Privacy Policy of Qvalitas Medical Centre

 

Valid from 25 June, 2019

INTRODUCTION

Qvalitas Medical Centre (reg. No. 10303948, address Pärnu mnt 102c, 11312, Tallinn, hereinafter "Qvalitas" or "we") is one of the largest private medical centres in Estonia. We provide various health services pursuant to the Health Services Organisation Act, issue health related documentation, including certificates related to occupational health pursuant to the Occupational Health and Safety Act, and provide other services pursuant to applicable law. The list of our services can be found at http://www.qvalitas.ee. In relation to providing these services, Qvalitas also processes personal data.

This Privacy Policy sets out the principles of processing your personal data by Qvalitas when you turn to us for our services. Please read the Privacy Policy carefully. If you have any questions about how we process your personal data or if you wish to submit an application for exercising your rights related to processing your personal data, please contact us through the contact information provided in the section "Contacts" below.

Qvalitas has the right to change the Policy from time to time. The updated Privacy Policy is published on the Qvalitas webpage.

1. TERMS

GDPR

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Personal data

  • Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular on the basis of such a record as the name, personal identification code, place of location information or network identifier, or on the basis of one or more physical, physiological, genetic, mental, economic, cultural or social identities. Personal data includes your name, personal identification code, e-mail address, and data regarding your health status.

Applicable law

  • All applicable European Union legislation and all the applicable legislation of the Republic of Estonia, including, but not limited to, the Personal Data Protection Act or other national implementing legislation of the GDPR, and the regulatory legislation regarding the provision of health care services.

Patient or data subject

  • Natural person who turns or has turned to Qvalitas for service.

Qvalitas

  • Qvalitas Medical Centre (reg. No. 10303948, address Pärnu mnt 102c, 11312, Tallinn).

Processing

  • Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data controller

  • Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Privacy Policy, Qvalitas Medical Centre acts as the data controller of their clients' personal data.

Data processor

  • Natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2. GENERAL

2.1. The Privacy Policy shall apply when you turn to Qvalitas for services.

2.2. The Privacy Policy sets out the general principles of processing personal data at Qvalitas.

2.3. Qvalitas shall ensure the processing of the patients' personal data pursuant to applicable law. The most relevant legislation Qvalitas proceeds from when processing the patients' personal data includes the Health Services Organisation Act, the Health Insurance Act, the Medicinal Products Act, the Occupational Health and Safety Act, the Personal Data Protection Act and the GDPR.

3. WHEN AND FOR WHAT PURPOSES DO WE PROCESS PERSONAL DATA?

3.1. Qvalitas shall process patients' personal data only pursuant to applicable law and for the stated purposes.

3.2. When you turn to Qvalitas for health services, we shall process your personal data in order to provide you with the specific health service you require. In this case, we shall process your personal data pursuant to the Health Services Organisation Act and the contract entered into with you for providing you with the health service you require. In order to provide the health service, we shall process data which enables us to identify you, such as your name and personal identification code, and other data, such as health data, which is necessary for providing you with these services. The list of data we process in a specific case depends on the type of health service provided. When providing you with the health service, we may process your contact data and bank account details for the accounting purposes for the health service provided, as well as for sending organisational information before and after the visit, for example sending a reminder for the time of your visit. Qvalitas shall not transmit your personal and health data to third parties, except to the extent allowed by applicable law.

3.3. When you turn to Qvalitas as directed by your employer or another person for the purpose of obtaining health services in relation to occupational health or for obtaining a necessary medical certificate, we process your personal data for the provision of health services pursuant to the contract entered into with your employer or another person, the Health Care Services Organization Act and the Occupational Health and Safety Act. In order to provide the health service, we shall process data which enables us to identify you, such as your name and personal identification code, and other health data necessary for providing you with the services. When providing you with the health service, we may process your contact data for sending organisational information before and after the visit, for example sending a reminder for the time of your visit. Qvalitas shall not transmit your personal and health data to third parties, except to the extent allowed by applicable law. For example, we may transmit the health examination decision to your employer pursuant to the Occupational Health and Safety Act, but we shall not transmit any additional health data nor the results of the medical examinations or analyses.

3.4. When you turn to Qvalitas for other purposes than health care service, for example for receiving nutrition advice, rehabilitation, or other service, we shall process your personal data for the purposes of providing you with this service. In order to provide the service, we shall process data which enables us to identify you, such as your name and personal identification code, and other data necessary for providing you with the service, including your health data, if the processing of health data is required for providing you with the service. We may also process your contact data and bank account details for the accounting purposes for the health service provided, as well as for sending organisational information before and after the visit, for example sending a reminder for the time of your visit. Qvalitas shall not transmit your personal and health data to third parties, except to the extent allowed by applicable law.

3.5. For the purposes of analysing and assessing patient satisfaction, Qvalitas has the right to ask for your feedback regarding the services provided. If the patient is underage, their parent or guardian shall be asked for feedback.

3.6. If you have given us a separate consent for the processing of your personal data, your consent shall be the legal basis for processing your personal data. In this case, we process your personal data for the specified purposes and to the extent determined by the consent. Please note that if you have given us your consent for the processing of personal data, you have the right to withdraw the consent at any time.

3.7. Qvalitas shall use the contact details of the legal person submitted to Qvalitas in order to share the news, best practices and know-how related to occupational health and environment on a regular basis, but not more frequently than once per quarter. The representative of the legal person has the right to renounce the informative letters in accordance with the instructions included in the e-mail or by notifying the contact person of Qvalitas.

4. TRANSMISSION OF PERSONAL DATA AND USE OF DATA PROCESSORS

4.1. Qvalitas shall not transmit your personal data to third parties, except for when having the legal basis pursuant to applicable law.

4.2. Qvalitas has the right pursuant to applicable law to use data processors for processing the personal data. As the processors, Qvalitas uses only those partners who are committed to processing personal data in accordance with these principles of processing personal data and applicable law. The list of data processors of Qvalitas, who may process patients' personal data to the limited extent, is not limited and Qvalitas may also use the partners not listed in this chapter as data processors. Qvalitas primarily uses partners providing various health care services (for example, optometrists, partners providing general or special health care service, whom Qvalitas uses for providing their patients with required services), the IT-service providers (various server service providers, IT support service providers, communications service providers, and other IT-service providers), marketing partners, payment service providers, and other service providers and partners as data processors.

4.3. When providing health care services, Qvalitas shall transmit your health information under the current law to the e-health Patient Information Portal located at https://id.digilugu.ee/, the data controller of which is the Health and Welfare Information Systems Centre (reg. No. 70009770, address New Tatari St. 25, 10134 Tallinn). For questions related to the patient portal, you can contact the customer service of the Health and Welfare Information Systems Centre at +372 794 3943 or by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it..

4.4. In order to provide you with health services, Qvalitas may, as appropriate, under the current law, transmit and/or receive your health data through a prescription centre, the controller of which is the Health and Welfare Information Systems Centre (reg. No. 70009770, address Uus-Tatari 25, 10134 Tallinn), if it is necessary for providing you with the health service. For questions related to the prescription centre, you can contact the customer service of the Health and Welfare Information Systems Centre at +372 794 3943 or by email at This email address is being protected from spambots. You need JavaScript enabled to view it..

4.5. In order to provide you with health services, Qvalitas may, as appropriate, under the current law, transmit and/or receive your health data through an image bank, the controller of which is the Image Bank Foundation (reg. No. 90007945, address Puusepa 8, 51014 Tartu, Estonia), if it is necessary for providing you with the health service. For questions related to the image bank, you can contact the customer service of the Health and Welfare Information Systems Centre at +372 5331 8888 or by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it.

4.6. When providing health services related to the issue of a motor vehicle driver's medical certificate, we may transmit your health data (medical certificate) to the Road Administration digital environment, the controller of which is the Road Administration (reg. No. 70001490, address Teelise 4, 10916 Tallinn). For questions related to data processing by the Road Administration, please contact the Road Administration at +372 620 1200 or by e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it.

4.7. We may transmit your medical data to the Estonian Health Insurance Fund (reg. No. 74000091, address Lastekodu 48, 10144, Tallinn) when providing you with the health service, the treatment invoice of which shall be paid wholly or partly by the Estonian Health Insurance Fund from the health care funds for health care institutions. For questions related to the Health Insurance Fund, you can contact the Estonian Health Insurance Fund at +372 669 6630 or e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it..

5. STORAGE OF PERSONAL DATA

5.1. Qvalitas shall not store personal data longer than it is necessary for the purposes of processing personal data or pursuant to applicable law.

5.2. Pursuant to the Health Services Organisation Act and the regulation of the Minister of Social Affairs "The conditions and procedure for documenting the provided health care services, and for the preservation of those documents" Qvalitas shall store the following documents containing personal data:

5.2.1. We shall store patients' health records and pregnancy cards up to 30 years as of the date of the validation of the data.

5.2.2. When ordering medical research, we shall store the research results together with the patient's health card for 30 years.

5.3. Pursuant to subsection 131 (11) of the Occupational Health and Safety Act, Qvalitas shall store the medical examination records and the results of medical research up to 30 years as of the decision date of the medical examination.

5.4. Pursuant to the Accounting Act, we shall store accounting documents for 7 years.

5.5. We shall generally store the data collected for the conclusion of an agreement with you, the longer retention period of which has not been prescribed by applicable law, as long as they are required for the purposes of the contract during the term of the contract or up to 3 years after the expiry of the contract.

5.6. The feedback collected in order to assess patient satisfaction shall be stored for 5 years as of the date of feedback.

5.7. Qvalitas shall store your personal data in a secure manner and, if possible, shall prefer state information systems (such as the Patient Portal) as the place of storage. However, Qvalitas has the right to store personal data in their own systems.

5.8. If you wish to get more detailed information about the period for which your personal data is stored, please contact us through the contact data provided below.

6. YOUR RIGHTS AS A DATA SUBJECT

6.1. In terms of personal data processing, you have all the rights of a data subject pursuant to applicable law.

6.2. For the purposes of personal data processing, you shall have the following rights:

6.2.1. Right of access: You have the right to ask whether Qvalitas has your personal data or not and to obtain information on the personal data processed by Qvalitas at any time;

6.2.2. Right to correct personal data: You have the right to request that Qvalitas specify or correct your personal data if it is inadequate, incomplete or incorrect;

6.2.3. Right to obtain: You have the right to submit objections to the processing of your personal data by Qvalitas if the use of personal data is based on the legitimate interest of Qvalitas;

6.2.4. Right to request erasure of personal data: You have the right to request the erasure of personal data if your personal data is processed with your consent and you have withdrawn your consent;

6.2.5. Right to restrict processing: You have the right to require restricted processing of your personal data by Qvalitas pursuant to applicable law if Qvalitas does not need your personal data for the purposes of processing or if you have submitted an objection to the processing of your personal data;

6.2.6. Right to withdraw consent for processing your personal data: You have the right to withdraw the consent granted to Qvalitas at any time if your personal data is processed with your consent;

6.2.7. Right to data portability: You have the right to obtain personal data from Qvalitas which you have submitted to Qvalitas and which is processed on the basis of your consent or in order to perform the contract concluded with you, in writing or in a commonly used electronic format, and, if it is technically possible, to request that Qvalitas transmit the data to a third service provider.

6.2.8. Right of appeal: You have the right to file a request or a complaint to the Data Protection Inspectorate or the court if you find that your rights have been infringed while your personal data is being processed.

6.3. Your rights related to the processing of personal data listed in this chapter do not include all your rights. In certain cases, the rights of other data subjects or the legal obligations of Qvalitas may limit the rights of the data subject.

6.4. For performing the rights related to the processing of personal data or submitting applications related to the processing of personal data, please contact us through the contact data given below.

7. SECURITY OF PERSONAL DATA

7.1. Qvalitas shall ensure the security of the processing of personal data in order to protect personal data against unauthorized or unintentional processing, disclosure or destruction.

7.2. Considering the latest developments in science and technology and the costs of implementation, as well as the nature, scope, context and purposes of processing personal data, and the different likelihood and scope of threats to the rights and freedoms of natural persons arising from processing, Qvalitas shall apply appropriate technical and organisational measures to protect personal data while it is being processed.

8. CONTACT

8.1. For questions or requests related to the processing of personal data, please contact Qvalitas or the Data Protection Officer of Qvalitas by telephone, e-mail or mail.

The contact details of Qvalitas include the following:
Business name: Qvalitas Medical Centre
Address: Pärnu mnt 102c, 11312, Tallinn;
Phone: +372 605 1550;
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

The contact details of the data protection officer of Qvalitas include the following:
Phone: +372 605 1566
E-post: This email address is being protected from spambots. You need JavaScript enabled to view it.

Qvalitas Arstikeskus