Nova Vita`s Privacy Policy

1. Controller

Aktsiaselts Nova Vita Kliinik
A.H. Tammsaare tee 47, Tallinn 11316
novavita@novavita.ee
(hereafter ”We” or ”Nova Vita”)

2. Data Protection Officer (DPO)

Fondia Baltic OÜ
Rotermanni 14
10111 Tallinn
anna.kosar@fondia.com

3. What is the legal basis for and purpose of the processing of personal data?

The basis of processing personal data is:

  • Nova Vita’s legitimate interest (customer relationship management, invoicing);
  • explicit consent of a customer;
  • jperformance of a contract to which the data subject is party and/or taking steps at the request of the data subject prior to entering into a contract;
  • a legal obligation; and/or
  • the provision of health care service or treatment.

The purpose of processing personal data is:

  • providing health and specialised medical care services,
  • ulfilling Nova Vita`s contractual and other promises and obligations,
  • taking care of the customer relationship.

4. What data do we process?

We may process, depending on the health care service provided, the following personal data of our customers and other data subjects` (for example gamete donors`s) in connection with our services:

  • Basic information of the data subject* such as name, date of birth, age, identification number, profession, marital status, spouse`s/partner`s name, gender, mother language, nationality;
  • Contact information of the data subject* such as e-mail address, phone number, postal address;
  • Medical history of the data subject such as chronic diseases, current medications, psychological health, allergies, height, weight, previous treatments;
  • Habits such amount of consumed portions of alcohol per week, smoking habits, use of drugs;
  • Information of the customership and the contract such as past and current contracts and orders (fertility preservation, embryo storage), correspondence with the client, other indormation of the customership.

(*) Committing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide the service.

5. From where do we receive data?

We receive information primarily from following sources eg. from the data subject, from other healthcare professionals, Health Information System (www.digilugu.ee).

For the purposes described in this privacy policy, personal data may also be collected and updated from publicly available sources and based on information received from authorities or other third parties within the limits of the applicable laws and regulations.

6. To whom do we disclose data and do we transfer data outside of EU or EEA?

We process information ourselves and use subcontractors that process personal data on behalf of and for us (for example we have outsorced the IT-management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider).

Depending on the service provided we may disclose personal data to third parties only within the limits of the applicable laws and regulations.

In general we do not disclose personal data outside of EU/EEA. Only in exceptional cases the data subject`s personal data may be disclosed outside of EU/EEA (for example if data subject is interested to export germ cells or embryos, the disclosure of the personal data of the data subject with the host clinic is needed).

In case such processing take place, we ensure that the EU Commission standard contractual clauses 2010/87/EU concerning the transfer of Personal Data to outside the EU/EEA, or a similar legal safeguard approved by the EU regulation (2016/679), will apply to such transfer or processing.

7. How do we protect the data and how long do we store them?

Nova Vita will keep confidential data subjects` personal data, including state of health and private life, which has become known to Nova Vita during the provision of the health care service.

Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use data processing systems containing personal data. Each user has a personal username and password to the system, i.e access to personal data is granted on the basis of a role-based authorization concept.

The information is collected into databases that are protected by firewalls, passwords and other technical measures.

The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.

It is important to note that if you click on any link on Nova Vita`s website that directs you from Nova Vita`s website to third party’s website, Nova Vita does not have control over such website and is not liable for the third party’s actions even if the connection exists between the websites. Before you proceed to a third-party website from Nova Vita`s website, we recommend you familiarize yourself with that particular website`s privacy policy before sharing any data.

We store the data as long as it is necessary for the purpose of processing the data and only within the time limits of the applicable laws and regulations.

We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.

8. What are your rights as a data subject?

As a data subject you have a right to inspect the personal data conserning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent and right to data portability.

As a data subject, you have a right, according to EU’s General Data Protection Regulation (2016/679) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.

For specific personal reasons, you also have a right to object profiling and other processing concerning you, when processing the data is based on the customer relationship. In connection to your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request on the basis of the law.

9. Who can you be in contact with?

All contacts and requests concerning this privacy policy shall be submitted in writing or in person to Nova Vita`s DPO mentioned in section two (2).

10. Changes in the Privacy Policy

Should we make amendments to this privacy policy, we will place the amended policy on our website, with an indication of the amendment date. If the amendments are significant, we may also inform you about this by other means, for example by sending an email or placing a bulletin on our homepage. We recommend that you review these privacy protection principles from time to time to ensure you are aware of any amendments made.