fbpx

Privacy Policy

THE HEALTH CLINIC OÜ

PRIVACY POLICY

Last update: 12 October 2023

 

The Health Clinic OÜ protects the personal data of its clients, or in other words data subjects, as specified in this Privacy Policy. The Privacy Policy governs the terms and conditions of the Health Clinic OÜ’s processing of personal data, which are collected when providing healthcare services to our clients and when data subjects use our websites thehealthclinic.eu and weightlossclinic.eu.

The Health Clinic OÜ processes personal data in accordance with applicable Estonian and European Union legislation. The Privacy Policy is primarily based on the European Union’s General Data Protection Regulation (GDPR), one of the objectives of which is to protect the fundamental rights and freedoms of natural persons with regard to the processing of personal data in accordance with the public interest.

 

CONTROLLER

The controller of the personal data of data subjects is the Health Clinic OÜ, Tartu mnt 13, Tallinn 10145, Estonia, registry code 11837333, telephone +372 600 0925, e-mail clinic@thehealthclinic.eu (hereinafter referred to as the Health Clinic OÜ or we). The Health Clinic OÜ’s Data Protection Specialist is Anni Laas, e-mail anni.laas@thehealthclinic.eu.

Please note that in certain cases, we may involve third party healthcare providers in the provision of healthcare services with the consent of the data subject. In such cases, the third party healthcare provider may be: (i) the independent controller of the personal data; or (ii) a joint controller if they determine the purposes and means of the personal data processing together with the Health Clinic OÜ. Please note that in such cases, the processing of the data subject’s personal data may be further governed by separate privacy policies in addition to the Privacy Policy.

 

WHAT PERSONAL DATA ARE PROCESSED?

The Health Clinic OÜ processes the following personal data of data subjects:

  1. first and last name;
  2. address, telephone and e-mail;
  3. personal identification code and/or date of birth;
  4. height and weight (both current weight and previous highest weight);
  5. health data which are necessary for the provision of a healthcare service to the data subject, the exact nature of which depends on the specific service required;
  6. data relating to the provision of a healthcare service (content of the service and time of provision, other data relating to the provision of the service, except health data listed in clause 5).

The Health Clinic OÜ may further process other personal data that the data subject voluntarily provides to us, for example, in the course of providing a service or in other communications with us.

 

PURPOSE AND LEGAL BASIS OF PERSONAL DATA PROCESSING

Personal data are processed for the following purposes and on the following legal bases:

  1. Fulfilling the obligations arising from a healthcare service contract and/or taking the necessary steps to enter into a contract. In this case, the legal basis for processing the personal data is the performance of the contract with the data subject or taking necessary measures to enter into a contract in accordance with the data subject’s request.
  2. Ensuring the quality of healthcare services, including ensuring the continued quality of our healthcare services by implementing a quality management system designed to reduce risks. In this case, the legal basis for the processing of personal data derives from the Health Services Organisation Act.
  3. Transferring personal data to a third party healthcare provider for the provision of healthcare services. In this case, the legal basis for the processing of personal data is the explicit consent of the data subject. The data subject may withdraw their consent at any time in accordance with the provisions of this Privacy Policy.
  4. Performing analytics and customer satisfaction surveys to improve the quality of our services and develop new services. In this case, the legal basis for the processing of personal data is our legitimate interest in fulfilling the aforementioned purposes. We do not process your health data for these purposes.
  5. Complying with legal requirements, such as healthcare legislation, the Accounting Act and tax legislation. In this case, the legal basis for the processing of personal data is the fulfilment of our legal obligations.
  6. Responding to client enquiries, requests and other communications. Depending on the nature of the interaction, the legal basis for the processing of personal data in such cases may be either the performance of a contract or our legitimate interest in providing seamless customer service.
  7. Managing business and contractual relationships, including managing our business partner and client databases and negotiating contractual relationships. In this case, the legal basis for the processing of personal data is our legitimate interest in fulfilling the aforementioned purposes.
  8. Direct marketing by sending promotional and informational material regarding our services and other offers. In this case, the legal basis for the processing of personal data is the explicit consent of the data subject. The data subject may withdraw their consent at any time in order to stop receiving these marketing materials.
  9. Where we need to do so, we may process personal data in order to pursue our legitimate interest in filing, processing or defending legal claims arising out of a contract between you and us.

 

RIGHTS OF DATA SUBJECT

A data subject has the right to:

  • upon request, access the personal data we process about them. To the extent permitted by legislation, the data subject also has the right to correct, update or amend the personal data;
  • delete personal data unless we have any other legal basis for retaining the data subject’s personal data;
  • object to the processing of certain personal data and request the restriction of the processing of personal data, in accordance with legislation;
  • data portability, i.e. the right to receive personal data in an organised form in a commonly used machine-readable format and to transmit them to another controller at their discretion, subject to legislation;
  • withdraw consent to the processing of personal data where the processing is based on the data subject’s consent. Please note that the withdrawal of consent does not affect the lawfulness of the processing of personal data that occurred based on the consent prior to the withdrawal;
  • to the extent permitted by legislation, request access to the relevant decision made on a legitimate interest where the processing of personal data is based on a legitimate interest of the Health Clinic OÜ.

In order to exercise the above rights, please contact our Data Protection Specialist at anni.laas@thehealthclinic.eu. If you believe that we aren’t processing your personal data correctly, you have the right to lodge a complaint about the processing of your personal data with the Data Protection Inspectorate or to take legal action.

 

DATA RETENTION

The Health Clinic OÜ will retain your personal data only for as long as necessary to achieve the purposes described in the Privacy Policy or as required by applicable legislation. For example, we will retain accounting records (copies of contracts and invoices) for seven years after the end of the relevant financial year, as required by applicable legislation. We may retain personal data relating to a contract for up to 10 years from the expiry of the contract, subject to the maximum limitation period in case of intentional breach.

If the retention of your personal data is no longer required by legislation or necessary to achieve the purpose for which it was collected, we will permanently delete your personal data or render it anonymous, unless you have instructed us otherwise and we have entered into an agreement to retain it for a longer period.

 

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

The Health Clinic OÜ makes every effort to protect the personal data of data subjects by requiring strict security and confidentiality from its employees and partners. The Health Clinic OÜ may transfer data subjects’ personal data to third parties in the following cases and ways:

  • to trusted service providers who provide services to us or you in accordance with our instructions, such as suppliers of the IT systems we use to manage our client interactions, providers of payment processing services, and laboratories, hospitals or other third party healthcare providers in connection with the provision of healthcare services;
  • to public authorities if the transfer of personal data is necessary for the fulfilment of our legal obligations or for the prevention or investigation of possible criminal offences; and
  • to other third parties if it is necessary to protect our property or rights or defend against legal claims.

The Health Clinic OÜ does not transfer personal data outside the European Economic Area.

 

USE OF COOKIES

The Health Clinic OÜ uses cookies on the websites it manages in order to improve user experience and make the use as smooth as possible. A cookie is a small text file that a web browser stores on the user’s device. We use the following cookies on our websites:

  • functional cookies, which are essential for the operation and navigation of websites;
  • analytical cookies, which collect information about how visitors use our websites, for example, to improve your user experience and develop our websites. Analytical cookies are only stored on your device with your consent;
  • advertising cookies, which collect information about your online browsing habits in order to assess the effectiveness of ads to help us choose ads relevant for you and your interests. Advertising cookies are only stored on your device with your consent; and
  • third party cookies that allow us, among other things, to exchange information about your use of our websites with, for example, communication channels and social networks. The corresponding cookies will only be stored on your device with your consent.

The length of time cookies are stored on your device depends on whether they are persistent or temporary (or ‘session’ cookies). Persistent cookies will remain on your device until they expire or are manually deleted. Session cookies are deleted from your device the moment you leave our websites.

If you do not agree to the use of cookies, you may block storing of cookies on your device by changing your browser settings. Because certain cookies are essential to the operation of the webpages we manage, restricting the use of cookies may affect the functionality of those webpages.

 

SECURITY

The Health Clinic implements various organisational and IT security measures to protect the personal data and store the data in electronic form. For example, we only give access to your personal data to authorised employees and contractors who need it to perform their duties. We also take additional measures to ensure the security of your health data, for example by storing it separately from other personal data. Please note, however, that while we strive to take reasonable measures to protect the security of your personal data, no system can completely eliminate all possible security risks.

 

PRIVACY POLICY UPDATES

The Health Clinic OÜ may update the Privacy Policy from time to time. If we update the Privacy Policy, we will notify you through the websites we manage. In the event of any material changes, we will also notify you by e-mail that you have used to contact us and/or that you have provided to us as part of entering into a contractual relationship. The Privacy Policy was last updated on the ‘Last update’ date above.