Privacy Notice

Mikroravi OÜ provides dental services in the Republic of Estonia at one location:

• Mikroravi OÜ Uus-Sadama 21-202, Tallinn 10120

This privacy notice sets out the data protection and processing principles that Mikroravi OÜ applies to ensure the protection and security of your personal data. Mikroravi OÜ has implemented reasonable and necessary measures to protect your security and the integrity of your personal data.

Access to personal data is limited to employees whose job duties require it, and data processing is restricted to what is necessary for the performance of their duties.

Mikroravi OÜ makes every effort to prevent personal data from falling into the hands of unauthorised persons.

We want you to be aware of what personal data we process, what the purpose of processing personal data is, how we use personal data, and what your rights and obligations are.

SCOPE OF THE PRIVACY NOTICE

The privacy notice applies to you if:

• You use the services of Mikroravi OÜ;
• Mikroravi OÜ provides you with healthcare services;
• You call the Mikroravi OÜ contact phone number;
• You contact Mikroravi OÜ by email or other means of communication.

Mikroravi OÜ does not knowingly process data related to persons under 18 years of age, except in cases where data processing is necessary for the provision of medical services.

PERSONAL DATA PROTECTION PRINCIPLES

Mikroravi OÜ applies physical, technical and organisational protective measures to ensure the integrity and protection of personal data, such as locks, electronic alarm systems, firewalls, anti-malware programmes and spam filtering systems, etc. We periodically update and test our security technologies. We grant access to your personal data only to those employees who need the data to perform their work. In addition, we train our employees on the importance of confidentiality, integrity and security of personal data.

Mikroravi OÜ uses the Dentas (Connected OÜ) dental software for the provision of healthcare services. The Dentas treatment management software allows the management of patient data, treatment information, X-ray and digital images, work plans, billing, sending SMS reminders and much more. The Dentas treatment management software enhances the work of both doctors and the entire clinic and helps users provide consistently high-quality healthcare services. The provider of the Dentas treatment management software is Connected OÜ.

Mikroravi OÜ follows the following principles in processing personal data:

• Lawfulness, fairness and transparency
• Purpose limitation principle — Mikroravi OÜ processes personal data for precisely and clearly defined legitimate purposes.
• Data minimisation principle — Mikroravi OÜ collects and processes only the personal data necessary to achieve the purpose of processing.
• Accuracy principle — Mikroravi OÜ takes appropriate measures to ensure the accuracy of processed data; inaccurate and excessive data are corrected or deleted at the earliest opportunity.
• Storage limitation principle — Mikroravi OÜ retains personal data only for as long as necessary for the purposeful processing of personal data or for the fulfilment of obligations arising from law.
• Integrity and confidentiality principle — Mikroravi OÜ has implemented physical, organisational and technological security measures to ensure lawful processing and protection of personal data.

PURPOSE OF COLLECTING AND PROCESSING PERSONAL DATA

Mikroravi OÜ collects and processes personal data for the following purposes:

• provision of healthcare services;
• development of healthcare service provision;
• communication with patients, consumers, employees and cooperation partners;
• advancement of dental science;
• responding to enquiries and resolving applications;
• assessing the quality of services and goods;
• improving, modifying and enhancing services;
• processing customer feedback related to the website, products and services;
• ensuring the security of network and information systems;
• detecting and resolving technical and information security failures;
• detecting and preventing fraud or misuse;

When we process your personal data based on our legitimate interests, we always consider and weigh the possible impact on you (both positive and negative) and your rights arising from data protection legislation.

Providing personal data to Mikroravi OÜ is not mandatory, but refusal to provide them may mean that Mikroravi OÜ will be unable to offer you medical services or can only offer them partially.

LIST OF MAIN SITUATIONS WHERE Mikroravi OÜ MAY PROCESS YOUR PERSONAL DATA

• when registering for a medical appointment — when registering for an appointment (on-site, by email, by phone, via online booking), we process your data (name, personal identification code, address, contact details, etc.);
• when providing healthcare services — collecting health data (including from the e-Health database), entering, modifying and adding information to your medical record is necessary primarily for the provision of medical services and for assessing your health condition, treatment dynamics and preparing a treatment plan;
• when providing healthcare services, the dentist may take photographs of you (including your full face) to consult with specialists (e.g. technicians, laboratories). By sending photographs, the dentist can determine, together with the expert, the most optimal treatment plan and/or necessary procedure, and perform other actions necessary for the provision of healthcare services.
  Photographs taken during your treatment may be used by the dentist for training purposes to enable dentists to develop more modern treatment techniques. With your permission, photographs taken during treatment may also be used for the clinic’s marketing purposes. In both cases, the dentist asks for your permission (consent).
  You have the right to withdraw your consent at any time by sending a signed application to the email address: info@mikroravi.ee
• Withdrawal of consent does not invalidate actions performed before the withdrawal of consent.
• Your child or a person under your guardianship has come to us for a dental appointment — we process your personal data to verify your connection to the patient. We forward information about the patient’s health data to you unless the patient or law enforcement authorities have determined otherwise;
• a patient has designated you as their contact person — we process your contact data to forward information related to the patient;
• you request the issuance of medical documents (your own, your child’s or a person under your guardianship) — document issuance is carried out in accordance with legal grounds, following the security measures in use for the transmission of personal data;
• you submit a complaint, suggestion or information request to us (including via communication channels) — we use your personal data to clarify circumstances related to the complaint/request and to respond to the complaint/request;
• you apply for employment at Mikroravi OÜ — we rely on data provided by you and data that can be obtained from public sources. By sending us your CV, you give consent to be contacted.

DATA PROCESSED

Mikroravi OÜ may collect and process the following data about you:

• first and last name;
• personal identification code;
• residential address data;
• contact details (phone number, email, postal address, etc.);
• health data (including from the e-Health database);
• document data (e.g. document number, etc.);
• other data necessary for the provision of healthcare services;
• X-ray images, scans;

METHOD OF COLLECTING PERSONAL DATA

Mikroravi OÜ collects your data:

• directly from you or your representative when booking a medical appointment, communicating with us via communication channels, during the provision of healthcare services through the healthcare provider;
• from the e-Health database.

USE OF PERSONAL DATA

Mikroravi OÜ may use your data in its legitimate interest, including:

• for the provision of healthcare services (including treatment planning, diagnosis, treatment, etc.);
• for entering into transactions with you (e.g. concluding a healthcare service agreement and other agreements);
• for communicating with you (e.g. regarding service conditions, resolving applications and enquiries; conducting negotiations, etc.);
• for conducting and developing business activities (e.g. data analysis, activity auditing, developing new products and services, improving and modifying existing services, identifying usage trends);
• for monitoring and preventing fraud, money laundering and fraudulent activities;
• for fulfilling legal, auditing, regulatory, insurance, security and processing requirements;
• for responding to enquiries from public and government authorities, including authorities that may be located outside your country of residence;
• for legal cooperation with law enforcement authorities or for other purposes arising from legislation.

LEGAL BASES FOR PROCESSING PERSONAL DATA

Mikroravi OÜ processes your personal data on the following bases:

• for the performance of a healthcare service contract;
• for the fulfilment of obligations arising from legislation (e.g. the Health Services Organisation Act);
• with your consent (e.g. use of your photographs for training or marketing purposes, requesting Mikroravi OÜ to transfer data to third parties for the provision of healthcare services);
• on a legal basis (for the prevention of fraud, money laundering and deception).

DATA PROTECTION AND PROCESSING ON THE Mikroravi OÜ WEBSITE

Mikroravi OÜ collects data about you arising from the use of www.Mikroravi.ee (hereinafter also the Website), including, for example:

• if you book a doctor’s appointment on the Website, in which case your name, contact details, address and billing address may be requested;
• communicating with you (including responding to enquiries);
• for improving and enhancing the usability of services and the Website;
• for informing you;
• for processing bookings;

SHARING AND DISCLOSURE OF PERSONAL DATA AND OTHER DATA

Personal data are transmitted or disclosed to the following third parties:

• institutions or persons who have a legal right to request these documents (e.g. law enforcement authorities, health insurance fund, health board, insurer in the event of an insured event, etc.).
• with your consent, to Mikroravi OÜ cooperation partners for the best provision of healthcare services;
• to other third parties in cases of merger, sale or other changes related to Mikroravi OÜ, or bankruptcy proceedings or other similar activities.

RETENTION OF PERSONAL DATA AND PLACE OF RETENTION AND PROCESSING

• Mikroravi OÜ retains your data for the period necessary to fulfil the purpose of their collection, or longer if required by legislation. Pursuant to the Health Services Organisation Act, Mikroravi OÜ is obliged to retain your personal data for 30 years from the date of collection.
• When data are no longer needed for the original purpose, they are deleted.
• Collected personal data are processed in the Republic of Estonia. At your request or with your consent, we also transmit your personal data outside the Republic of Estonia.

YOUR RIGHTS IN CONNECTION WITH DATA PROCESSING

• If Mikroravi OÜ processes personal data on the basis of your consent, you have the right to withdraw your consent at any time.
• If the legal basis for processing personal data arises from the legitimate interest of Mikroravi OÜ, you have the right to object to the processing of personal data based on specific circumstances.
• You have the right to access your personal data that Mikroravi OÜ has collected about you. In addition, you have the right to correct and/or supplement the personal data being processed.
• If you wish to exercise the above-mentioned rights, you may submit a corresponding application to Mikroravi OÜ via email at info@mikroravi.ee.
• The withdrawal of your consent does not render the processing of personal data prior to the withdrawal unlawful.

CORRECTION OF PERSONAL DATA, RESTRICTION OF PROCESSING AND DELETION

Mikroravi OÜ is obliged to correct, delete or supplement processed and/or data being processed without undue delay if they are inaccurate, unnecessary, incomplete or outdated in view of the purpose of processing.

You have the right to request Mikroravi OÜ to restrict the processing of personal data in the following cases:

• if you have contested the accuracy of the personal data being processed;
• if you believe that the processing of personal data is unlawful, but you do not seek the deletion of the personal data, but rather the restriction of their use;
• if Mikroravi OÜ no longer needs your personal data for processing purposes, but they are necessary for you to prepare, submit or defend legal claims; or
• if you have submitted an objection regarding the processing of personal data until Mikroravi OÜ verifies whether the legitimate interest of Mikroravi OÜ outweighs your interests, rights and/or freedoms. If you have requested the restriction of processing of personal data for the above-mentioned reasons, Mikroravi OÜ will notify you before lifting the restriction of processing of personal data.

If Mikroravi OÜ refuses your request to correct inaccurate data, you will be notified in a written reproducible form. The notification will also state the reasons for the refusal. In that case, you may contact the Data Protection Ombudsman regarding the matter.

Mikroravi OÜ notifies data recipients to whom the data have been provided and the source of inaccurate personal data about the correction of personal data, unless this is impossible or unreasonably complex.

AMENDMENT OF Mikroravi OÜ PRIVACY NOTICE AND DATA PROTECTION ENQUIRIES AND COMPLAINTS

• Personal data are processed by Mikroravi OÜ. The management board of Mikroravi OÜ has appointed a data protection officer. The data protection officer can be contacted with all enquiries and complaints related to the processing of personal data by Mikroravi OÜ at info@mikroravi.ee.
• Mikroravi OÜ has the right to unilaterally amend the above privacy terms without prior notification.
• If you are not satisfied with how Mikroravi OÜ has handled your personal data or your privacy enquiry or application, you have the right to file a complaint with the local data protection authority:
• Estonian Data Protection Inspectorate, https://www.aki.ee/.

 

Cookie Usage Policy

Mikroravi OÜ provides dental services in the Republic of Estonia at three locations:

• Mikroravi OÜ Uus-sadama 21-202, Tallinn 10120

DEFINITIONS

Cookie — a text file that we save in your device’s (e.g. computer, mobile phone, tablet) web browser when you visit the Mikroravi OÜ website. We use cookies solely to ensure that the Mikroravi OÜ website and services function better and more efficiently.

USE OF COOKIES

The purpose of the cookies used on the website is to ensure that:

• the Mikroravi OÜ website functions according to your expectations;
• there is no need to log in multiple times during a single session;
• the Mikroravi OÜ website remembers your settings;
• the speed and security of the Mikroravi OÜ website are improved;
• the content of the Mikroravi OÜ website is easier to share on social media;
• when logged in, the Mikroravi OÜ website is personalised and the necessary information is found more quickly;
• improvements and developments to the Mikroravi OÜ website can be planned;
• offers and marketing messages correspond to your needs.

COOKIES IN USE

The Website may install the following cookies on the User’s or Visitor’s device:

Strictly necessary cookies

• Allow the use of Mikroravi OÜ website functions and remember information entered into forms even when the user navigates to other sub-pages during the session.
• Without such cookies, some Website services are not possible.
• Strictly necessary cookies do not collect information for marketing purposes and do not remember which pages have been viewed on the internet.

Performance cookies

• Performance cookies collect information about the use of the Mikroravi OÜ website and help improve the website’s functionality.
• Performance cookies show which pages were visited most frequently, on which website pages problems occurred during use, etc.
• Performance cookies do not collect information about a specific person and the collected information is anonymous.

Functionality cookies

• Functionality cookies remember your choices and offer improved and personalised functions.
• Such cookies remember changes made but do not save activities on third-party websites.

Targeting cookies

• Targeting or advertising cookies are used to deliver advertisements matching the visitor’s interests and to limit the number of times an advertisement is displayed.
• This type of cookie is used to measure the effectiveness of an advertising campaign and to remember what the visitor has viewed on the Website.

Third-party cookies

• Third parties (such as Facebook and Google) may use their own cookies or other methods to collect information about the Mikroravi OÜ website content you have visited. Third parties use the collected information to provide usage statistics analysis and advertisements on topics of interest to you.
• Mikroravi OÜ does not access or control cookies originating from third parties — the use of these cookies falls under the respective installer’s privacy policy. Website visitors can separately review the privacy policies of all third parties.
• Facebook’s cookie terms can be found here: https://www.facebook.com/policies/cookies/
• Google’s cookie terms can be found here: https://www.google.com/policies/technologies/cookies/
• Hubspot’s cookie terms can be found here: https://knowledge.hubspot.com/articles/kcs_article/reports/what-cookies-does-hubspot-set-in-a-visitor-s-browser

MANAGING AND DELETING COOKIES

• Allowing strictly necessary cookies is a prerequisite for using the website. If the visitor refuses, the functionality of the website cannot be guaranteed.
• Please check the use of functionality and targeting cookies in your web browser settings: http://et.wondershare.com/recover-data/delete-cookies-from-web-browser.html.
• By deleting or blocking cookies, you may lose access to some website functions.

 

NOTICE ON THE PROCESSING OF PERSONAL DATA IN THE COURSE OF VIDEO SURVEILLANCE

On the premises of Mikroravi OÜ

1. SURVEILLANCE CAMERA FIELD OF VIEW

Video surveillance is carried out using video surveillance cameras installed on the perimeter and restricted area (entrance and client area) of Mikroravi OÜ.

2. PERSONAL DATA PROCESSED

The Data Controller processes only images recorded by video surveillance cameras depicting property on the Mikroravi OÜ perimeter and restricted area, and persons within the cameras’ field of view. The recording includes the appearance, movement and behaviour of persons and vehicles (“Personal Data”) on the premises. Recording takes place continuously 24 hours a day, 7 days a week.

3. DATA CONTROLLER

Personal data are processed by Mikroravi OÜ.

4. PURPOSE OF PROCESSING PERSONAL DATA

The Data Controller processes Personal Data for the purpose of preventing and detecting crimes and offences in order to protect property located on the company premises and persons present on the premises. For example, the processing of Personal Data is necessary to identify a person who has damaged or stolen property belonging to the Data Controller or persons on its premises, and/or assaulted persons. In the event that a crime is committed against the company’s clients, cooperation partners, visitors and/or employees of the Data Controller, the Data Controller discloses the necessary information to the authorities investigating the matter.

5. LEGAL BASIS FOR PROCESSING PERSONAL DATA

The legal basis for processing personal data is the legitimate interest of the Data Controller — the protection of the Data Controller’s property against damage or theft and the protection of all persons present on the company premises (clients, cooperation partners, visitors or employees). Video surveillance is justified, among other things, due to previously occurring offences.

6. ACCESS TO PERSONAL DATA

Access to video camera recordings is available to the Data Controller’s (Mikroravi OÜ) authorised employee — the responsible dentist, and in the event of suspected or detected offence, to pre-trial investigation authorities (police, national security authorities, prosecutor’s office for obtaining evidence in criminal cases), courts (for obtaining evidence in relevant proceedings), but only if this is necessary and appropriate for investigating an offence committed on the premises of Mikroravi OÜ.

 

7. RETENTION PERIOD

Your personal data are generally retained for 2 months, but no longer than one year, if this is necessary to achieve the purpose of processing the Personal Data. For example, if an offence is detected on the company premises, a video recording containing Personal Data may be retained for as long as necessary for the investigation of the respective offence in accordance with applicable laws and regulations. The Data Controller reviews recordings only if there is a justified suspicion that an offence has been committed on the premises.

8. CONTACT INFORMATION

The Data Controller’s contact for data protection matters related to video surveillance: info@mikroravi.ee.