Privacy policy

This infopage contains an overview of how AS Medita Baltics (hereinafter Medita Clinic) uses and maintains personal data obtained during its activities.

Medita Clinic takes all precautionary (including administrative, technical, physical) measures to protect the personal data of their clients. Medita Clinic processes personal data according to the procedure provided by law, the rules established for data protection and the privacy policy of the clinic. 

According to section 5 of the Personal Data Protection Act of the Republic of Estonia, processing of personal data is any act performed with personal data, including the collection, recording, organisation, storage, alteration, disclosure, granting access to personal data, consultation and retrieval, use of personal data, communication, cross-usage, combination, closure, erasure or destruction of personal data or several of the aforementioned operations, regardless of the manner in which the operations are carried out or the means used. 

The Data Protection Inspectorate has registered the right of Medita Clinic to process sensitive personal data in the database. 

In the event of any questions concerning the privacy policy or processing of data, please contact us by sending an e-mail to the address medita@medita.ee. 

If you find that upon processing personal data we have infringed your rights, you may file a complaint with the Data Protection Inspectorate (Väike-Ameerika 19, Tallinn 10129, e-mail address info@aki.ee). 

Medita Clinic reserves the right to amend, if necessary, the general terms and conditions of this privacy policy, all such amendments will be communicated on the website of the clinic (www.medita.ee).

Website terms of use  

By visiting the website of Medita Clinic www.medita.ee, the visitor agrees to abide by the following terms.

Security
The website has all the necessary means for protecting the integrity, accuracy and privacy of the personal data collected on the website. We have taken reasonable precautionary measures to protect the data against loss, improper use and alteration. The security and privacy policy is reviewed periodically and upgraded as necessary. Only authorised persons have access to your data. 

The website www.medita.ee uses an updated SSL certificate that enables the use of a private encrypted communication channel (HTTPS) on the public Internet, through which the data is transferred as confidential and as a whole.

Intellectual property rights  
The content on the website www.medita.ee (texts, graphics, names, images, numerical data, figures, logos, icons, recordings, software, etc.) belongs to Medita Clinic or to their licensors and partners. All rights, including those not explicitly granted to the user herein, are reserved. 

The content on the website of Medita Clinic or any part of it shall not be copied, transferred, modified, recorded, published or distributed without the prior written consent of Medita Clinic. 

Disclaimer  
Medita Clinic does not represent, directly or indirectly, any information that is on the website www.medita.ee and does not give any guarantees in this regard, including representing or giving guarantees on the accuracy, integrity or reliability of such information. 

No information found on the website can be deemed as a binding obligation assumed or offer made by Medita Clinic. Medita Clinic reserves the right to alter the website terms of use or the website’s content or part of it at any time without notice. Medita Clinic is not responsible for providing access to the website www.medita.ee. 

Under no circumstances is Medita Clinic liable for any damage, irrespective of its nature, caused by using this website or its content or by any failure or inaccessibility of the website. 

Also, Medita Clinic is not liable for any damage, irrespective of its nature, caused by errors, data systems or data transmission interruptions or inaccessibility, malicious software or viruses. 

The same applies to the websites of third parties, which are linked or otherwise referred to on the website. 

The website of Medita Clinic www.medita.ee uses links to websites that are managed by third parties. By clicking any of these links, you are redirected from the website of Medita Clinic to a website of some other organisation. Even if the websites of the two organisations are connected, Medita Clinic has no control over the third-party website. Every organisation has their own data collection, processing and privacy policy. When visiting some of these sites, you should examine their privacy policy before sharing any data. 

Data provided by users  
The website of Medita Clinic may be accessed without entering your personal data. In the cases, however, when personal data is collected, it is shared by the user only voluntarily and to a minimum extent. The gathered data will not be forwarded to any other party without the user’s prior written consent. 

The user of the website is solely responsible for the accuracy of the data provided through the website and confirms that they have the right to reveal this data to Medita Clinic.  

When filling in the inquiry form on the website, you will be asked to give your name, personal identification code, e-mail address, telephone number and, if necessary, any other information. The purpose of collecting data is to provide better and more effective service in relation with the activity of Medita Clinic. 

All entered information is strictly confidential and meant to be used only by relevant persons. 

The website stores the inquiry forms you have filled in on the website’s database and sends them automatically to the e-mail address medita@medita.ee (in the case of the Beauty Clinic, to the address ilukliinik@medita.ee). Upon receiving your inquiry, we will contact you through the e-mail address or phone number provided by you. 

The information stored on the database will be deleted if we (no longer) have no legal basis for using your personal data. 

The information forms sent through the website to the address medita@medita.ee contain the following data:

• time of e-mail
• location of the mailer (IP address)
• name
• personal identification code
• telephone number
• e-mail address
• other information provided by the mailer

Data entered by you will not be shared, distributed or altered in any way. 

Server log files
The website www.medita.ee stores certain information in the so-called server log files. Information will be forwarded to us automatically through your browser. The forwarded information includes:

• type and version of the browser
• operation system
• reference to URL
• client’s host name
• date and time of request

This data is not associated with any specific persons and the information received will not be linked to other data sources. The collected data is only used for identifying any problems occurring in our system or any misuse of the system.

Cookies on the website  
The website www.medita.ee uses cookies for gathering statistical data. Cookies are small pieces of text in your web browser that are stored on your computer when you visit certain websites. Cookies help the website remember your choices on our site. By using our services, you agree to our use of cookies 

Types of cookies and purpose of their use  
The webmaster uses persistent cookies to remember the user’s language preference. This ensures that the user does not have to adjust their language preference every time they visit the website. 

The webmaster also uses the web analytics service Google Analytics provided by Google Inc. (hereinafter Google). Google Analytics uses persistent cookies, text files stored on your computer, which help to analyse your use of the website. Cookies collect statistical data about your operations on the website, for example, to help us determine the number of times the website has been visited, the number of pages viewed, time spent on our websites, the country, region and, if necessary, city where the connection was made, and also which web browser or Internet provider was used. We gather information for statistics, but also for adapting the web page to your needs so as to make the page more attractive and improve its content and functionality. 

Cookies collect data anonymously. They do not store your personal data or allow us to identify you. 

Blocking cookies  
By blocking the use of cookies in your web browser, we cannot guarantee the expected or correct operation of our services. More information on managing and restricting cookies: 

• Internet Explorer: http://support.microsoft.com/kb/278835
• Chrome: https://support.google.com/chrome/answer/95647?hl=en 
• Firefox: http://support.mozilla.org/en-US/kb/Clear%20Recent%20History
• Opera: http://www.opera.com/browser/tutorials/security/privac
• Safari: http://support.apple.com/kb/PH5042

You may refuse the use of Google Analytics cookies by downloading and installing the opt-out browser add-on: https://tools.google.com/dlpage/gaoptout?hl=en.

Processing personal data  

Under subsection 4 (1) of the Personal Data Protection Act, personal data is any data concerning an identified or identifiable natural person, regardless of the form or format in which such data exists. 

Personal data includes, for example, a person's name, address, contact details, personal identification code. Furthermore, personal data includes data that is more sensitive (subsection 4 (2) of the Personal Data Protection Act), including data on the state of health. Processing personal data means any act performed with personal data. Medita Clinic processes personal data, including data on the state of health, for providing special medical care and other health care services. 

Data on patient's state of health
Medita Clinic processes patients' personal data in compliance with regulations in force in the Republic of Estonia and the European Union. 

Pursuant to the Health Services Organisation Act, Medita Clinic as a provider of health care services has the right to process the personal data of a patient, including the data on the patient's state of health required for the provision of a health care service. For this purpose, before the patient’s appointment, a Medita Clinic health care professional may need to examine the patient's personal data entered into the National Health Information System or any other medium for recording data. 

If the patient cancels the appointment or does not come to the appointment after a Medita Clinic health care professional has examined the patient's personal data for the purpose of providing a health service, the examination of the personal data is deemed to have been required for the provision of a health care service. 

Medita Clinic will keep all data regarding the patient's identity, state of health and private life, which became known during the provision of a health care service, confidential. In accordance with law, Medita Clinic may deviate, to a reasonable extent, from the obligation to maintain confidentiality if such non-disclosure may cause substantial harm to the patient or to other people. 

Medita Clinic has the right to record the provision of a health care service for the purpose of documenting it. 

To protect the personal data of other patients, taking photos, recording audio and filming in Medita Clinic is allowed only with a written consent from the Management Board of Medita Clinic. 

Replying to queries
All queries are replied to either via e-mail or by telephone, according to the preference of the person sending the query. Depending on the sensitivity of the query, the e-mail reply may be encrypted or not. If the person wishes to be replied to by post, the letter will be sent either by normal or by registered mail.

Phone calls to Medita Clinic
Calls to the general phone number of Medita Clinic (+372 5645 8430) are recorded and digitally stored for 30 days on the server of the service provider, AS Telia Eesti. After this period, audio files will be deleted. 

If you object to the recording, you may contact Medita Clinic via e-mail (medita@medita.ee) or via the information form found at www.medita.ee. Appointments can also be made through the website www.veebiregistratuur.ee. 

Storing and transmitting personal data
Pursuant to section 769 of the Law of Obligations Act, a provider of health care services has an obligation to document the provision of health care services to each patient as required and preserve all corresponding documents. 

Medita Clinic preserves documents for the period required by the Regulation of the Minister of Social Affairs on the conditions and procedure for maintaining records of the provision of health care services and preservation for the documents thereof (Tervishoiuteenuse osutamise dokumenteerimise ning nende dokumentide säilitamise tingimused ja kord). 

Medita Clinic submits personal data only to the databases they are legally required to transfer the data to, and all data is transferred through the Estonian National Health Information System, which in turn is connected with other national databases (Population Register, Causes of Death Registry, Cancer Registry, Health Insurance Fund database) via the Data Exchange Layer X-Road. This is required from Medita Clinic under section 59 of the Health Services Organisation Act. 

According to the statutes of the Health Information System, the system is a database established by the Health Services Organisation Act and belonging to the State Information System where the data related to health care is processed for entry into and performance of contracts for the provision of health care services, for guaranteeing the quality of health care services and the rights of patients and for the protection of public health, including for maintaining registers concerning the state of health, for the organisation of health statistics and for the management of health care. 

Additionally, Medita Clinic may forward data to some other provider of health care services if it is necessary or related to the provision of health care service to a patient. Data is submitted to the Health Information System only to the necessary extent and in the manner and form that guarantees the security of the personal data. 

If a person wishes to know the databases where Medita Clinic forwards their data, a request for information should be sent to the clinic. Medita Clinic is registered with the Administration System of the State Information System. 

Access to data
You have the right to examine the data obtained on you and request a corresponding printout at your own expense.

The clinic denies access to the data only if examining the data may

• damage the rights and freedoms of any third person;
• hinder the prevention of a criminal offence or apprehension of a criminal offender;
• complicate the ascertainment of the truth in a criminal proceeding;
• endanger the protection of the confidentiality of filiation of a child. 

You also have the right to require the correction of incorrect information. If you find that we no longer have any legal basis for using your personal data, you may request that we stop using the data and/or delete it. 

We will correct incorrect data, stop using the data or delete it if your request is justified and in compliance with the requirements of law. 

Allowing for a second opinion  
If you have doubts about a decision made by an employee of Medita Clinic, you may contact another specialist and ask for a second opinion to receive an independent judgement as to the

• correctness of the diagnosis,
• necessity of any prescribed medicine or health service,
• proposed alternatives and the anticipated effect,
• possible risks related to the provision of a health service. 

Applying for jobs  
When you apply for a job at our clinic, we rely on the data revealed by yourself and found from public information sources. 

All applicants have the right to know which information we have obtained about them, to examine the data gathered by us, to give explanations concerning the data, and state objections.

The information concerning a candidate will only be examined by persons involved in the recruitment procedure. No documents or data will be disclosed to any third person. Also, no information on candidates will be revealed to other applicants. 

We assume that we may contact anyone the applicant has named as their reference person without any additional consent. 

We preserve the data on the applicants not selected for the job only with the consent of these applicants for future application processes. The data is maintained under a person's full name.