Terms and Conditions for the Processing of Personal Data by AS Fertilitas

Published 17.08.2021

INTRODUCTION

AS Fertilitas (registry code 16260520, address Kaluri tee 5a, Haabneeme, Viimsi, 74001 Harjumaa, hereinafter referred to as “Fertilitas” or “we”) is one of the leading private medical centres and private hospitals in Estonia. At Fertilitas, we provide various healthcare services under the Health Services Organisation Act, issue medical certificates, including occupational health certificates under the Occupational Health and Safety Act, and provide other services in accordance with applicable law. A list of our services can be found on our website at fertilitas.ee. Fertilitas processes personal data in connection with the provision of its services.

This document describes how Fertilitas processes your personal data when you contact us for a service. Please read these terms and conditions carefully, and if you have any questions about how we process your personal data or if you wish to make any requests to exercise your rights in relation to the processing of your personal data, please contact us using the contact details in the contact section below.

Fertilitas may amend these terms and conditions for the processing of personal data from time to time. The current terms and conditions can be found on our website.

1. DEFINITIONS

“GDPR”

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation.

“Personal data”

Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a personal identification code, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of personal data include your name, personal identification code, e-mail address, and health data.

“Applicable law”

All applicable European Union legislation and all applicable legislation of the Republic of Estonia, including, but not limited to, the Personal Data Protection Act or any other national implementing acts of the GDPR and legislation governing the provision of healthcare services.

“Patient”, “client”, or “data subject”

A natural person who seeks or has sought a service from Fertilitas.

“Fertilitas”

AS Fertilitas (registry code 16260520, address Kaluri tee 5a, Haabneeme, Viimsi, 74001).

“Processing”

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Data controller”

A natural or legal person, an agency, a public authority, or any other body that, alone or when joined with others, determines the purposes of any personal data and the means of processing it. For the purposes of these terms and conditions for the processing of personal data, the data controller of the client’s personal data is AS Fertilitas.

“Data processor”

A natural or legal person, an agency, a public authority, or any other body that processes personal data on behalf of a controller.

2. GENERAL PROVISIONS

2.1. The terms and conditions for the processing of personal data apply when you contact Fertilitas for a service.
2.2. The terms and conditions for the processing of personal data describe the general principles of the processing of personal data by Fertilitas.
2.3. Fertilitas will ensure that the processing of patients’ personal data is in accordance with applicable law. The most important legal acts that Fertilitas follows when processing the personal data of its clients are the Health Services Organisation Act, the Health Insurance Act, the Medicinal Products Act, the Occupational Health and Safety Act, the Personal Data Protection Act and the GDPR.

3. WHEN AND FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

3.1. Fertilitas processes patients’ personal data only for specified purposes on the basis of applicable law.

3.2. If you contact Fertilitas for a healthcare service, we will process your personal data for the purpose of providing you with a specific healthcare service and/or preparing for the provision of that service. In such cases, we will process your personal data on the basis of the Health Services Organisation Act and on the basis of the contract we have with you for the purpose of providing the healthcare service you have requested. For the purposes of providing you with the healthcare service, we will process data that identifies you, such as your name and personal identification code, and data necessary for the provision of the service to you, including your health data. The type of health data we process in a particular case depends on the healthcare service provided. Please note that if you have cancelled your appointment the day before or on the day of your visit, Fertilitas may have already processed your personal data in order to adequately prepare for your visit. When providing you with healthcare services, we may also process your contact details and bank account details for the purposes of billing you for the healthcare services provided to you and for the purposes of providing you with organisational information before and after your visit (for example, we may send you a reminder about your upcoming visit). Fertilitas will not disclose your personal and health data to third parties, except to the extent permitted by applicable law.

3.3. If you contact Fertilitas for a healthcare service and you are referred to us by another person in connection with occupational health or in connection with obtaining a medical certificate, we will process your personal data for the purpose of providing you with the healthcare service and/or preparing for the provision of that service on the basis of a contract with another person, the Health Services Organisation Act, and the Occupational Health and Safety Act. For the purposes of providing you with the healthcare service, we will process data that identifies you, such as your name and personal identification code, and data necessary for the provision of the service to you, including your health data. Please note that if you have cancelled your appointment the day before or on the day of your visit, Fertilitas may have already processed your personal data in order to adequately prepare for your visit. When providing you with healthcare services, we may also process your contact details for the purposes of providing you with organisational information before and after your visit (for example, we may send you a reminder about your upcoming visit). Fertilitas will not disclose your personal and health data to third parties, except to the extent permitted by applicable law. For example, we may disclose to your employer or another person the decision of your medical examination under the Occupational Health and Safety Act, but not your additional health data or the results of any tests or analyses performed.

3.4. If you contact Fertilitas for a service other than health care, such as nutritional counselling, rehabilitation, or other services, we will process your personal data for the purpose of providing the service you have requested. For the purpose of providing you with the service, we will process data that identifies you, such as your name and personal identification code, and data necessary for the provision of the service to you, including your health data, where the processing of health data is necessary for the provision of the service. We may also process your contact details and bank account details for the purposes of billing you for the service provided to you and for the purposes of providing you with organisational information before and after your visit (for example, we may send you a reminder about your upcoming visit). Fertilitas will not disclose your personal and health data to third parties, except to the extent permitted by applicable law.

3.5. If you contact Fertilitas for digital health services and use the services offered through the digital platform, we will process your personal data for the purpose of providing the service you have requested through the digital platform. When you log in to the digital platform, we will process data that identifies you, such as your name, personal identification code and e-mail address. When you use digital health services, we will process your health data on the basis of the type of service you have requested in each individual case and the data you disclose through the digital platform. We may also process your contact details and bank account details for the purposes of billing you for the service provided to you. When you use digital health services, personal data from other Fertilitas’ environments will not be automatically uploaded to the digital health service environment and only the personal data that is necessary for the provision of the services requested through the digital platform will be processed. When a healthcare service is provided or a prescription is renewed through the digital platform, Fertilitas is required by applicable law to transfer the data related to the provision of the service to the Health Portal or the prescription centre (see section 4 for more details).

3.6. Fertilitas has the right to ask for your feedback on the services provided in order to analyse and evaluate patient satisfaction. If the patient is a minor, feedback will be requested from his/her parent or guardian.

3.7. If you have given us your explicit consent to process your personal data, the legal basis for the processing of your personal data is your consent. In this case, we will process your personal data for the purposes and to the extent specified in the consent. Please note that once you have given us your consent to process your personal data, you have the right to withdraw your consent at any time.

3.8. On a regular basis (but not more often than once every quarter), Fertilitas will use the contact information you provide to us to share healthcare news and best practices and know-how. The person or the person’s representative has the right to opt-out of receiving informative communications by e-mail or by informing their contact at Fertilitas, as described in the instructions.

4. TRANSFER OF PERSONAL DATA AND USE OF DATA PROCESSORS

4.1. Fertilitas will not transfer your personal data to third parties, except where it has a legal right to do so under applicable law.

4.2. Fertilitas uses data processors for the processing of personal data under applicable law. In limited cases, Fertilitas’ data processors may process patients’ personal data. Fertilitas will only use as data processors those partners who have undertaken to process personal data in accordance with these principles for processing personal data and applicable law. Fertilitas does not have a limited number of data processors as referred to in this chapter, and Fertilitas may also use persons not referred to in this chapter as data processors. In particular, Fertilitas uses IT partners (web hosting providers, IT support service providers, communication service providers, other IT service providers), marketing partners, payment service providers and other service providers or cooperation partners as data processors.

4.3. When providing you with healthcare services, Fertilitas will transfer your health data to the Health Portal at www.terviseportaal.ee, whose data controller is the Health and Welfare Information Systems Centre (TEHIK) (registry code 70009770, address Uus-Tatari 25, 10134 Tallinn). If you have any questions regarding the Health Portal, you can contact the helpdesk of the Health and Welfare Information Systems Centre at +372 794 3943 or by e-mail at abi@tehik.ee.

4.4. When providing you with healthcare services, Fertilitas may transmit and/or receive your health data as necessary under applicable law through the prescription centre, whose data controller is the Health and Welfare Information Systems Centre (TEHIK) (registry code 70009770, address Uus-Tatari 25, 10134 Tallinn). If you have any questions regarding the prescription centre, you can contact the helpdesk of the Health and Welfare Information Systems Centre at +372 794 3943 or by e-mail at abi@tehik.ee.

4.5. When providing you with healthcare services, Fertilitas may transmit and/or receive your health data as necessary under applicable law through the picture archiving and communication system (PACS), whose data controller is Sihtasutus Eesti Tervishoiu Pildipank (Estonian PACS Foundation) (registry code 90007945, address Puusepa 8, 51014 Tartu, Estonia). If you have any questions regarding the PACS, you can contact the helpdesk of Sihtasutus Eesti Tervishoiu Pildipank at +372 5331 8888 or by e-mail at abi@pildipank.ee.

4.6. When providing you with healthcare services in connection with the issuance of a medical certificate for motor vehicle drivers, we may transfer your health data (medical certificate) to the digital environment of the Estonian Transport Administration, whose data controller is the Estonian Transport Administration (registry code 70001490, address Valge 4, 11413 Tallinn). If you have any questions regarding the processing of your data by the Estonian Transport Administration, please contact the Estonian Transport Administration at +372 620 1200 or by e-mail at info@transpordiamet.ee.

4.7. When providing you with healthcare services, we may transfer your health data to the Estonian Health Insurance Fund (Health Insurance Fund, registry code 74000091, address Lastekodu 48, 10144 Tallinn) if your medical expenses are reimbursed in part or in full by the Estonian Health Insurance Fund. If you have any questions regarding the Estonian Health Insurance Fund, you can contact the Estonian Health Insurance Fund at +372 669 6630 or by e-mail at info@tervisekassa.ee.

4.8. In certain cases, Fertilitas is obliged under applicable law to transfer personal data to courts or law enforcement authorities on the basis of an order issued by the relevant body under applicable law or, for example, where the transfer of personal data is mandatory under the Insurance Activities Act in connection with an inquiry made by an insurer. In all such cases, Fertilitas will transfer personal data only if required to do so by applicable law and in compliance with all applicable principles for the processing of personal data, including the principle of data minimisation.

5. RETENTION OF PERSONAL DATA

5.1. Fertilitas will not retain personal data for longer than is necessary for the purpose for which the personal data is processed or required by applicable law.

5.2. Pursuant to the Health Services Organisation Act and the Regulation of the Minister of Social Affairs on the Conditions and Procedure for the Documentation of Provision of Healthcare Services and the Retention of these Documents, Fertilitas will, as a rule, retain the data certifying the provision of outpatient and inpatient healthcare services for 30 years from the date of confirmation of the service provided to the patient. The logs of Fertilitas as a healthcare provider will be kept for 5 years.

5.3. Pursuant to subsection 13¹ (11) of the Occupational Health and Safety Act, Fertilitas will retain medical records and the results of medical examinations for 30 years as of the relevant medical examination.

5.4. Pursuant to the Accounting Act, Fertilitas will retain accounting records for seven years.

5.5. Data collected for the purpose of entering into a contract with you, for which a longer retention period is not provided for by applicable law, will generally be retained for as long as they are required for the performance of the contract during the term of the contract or for up to 5 years after the termination of the contract.

5.6. Feedback collected for the purpose of assessing patient satisfaction will be retained for 5 years from the date of receipt of the feedback.

5.7. When storing personal data, Fertilitas will store the personal data securely and, where possible, will give preference to national information systems (e.g. the Health Portal) as the storage location; however, Fertilitas may also store personal data on its own systems.

5.8. If you would like to receive more detailed information about the retention periods for your personal data, please contact us using the contact details in the contact section below.

6. COOKIES

6.1. Fertilitas’ website uses cookies. Cookies are small text files that contain information stored on your device and are used to track or identify you. This section explains our policy on the use of cookies.

6.2. You have the right to disable the use of cookies at any time by changing your browser settings. However, if you do so, you should be aware that not all functions of the website may work correctly.

6.3. You can disable cookies by following the instructions of the “help” function of your web browser. For more information on how cookies work or how to disable cookies, you can also visit www.allaboutcookies.org.

7. RIGHTS OF THE DATA SUBJECT

7.1. As a data subject, you have all the rights under applicable law as regards the processing of your personal data.

7.2. You have the following rights regarding the processing of your personal data:

7.2.1. Right of access. You have the right to ask at any time whether and which of your personal data is being processed by Fertilitas.

7.2.2. Right to rectify your personal data. You have the right to request Fertilitas to specify or correct your personal data if it is insufficient, incomplete or incorrect.

7.2.3. Right to object. You have the right to object to the processing of your personal data, for instance, where the use of your personal data is based on a legitimate interest.

7.2.4. Right to erasure of your personal data. You have the right to request the erasure of your personal data, for instance, where the personal data are being processed with your consent and you have withdrawn your consent.

7.2.5. Right to restriction of processing. You have the right to request Fertilitas to restrict the processing of your personal data on the basis of applicable law, for instance, where Fertilitas no longer needs your personal data for the purposes of the processing or you have objected to the processing of your personal data.

7.2.6. Right to withdraw your consent to the processing of your personal data. If the processing of personal data is based on your consent, you have the right to withdraw your consent to Fertilitas at any time.

7.2.7. Right to data portability. You have the right to receive the personal data that you have provided to Fertilitas and that is processed on the basis of your consent or for the performance of a contract entered into with you, in writing or in a generally used electronic format and, where technically possible, demand that the data be forwarded to a third-party service provider.

7.2.8. Right to lodge a complaint. If you believe that your rights have been violated during the processing of your personal data, you have the right to lodge a claim or complaint with the Data Protection Inspectorate or a court

7.3. Your rights listed in this section regarding the processing of personal data are not absolute rights. In certain cases, the rights of other data subjects or the legal obligations of Fertilitas may limit the rights of the data subject.

7.4. In order to exercise the rights pertaining to the processing of personal data or to submit requests concerning the processing of personal data, please contact us using the contact details in the contact section below.

8. SECURITY OF PERSONAL DATA

8.1. Fertilitas undertakes to ensure the security of the processing of personal data in order to protect personal data against accidental or unauthorised processing, disclosure or destruction.

8.2. Taking into account the latest developments in science and technology and the costs of their implementation, the nature, scope, context and purposes of the processing of personal data, as well as the varying likelihood and magnitude of the threats to the rights and freedoms of natural persons arising from the processing, Fertilitas will implement appropriate technical and organisational measures to ensure the security of personal data.

9. CONTACT

9.1. For any questions or requests regarding the processing of personal data, please contact Fertilitas or the data protection specialist at Fertilitas by phone, e-mail or post.

Fertilitas:

Business name: AS Fertilitas

Address: Kaluri tee 5a, Haabneeme, Viimsi, 74001 Harjumaa

Phone: +372 650 9603 E-mail: fertilitas@fertilitas.ee

Data protection specialist at Fertilitas: Diana Sillamaa, phone: +372 5551 2272, e-mail: d.sillamaa@fertilitas.ee

Complaints concerning the processing of personal data can be addressed to the Estonian Data Protection Inspectorate at info@aki.ee or by calling +372 627 4135.