Terms and conditions of personal data processing
Data controller
In these data protection terms and conditions, the data controller KSA Medica OÜ (registry code 14391553, address J. Vilmsi tn 5, Tallinn 10120) (hereinafter KSA) provides an overview of the personal data collected from you, the purpose of and legal basis for its processing, the principles of determining the retention period, the recipients of data upon transmission, your rights and the contact details of the data controller, including those of the data protection specialist.
Your details
KSA collects and processes the following personal data about you to contact you, book an appointment and provide you health care services: given name, surname, personal identification code, email address, phone, age, place of booked examination, and the health data necessary for booking an appointment and providing the service, including the prescription of your glasses.
By consenting to the use of cookies on the KSA website, technical data, such as the IP address of your computer or computer network and the time of visit is collected about your device for the purposes of website development, enhancing user-friendliness, marketing and statistics. IP addresses are not associated with personally identifiable information. You always have the option to opt out of cookies by changing the browser settings of your device and deleting cookies.
By consenting to receive marketing communications, they are grouped and sent based on your previous activity on KSA. When using these communications, technical information is collected, eg whether you opened an offer, which devices you used and their technical specifications. The grouping of marketing communications may also be automated with your consent. You have the right to opt out of receiving communications at any time.
KSA exclusively processes personal data that you have voluntarily provided to us. Please note that if you decide not to provide us with the personal data that is strictly necessary for booking an appointment, we will be unable to contact you to schedule an appointment and provide a service.
Purpose of and legal basis for data processing
KSA provides day surgery and outpatient ophthalmology services at the KSA Vision Clinic under licence No L04236 issued pursuant to decision No 6.4-4/67 of the Health Board of 28 March 2018. KSA specialises in treating myopia and astigmatism using the Flow 2.0 incision-free laser procedure.
The security of your personal data is of the utmost importance to KSA. Pursuant to subsection 1 of § 768 of the Law of Obligations Act, providers of health care services and persons participating in the provision of health care services must maintain the confidentiality of information regarding the identity of patients and their state of health which has become known to them in the course of providing health care services or performing their official duties and they must ensure that, upon the proper documentation of the service, the information contained in documents does not become known to other persons unless otherwise prescribed by law or by agreement with the patient. As the controller of personal data, KSA is responsible for the security of your personal data and keeps it confidential according to the aforementioned law, disclosing data only in the case and in accordance with the rules provided by law.
Pursuant to subsection 1 of § 41 of the Health Services Organisation Act, health care providers, who have the obligation to maintain confidentiality arising from law, have the right to process personal data, including personal data of special categories, ie health data, without the permission of the data subject. Therefore, the aforementioned law provides the legal basis for the processing of your health data.
With your separate consent, KSA has the right to use cookies on the website and your email address for the purpose of sending you KSA newsletters tailored to your profile. You have the right to withdraw any consent given to KSA at any time. However, withdrawal of consent does not affect the lawfulness of processing conducted based on the consent granted prior to the withdrawal.
Data transmission
KSA may transmit your personal data to third persons, eg an auditor, a person providing legal aid services, an accountant or any other person providing a service necessary for the operation of KSA (eg IT service). KSA is also liable to you for the security of your data upon transmission.
KSA has implemented the necessary organisational, physical and IT security measures to safeguard your personal data against any misuse, unauthorised access, disclosure, alteration or destruction. Only authorised persons have access to your personal data. The persons who have access to your personal data are bound by the obligation of confidentiality.
Data retention
KSA will not retain your personal data for longer than is reasonably necessary for KSA to achieve the purposes for which the data was collected or processed in compliance with the legislation applicable to the retention period. We are obliged to retain your health data for 30 years on the conditions provided for in the Health Services Organisation Act. We retain other data collected for marketing purposes for as short a period as possible, but no longer than five years.
Rights of data subjects
Right of access – this right allows you to access all the personal data that KSA has collected about you, including information that concerns the processing of the collected personal data.
Right to rectification – this right allows you to request that KSA rectify any inaccurate or incomplete personal data. For example, you can request the rectification of personal data if your email address has changed and you want to replace the old email address with a new one.
Right to erasure – you can exercise this right in particular in relation to personal data processed by KSA based on your consent.
Right to restriction of processing – you can exercise this right, for example, if you consider that the processing of your personal data is unlawful or if the purpose for processing your personal data has ceased to exist or if you wish to stop profiling for the purposes of receiving commercial communications.
Right to withdraw your consent given to KSA for the processing of personal data – this right allows you to withdraw your consent given to KSA for the processing of your personal data at any time.
Right to file a complaint with the Estonian Data Protection Inspectorate – you have the right to contact the Estonian Data Protection Inspectorate if you believe that your personal data has not been properly processed.
Contacts
If you have any questions about the processing of your personal data or wish to exercise any of the above rights, please send a digitally signed request to the email address of KSA at info@ksa.ee or contact the data protection specialist of KSA at info@moss.legal. KSA has the right to refuse to comply with your request, in which case the KSA will inform you of the circumstances and reasons for the refusal.
Data controller
In these data protection terms and conditions, the data controller KSA Medica OÜ (registry code 14391553, address J. Vilmsi tn 5, Tallinn 10120) (hereinafter KSA) provides an overview of the personal data collected from you, the purpose of and legal basis for its processing, the principles of determining the retention period, the recipients of data upon transmission, your rights and the contact details of the data controller, including those of the data protection specialist.
Your details
KSA collects and processes the following personal data about you to contact you, book an appointment and provide you health care services: given name, surname, personal identification code, email address, phone, age, place of booked examination, and the health data necessary for booking an appointment and providing the service, including the prescription of your glasses.
By consenting to the use of cookies on the KSA website, technical data, such as the IP address of your computer or computer network and the time of visit is collected about your device for the purposes of website development, enhancing user-friendliness, marketing and statistics. IP addresses are not associated with personally identifiable information. You always have the option to opt out of cookies by changing the browser settings of your device and deleting cookies.
By consenting to receive marketing communications, they are grouped and sent based on your previous activity on KSA. When using these communications, technical information is collected, eg whether you opened an offer, which devices you used and their technical specifications. The grouping of marketing communications may also be automated with your consent. You have the right to opt out of receiving communications at any time.
KSA exclusively processes personal data that you have voluntarily provided to us. Please note that if you decide not to provide us with the personal data that is strictly necessary for booking an appointment, we will be unable to contact you to schedule an appointment and provide a service.
Purpose of and legal basis for data processing
KSA provides day surgery and outpatient ophthalmology services at the KSA Vision Clinic under licence No L04236 issued pursuant to decision No 6.4-4/67 of the Health Board of 28 March 2018. KSA specialises in treating myopia and astigmatism using the Flow 2.0 incision-free laser procedure.
The security of your personal data is of the utmost importance to KSA. Pursuant to subsection 1 of § 768 of the Law of Obligations Act, providers of health care services and persons participating in the provision of health care services must maintain the confidentiality of information regarding the identity of patients and their state of health which has become known to them in the course of providing health care services or performing their official duties and they must ensure that, upon the proper documentation of the service, the information contained in documents does not become known to other persons unless otherwise prescribed by law or by agreement with the patient. As the controller of personal data, KSA is responsible for the security of your personal data and keeps it confidential according to the aforementioned law, disclosing data only in the case and in accordance with the rules provided by law.
Pursuant to subsection 1 of § 41 of the Health Services Organisation Act, health care providers, who have the obligation to maintain confidentiality arising from law, have the right to process personal data, including personal data of special categories, ie health data, without the permission of the data subject. Therefore, the aforementioned law provides the legal basis for the processing of your health data.
With your separate consent, KSA has the right to use cookies on the website and your email address for the purpose of sending you KSA newsletters tailored to your profile. You have the right to withdraw any consent given to KSA at any time. However, withdrawal of consent does not affect the lawfulness of processing conducted based on the consent granted prior to the withdrawal.
Data transmission
KSA may transmit your personal data to third persons, eg an auditor, a person providing legal aid services, an accountant or any other person providing a service necessary for the operation of KSA (eg IT service). KSA is also liable to you for the security of your data upon transmission.
KSA has implemented the necessary organisational, physical and IT security measures to safeguard your personal data against any misuse, unauthorised access, disclosure, alteration or destruction. Only authorised persons have access to your personal data. The persons who have access to your personal data are bound by the obligation of confidentiality.
Data retention
KSA will not retain your personal data for longer than is reasonably necessary for KSA to achieve the purposes for which the data was collected or processed in compliance with the legislation applicable to the retention period. We are obliged to retain your health data for 30 years on the conditions provided for in the Health Services Organisation Act. We retain other data collected for marketing purposes for as short a period as possible, but no longer than five years.
Rights of data subjects
Right of access – this right allows you to access all the personal data that KSA has collected about you, including information that concerns the processing of the collected personal data.
Right to rectification – this right allows you to request that KSA rectify any inaccurate or incomplete personal data. For example, you can request the rectification of personal data if your email address has changed and you want to replace the old email address with a new one.
Right to erasure – you can exercise this right in particular in relation to personal data processed by KSA based on your consent.
Right to restriction of processing – you can exercise this right, for example, if you consider that the processing of your personal data is unlawful or if the purpose for processing your personal data has ceased to exist or if you wish to stop profiling for the purposes of receiving commercial communications.
Right to withdraw your consent given to KSA for the processing of personal data – this right allows you to withdraw your consent given to KSA for the processing of your personal data at any time.
Right to file a complaint with the Estonian Data Protection Inspectorate – you have the right to contact the Estonian Data Protection Inspectorate if you believe that your personal data has not been properly processed.
Contacts
If you have any questions about the processing of your personal data or wish to exercise any of the above rights, please send a digitally signed request to the email address of KSA at info@ksa.ee or contact the data protection specialist of KSA at info@moss.legal. KSA has the right to refuse to comply with your request, in which case the KSA will inform you of the circumstances and reasons for the refusal.