Data Protection Policy

ÜLEMISTE SURGERY CLINIC AS (registry code 16135400) (hereinafter “ÜKK”) provides an overview of the personal data collected necessary for service provision through this privacy policy. ÜKK is the data controller for personal data in providing its services and managing its websites (auroraclinic.ee; auroraclinic.fi; ulemistekirurgia.ee).

 

1. Processing of Personal Data

  • Personal data is any information about a natural person, such as a person’s name, address, contact details, etc. Special categories of personal data, which include health data, also fall under personal data.
  • Processing of personal data is any operation performed on personal data. ÜKK processes personal data, including health data, only to the extent necessary to fulfill its assigned tasks and provide quick and quality service to individuals. ÜKK has a legal obligation to protect clients’ and users’ privacy while also having a legal obligation to process patient health data when providing healthcare services.
  • The processing and protection of personal data is strictly regulated in the European Union by the General Data Protection Regulation (GDPR) and by more specific sectoral legislation in the healthcare sector (such as the Health Services Organization Act).
  • We collect and process your personal data only when there is a legal basis and only for legitimate purposes.
  • We collect and process your personal data when:
    • You visit our clinic – we process your personal data, including health-related data for disease diagnosis and treatment. When providing healthcare services (outpatient or inpatient), we collect data based on the fulfillment of the healthcare service contract and legal obligations: a) directly from you, including information you provide and results of examinations and diagnostics performed or to be performed; b) from third parties, mainly health data from national registers and/or other healthcare providers. ÜKK documents healthcare service provision according to the Health Services Organization Act requirements;
    • A patient has designated you as their contact person – we process your personal data to transmit patient-related information;
    • You request the release of your medical documents – we use your personal data or the personal data of the person who submitted the request with your consent when issuing documents;
    • You submit a complaint to us – we use your personal data to investigate the circumstances stated in the complaint and to respond to you;
    • You submit a proposal or letter of thanks – with your consent, we publish your name on ÜKK’s website, Facebook page, Instagram page;
    • You apply for a job with us – we rely on the information you have disclosed. Each candidate has the right to know what data we have collected about them;
    • We send you relevant marketing offers – we base sending offers on your consent, and you can opt out of receiving offers at any time. Withdrawing marketing consent does not affect healthcare service provision;
    • You visit our website – we use technical and analytical cookies for better website functionality. We only use analytical cookies (Google Analytics) with your consent. We do not use marketing cookies on our website.

    2. Data Transfer

    • ÜKK discloses your related data to institutions or persons who have a legal right to request such data (e.g., Health Insurance Fund, Health Board, insurer in case of an insurance event, police, etc.). Documents containing special categories of personal data are sent to recipients by registered mail or encrypted email.
    • We are obligated to transfer healthcare service-related data via the secure X-Road (X-tee) data exchange platform to the national health information system (Digilugu) and other national databases, such as the prescription center regarding prescriptions and medical devices issued to you.

    3. Protection of Personal Data

    • ÜKK has implemented necessary information and cyber security measures and stores patient personal data in a manner that ensures effective protection of personal data in accordance with legislation.
    • Security measures include, among others, two-factor authentication and access management, password protection and need-based data access, encrypted network connections, and other continuously updated security measures.
    • ÜKK does everything to protect your personal data and comply with data protection and privacy regulations. Access to patient personal data is only granted to individuals who need it in connection with their work duties. Our employees are subject to confidentiality obligations and internal data protection procedures, and we do everything possible to ensure your personal data is protected in our care.

    4. Authorized Processors

    • We use third-party services to organize ÜKK’s core activities. These service providers have only need-based access to some personal data to ensure appropriate service. These service providers do not have the right to use personal data for other purposes or store it longer than necessary for proper service provision. Data protection agreements have been concluded with service providers.
    • Sharing special category data with partners is only based on specific legal grounds, such as laboratory services within healthcare services.
    • Some ÜKK partners are listed on our website, but you can always contact us for more detailed explanations.

    5. Access to Personal Data

    • You have the right to access the data we have collected about you. You can submit a request at Ülemiste Surgery Clinic or send it to info@ulemistekirurgia.ee.
    • Data is released based on an identity document or sent encrypted via email.
    • You have the right to request correction or deletion of incorrect personal data.
    • In addition to the above, depending on the specific processing situation, you have the right to data portability, the right to restrict data processing, and to withdraw consent for personal data processing at any time.

    6. Storage and Deletion of Personal Data

    • Personal data retention periods depend on the purpose and legal basis for which ÜKK processes this data. For example, we may have a legal or contractual obligation to retain data for a certain period. It may also be based on your and our legitimate interest or your consent.
    • Payment-related information is retained for accounting purposes for 7 years from the end of the current financial year. We are legally required to retain healthcare service-related documentation for 30 years.
    • Job application-related data is retained for 1 year based on equal treatment provisions.
    • Please contact ÜKK for more information about specific retention periods.

    7. Marketing

    • We send you newsletters and selected offers if you have given us your consent for this purpose. You can withdraw your consent at any time by notifying ÜKK. An opt-out link is included in every electronic message.
    • We also use social media channels Facebook and Instagram (Meta) in communication. Since social media platforms are treated as separate data controllers, their privacy terms also apply to the processing of your personal data in this regard. Consequently, attention should also be paid to these service providers’ consent conditions.

    8. Protection of Rights and Contact Information

    • You may contact ÜKK with questions related to personal data processing at info@ulemistekirurgia.ee or tel: 6300022.
    • If you find that we have violated your rights in processing personal data, you may file a complaint with either ÜKK’s data protection specialist or the Data Protection Inspectorate (Tatari 39, Tallinn 10134, email: info@aki.ee).