AS Fertilitas processes personal data in accordance with the Personal Data Protection Act of the Republic of Estonia and the General Data Protection Regulation of the European Union.
1. Patients’ and clients’ personal data shall be processed on the basis of the Health Services Organisation Act, the Health Insurance Act and the Medicinal Products Act. The personal data of job applicants and employees shall be processed in accordance with the Employment Contracts Act. Personal medical data includes personal data of various categories.
2. We collect personal data for specified purposes, primarily the provision of health services to our patients and clients, and such data shall not be used for any other purposes. If we should wish to process your personal data further for other purposes than that for which they were originally collected, we shall send you an appropriate notice listing the purposes of the further processing of your data, and shall not process your data for any other purposes before we have received consent from you.
3. We shall only collect such personal data which are strictly necessary for the provision of health services to our patients and clients. The purpose of collecting personal data from job applicants and employees is the recruitment and employment of necessary employees at AS Fertilitas.
4. In order to identify and correct inaccurate personal data, from time to time, we may ask our patients, clients and employees to confirm the accuracy of the collected personal data.
5. Periods of retention of personal data
- Patients’ and clients’ medical records, pregnancy records and dental records shall be retained for 110 years from the date of birth of the patient or customer.
- Students’ medical records and echocardiography reports along with all images shall be retained for 5 years.
- Referrals, nursing records, analysis results, etc. related to medical histories shall be retained for 30 years after the end of the medical history.
- The CVs of job applicants who are not hired shall be retained for one year from the time of rejection (basis: Equal Treatment Act)
- and personal data shall be retained until the end of the competition.
- Employees’ employment contracts shall be retained for 10 years after the expiry of the employment contract.
- Received correspondence and accounting documents shall be retained for 7 years.
6. All personal data shall be processed securely, protected from unauthorised and unlawful processing, accidental loss, destruction and damage. Personal data known to us shall be forwarded to third parties only in cases arising from legislation.
7. Upon submitting personal data to us, you grant us permission to process the data. If your personal data should become known to us in any other way, we shall send you a notice regarding the processing of the data within one month, except if
- you have already been informed,
- sending the notice is not possible or requires disproportionate effort (e.g., in the case of research and statistics),
- the receipt or disclosure of the data arises from law, or
- the personal data are covered by the obligation of secrecy.
The notice sent to you by us regarding the processing of your personal data, if the personal data are not collected from you personally, shall include the following information:
- our details as the chief processor;
- the details of our data protection officer;
- the legal basis and purpose of the processing;
- the categories of the personal data;
- information about legitimate interest;
- the recipients of the personal data;
- the data retention period;
- the transfer of the data to a third country;
- the source of the personal data;
- automated decisions and profile analysis.
8. We shall only transfer personal data to third countries (outside of the European Union) if it is absolutely necessary and if the countries have ensured an adequate level of protection of the personal data.
9. During the collection of personal data as well as in cases where personal data are not collected directly from the person concerned, AS Fertilitas’ clients, patients, job applicants and employees have the following rights:
- the right to request access to the personal data;
- the right to request the correction of the personal data;
- the right to request the deletion of the personal data;
- the right to restrict the processing of the personal data;
- the right to object to the processing of the personal data;
- the right to request the transfer of the personal data;
- the right to not to be subject to a decision based on automated processing;
- the right to withdraw consent;
- the right to submit complaints to a data protection supervision authority.