Aktsiaselts Nova Vita Kliinik
A.H. Tammsaare tee 47, Tallinn 11316
(hereafter ”We” or ”Nova Vita”)
2. Data Protection Officer (DPO)
WHTPR L&C OÜ
3. What is the legal basis for and purpose of the processing of personal data?
The basis of processing personal data is:
- Nova Vita’s legitimate interest (customer relationship management, invoicing);
- explicit consent of a customer;
- performance of a contract to which the data subject is party and/or taking steps at the request of the data subject prior to entering into a contract;
- a legal obligation; and/or
- the provision of health care service or treatment.
The purpose of processing personal data is:
- providing health and specialised medical care services,
- fulfilling Nova Vita`s contractual and other promises and obligations,
- taking care of the customer relationship.
4. What data do we process?
We may process, depending on the health care service provided, the following personal data of our customers and other data subjects` (for example gamete donors`s) in connection with our services:
- Basic information of the data subject* such as name, date of birth, age, identification number, profession, marital status, spouse`s/partner`s name, gender, mother language, nationality;
- Contact information of the data subject* such as e-mail address, phone number, postal address;
- Medical history of the data subject such as chronic diseases, current medications, psychological health, allergies, height, weight, previous treatments;
- Habits such amount of consumed portions of alcohol per week, smoking habits, use of drugs;
- Information of the customership and the contract such as past and current contracts and orders (fertility preservation, embryo storage), correspondence with the client, other indormation of the customership.
(*) Committing personal data marked with an asterisk is a requirement for our contractual and/or customer relationship. Without necessary information we are not able to provide the service.
5. From where do we receive data?
We receive information primarily from following sources eg. from the data subject, from other healthcare professionals, Health Information System (www.digilugu.ee).
6. To whom do we disclose data and do we transfer data outside of EU or EEA?
We process information ourselves and use subcontractors that process personal data on behalf of and for us (for example we have outsorced the IT-management to an external service provider, to whose server the data is stored. The server is protected and managed by the external service provider).
Depending on the service provided we may disclose personal data to third parties only within the limits of the applicable laws and regulations.
In general we do not disclose personal data outside of EU/EEA. Only in exceptional cases the data subject`s personal data may be disclosed outside of EU/EEA (for example if data subject is interested to export germ cells or embryos, the disclosure of the personal data of the data subject with the host clinic is needed).
In case such processing take place, we ensure that the EU Commission standard contractual clauses 2010/87/EU concerning the transfer of Personal Data to outside the EU/EEA, or a similar legal safeguard approved by the EU regulation (2016/679), will apply to such transfer or processing.
7. How do we protect the data and how long do we store them?
Nova Vita will keep confidential data subjects` personal data, including state of health and private life, which has become known to Nova Vita during the provision of the health care service.
Only those of our employees, who on behalf of their work are entitled to process customer data, are entitled to use data processing systems containing personal data. Each user has a personal username and password to the system, i.e access to personal data is granted on the basis of a role-based authorization concept.
The information is collected into databases that are protected by firewalls, passwords and other technical measures.
The databases and the backup copies of them are in locked premises and can be accessed only by certain pre-designated persons.
We store the data as long as it is necessary for the purpose of processing the data and only within the time limits of the applicable laws and regulations.
We estimate regularly the need for data storage taking into account the applicable legislation. In addition, we take care of such reasonable actions of which purpose is to ensure that no incompatible, outdated or inaccurate personal data is stored in the register taking into account the purpose of the processing. We correct or erase such data without delay.
8. What are your rights as a data subject?
As a data subject you have a right to inspect the personal data conserning yourself, which is stored in the register, and a right to require rectification or erasure of the data. You also have a right to withdraw or change your consent and right to data portability.
As a data subject, you have a right, according to EU’s General Data Protection Regulation (2016/679) to object processing or request restricting the processing and lodge a complaint with a supervisory authority responsible for processing personal data.
For specific personal reasons, you also have a right to object profiling and other processing concerning you, when processing the data is based on the customer relationship. In connection to your claim, you should identify the specific situation on which you object the processing. We can refuse to act on such request on the basis of the law.
9. Who can you be in contact with?