Everything related to individuals and their lives can be described as data. Such personal data includes, for example, a person’s name, address, contact details, etc. Personal data also includes various sensitive data, such as personal medical data.
Ortopeedia Arstid AS (hereinafter ‘OA’) has a legal responsibility to protect the privacy of its patients, customers and employees. Thus, here we describe the policy we follow for the collection, use, disclosure, transfer and storage of the data of the aforementioned stakeholders.
LEGAL BASES FOR DATA PROCESSING
1.1. OA is a healthcare provider, which has the right and obligation to process any personal data necessary for the provision of healthcare services, including sensitive personal data arising from legislation in force in the Republic of Estonia (Health Services Organisation Act, Health Insurance Act, Medicinal Products Act, Health Information System Statute).
1.2. The personal data of job applicants and employees shall be processed in accordance with the Employment Contracts Act.
SECURITY OF DATA
2.2. OA’s website www.ortopeediaarstid.ee contains the necessary measures to protect the integrity, accuracy and privacy of collected personal data. The website is secured with an updated SSL certificate, which enables the use of a private encrypted communications channel over public Internet (HTTPS) and ensures the confidentiality and integrity of transmitted data.
PROTECTION OF PERSONAL DATA
3.1. Ortopeedia Arstid AS shall take all precautionary measures (including administrative, technical and physical measures) for the protection of the personal data of its patients, customers and staff. Access to personal data for amendment and processing is only provided to authorised persons.
3.2 We collect personal data from the following sources:
- the customer/patient/employee;
- national healthcare service registers: the National Electronic Health Record, the database of the Estonian Health Insurance Fund, etc.
3.3. We collect and process your personal data whenever:
- you visit our hospital for an outpatient consultation or in-hospital care;
- a patient has indicated you as their contact person;
- you request the issue of your medical files;
- you send us a request for explanation, a memorandum or a request for information;
- you send us a proposal or a letter of appreciation;
- you apply for a job with us or if you are in an employment relationship with us on the basis of a contract of employment or a contract under the law of obligations;
- register for an appointment via (digital) reception or our website or by phone or e-mail – identification data (name, address, phone number, e-mail address, etc.), which are entered/submitted personally by the user;
- we compile and analyse statistics about the provision of our healthcare and other services.
3.4. Upon submitting personal data, you also grant us permission to process the data.
DISCLOSURE OF DATA TO THIRD PARTIES
4.1. OA may disclose your personal data:
- to comply with legal claims – e.g., by the Estonian Health Insurance Fund, national supervisory authorities, the police, courts, an insurance provider in the event of an insurance case, etc.;
- to protect its rights and ensure security – e.g., in the case of suspected fraud;
- to third parties, if such cooperation is necessary for the provision of OA’s services (IT company, accounting service provider, other healthcare service providers (examinations, analyses, anesthesia, etc.)).
ACCESSING PERSONAL DATA
5.1. You have the right to access the personal data we have collected about you, request the correction or deletion of the data, object to or request the restriction of the processing of the data, provided that it does not conflict with the legislation in force in the Republic of Estonia. Requests may be submitted via our units’ reception desk or digitally signed and submitted by e-mail to firstname.lastname@example.org. Data shall be issued on the basis of an identity document or in an encrypted form on the basis of a personal identification code.
5.2 Ortopeedia Arstid AS has the right to charge a reasonable service fee for handling requests, if it involves an unreasonable amount of work or financial costs, for example, making copies of original documents, reviewing information related to medical records, etc.
Note! In the interest of the security of your data, we shall not issue data or the results of examinations/analyses by phone.
5.2 Personal information shall not be issued, if this may:
- damage the rights and freedoms of other persons;
- hinder the prevention of a criminal offence or apprehension of a criminal offender;
- complicate the ascertainment of the truth in a criminal proceeding;
- endanger the protection of the confidentiality of filiation of a child.
6.1 Patients’ and customers’ medical records shall be retained for 110 years from the date of birth of the patient or customer. Referrals, nursing records, analysis results, etc. related to medical histories shall be retained for up to 30 years after the end of the medical history (legal basis: Regulation No. 56 of the Minister of Social Affairs).
6.2 Employees’ employment contracts shall be retained for 10 years after the expiry of the employment contract.
6.3 Accounting documents shall be retained for 7 years (legal basis: the Accounting Act)
PROTECTION OF RIGHTS AND CONTACT INFORMATION
7.1. In matters related to the processing of personal data, please contact our data protection specialist. The data protection specialist of Ortopeedia Arstid AS is Mart Jalakas, e-mail address: email@example.com, address: Paldiski mnt 68a, 10617 Tallinn.
7.2. The chief processor is Ortopeedia Arstid AS, registry code 11096463, located at Paldiski mnt 68a, 10617 Tallinn, e-mail address: firstname.lastname@example.org, website: www.ortopeediaarstid.ee, phone: 606 7747.
7.3. If you believe that we have violated your rights during the processing of your personal data, you may submit a complaint to the hospital’s data protection specialist or the Estonian Data Protection Inspectorate (Väike-Ameerika 19, Tallinn 10129, e-mail address: email@example.com).
Ortopeedia Arstid AS shall do everything in its power to protect your personal data and comply with data protection and privacy laws!