people who visit Implanttihoito's website Implanttihoito.ee and people who visit Implanttihoito dental clinic, Implanttihoito employees, employees' relatives, and job candidates, and Implanttihoito contract partners and their employees.
12. "Processing of personal data" means any automated or non-automated operation or set of operations on personal data or sets thereof, such as collection, documentation, organization, structuring, storage, adaptation and modification, consultation, reading, use, transmission, distribution or other making available; merging or putting together, restricting, deleting or destroying.
13. "Personal data breach" means a breach of security which results in the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data that is transmitted, stored, or otherwise processed.
14. "Responsible employee" is a person, public authority, or other body which alone or jointly with others determines the purposes and means of the processing of personal data. For the purposes of the data protection conditions, the responsible employee is primarily Implanttihoito.
15. "Authorized employee" is a person, public authority or other body which processes personal data on the behalf of the responsible processor. For the purposes of the data protection conditions, authorized processors are all Implanttihoito's contractual partners, such as accounting firms, various laboratories, website administrators, etc.
16. "Recipients" are people, public authority, agency, or any other body to whom personal data is disclosed, whether being a third party or not. Recipients of personal data within the meaning of the Data Protection Terms are primarily Authorized Processors and agencies to whom the obligation to transfer or disclose personal data arises from law.
III. Composition of personal data and bases for processing
17. To register a patient for a visit and send a reminder, Implanttihoito processes the following personal data:
a. Patient's first and last name,
b. Patient's date of birth / personal identification code;
c. Address of the patient or his legal representative;
d. Telephone number, e-mail address of the patient or legal representative,
e. Patient health data, which is provided by the patient or his / her legal representative about diagnoses made to the Patient, performed or planned operations, names and results of performed or planned tests or procedures, performed treatment, planned treatment, etc .;
f. Personal data collected by visiting the Website (see Section 21 of the Privacy Policy).
18. To submit invoices for the Service and to offer installment plan, Implanttihoito processes the following personal data of the patient or the patient's legal representative.
a. First and last name of the recipient of the invoice or installment;
b. Address, e-mail, and telephone number of the recipient of the invoice or installment,
c. A copy of the identity document of the invoice or installment recipient and the data on the identifying document, including a photograph;
d. Information on the existence or absence of patient health insurance.
19. To provide dental care, facial and maxillofacial surgery services, and orthodontic services to a patient, Implanttihoito processes the following personal data with the consent of the data subject:
a. Patient's first and last name;
b. Patient ID;
c. Patient health data provided by the Patient or his / her legal representative, that is available from the state information systems and which have been created by Implanttioito or his / her contractual partners during the provision of the Service:
d. Entries containing genetic personal data (various samples, impressions, etc.);
e. X-ray results.
20. To ensure the technical functioning of the website and to provide a better user experience, Implanttihoito collects
a. Details of the browser used by the visitor;
b. IP address;
c. Cookies.
21. To ensure the safety of the premises, employees, and the patient, and to protect property and resolve disputes peacefully, Implanttihoito shall collect the following personal data during video recording:
a. Facial image;
b. Movement;
c. Outstanding physical features;
d. Clothing;
e. Speech (lip movement);
f. Body type, etc.
22. Video recording takes place through security cameras installed in the public reception room and in the offices provided for the provision of the Service.
23. If you apply for a job at Implanttihoito, Implanttihoito will process the following personal data:
a. First and last name,
b. Contact details: phone number, e-mail
c. Education, qualification, completion of in-service training, etc.,
d. Hobbies;
e. Language skill;
f. CV and cover letter;
g. Implanttihoito may also process personal data specified in the clauses for purposes other than those specified in the referred to clauses or personal data not specified herein, personal data specified in the same or other referred clauses if such right or obligation to process personal data arises from law.
24. The transfer of personal data to Implanttihoito is necessary for Implanttihoito to provide Services, to assess the suitability for work of people who have applied for a vacancy. If the data subject does not submit personal data asked or submits it incompletely, Implanttihoito has the right to refuse the provision of the Service to the Data Subject.
25. Implanttihoito collects personal data:
a. By giving testimony (directly or by telephone) or transmitting personal data via the contact format or e-mail from the data subject or his / her legal representative;
b. From institutions and databases to which Implanttihoito staff has access (eg EHIF, health information system, etc.).
26. Implanttihoito processes personal data only if;
a. This is the consent of the Data Subject or his or her legal representative;
b. The processing of personal data is necessary for the provision of the Service by Implanttihoito;
c. The processing of personal data is necessary for the fulfillment of the contractual obligations of Implanttihoito;
d. The processing of personal data is in the public interest;
e. Implanttihoito has a legitimate interest in it;
f. Implanttihoito processes special types of personal data primarily with the consent of the Data Subject or his or her legal representative, unless the right or obligation to process special types of personal data arises from law.
27. Implanttihoito transmits or discloses personal data:
a. To recipients only if it is necessary for the provision of the Service to the Patient, for the fulfillment of the contractual obligations by Implanttihoito or if the obligation to provide or disclose arises from law.
b. A list of receiver categories is available
c. Implanttihoito does not transfer Personal Data to third countries and international organizations, unless requested by the Data Subject or the obligation to transfer arises from law. The data subject's request for the transfer of personal data to third countries or international organizations must be in written form.
28. Implanttihoito stores personal data:
a. For as short a time as possible to provide the Service or to fulfill the obligations arising from law. If the statutory retention period has expired and personal data is not required for the provision of the Service, Implanttihoito will delete them in a manner that does not allow for the recovery of personal data.
b. Implanttihoito maintains the health data of data subjects within the terms provided for in Regulation No. 45 of the Minister of Social Affairs of 18 September 2008 "Documentation of the provision of health care services and storage of these documents".
c. Invoices issued to patients and their legal representatives and personal data on them (first and last name, telephone number, address, e-mail address) shall be kept by Implanttihoito for seven (7) years from the end of the financial year when the economic transaction was described in the accounting records.
d. Employment contracts and the personal data contained therein are retained by Implanttihoito for ten (10) years after the termination of the employment relationship. The CVs of unsuccessful candidates will be retained for one (1) year from the date of the negative decision.
e. Personal data collected during video surveillance will be stored until the hard disk used to store data is full.
29. The Data Subject (or the Data Subject's representative) has the right to:
a. Get acquainted with personal data about yourself and receive printouts and copies of personal data about yourself;
b. Require information on the types of data processed and the purpose of such processing;
c. Request the correction of personal data about yourself if the data is incorrect or inaccurate;
d. Request the deletion of your personal data if the processing of personal data is no longer necessary;
e. To request a restriction on the processing of personal data concerning him or her if the Patient has submitted a request for correction or deletion of personal data or the Patient has disputed the accuracy of the personal data being processed;
f. File a complaint or request with/against Implanttihoito
g. Submit a complaint to the Data Protection Inspectorate if the Data Subject finds that the processing of his or her personal data is not lawful.
30. Conditions for fulfilling the data subject's request for information
a. Implanttihoito fulfills the Data Subject's request for information with personal data or takes the measure requested by the Data Subject immediately, but not later than within thirty (30) calendar days of receiving the request for information. If Implanttihoito finds that the request for information is not lawful, Implanttihoito shall notify the data subject immediately, but no later than within thirty (30) calendar days. If the data subject's request for information is difficult to comply with, the before mentioned period may be extended to a maximum of sixty (60) calendar days.
b. Implanttihoito fulfills the data subject's legitimate request for information free of charge. Where the Data Subject's claims are manifestly unfounded or excessive, in particular because of their repetitive nature, the controller may charge a reasonable fee or refuse to provide the requested information or take action.
c. Implanttihoito fulfills the data subject's request for information:
- At Implanttihoito on site by issuing a copy or printout of a document containing his or her personal data to the data subject.
- By sending personal data electronically to the e-mail address of the Data Subject or his / her legal representative. Implanttihoito provides electronical data only at the request of the Data Subject or his or her legal representative. Documents containing special types of personal data are forwarded to the data subject in encrypted form by Implanttihoito. Special types of personal data without encryption by e-mail will not be transmitted except in special cases at the written request of the Data Subject.
d. If the request for information has been submitted by the legal representative of the Data Subject, Implanttihoito has the right to demand proof of the right of representation.