Processing of personal data
Personal data are any data that allow a person to be identified, with more sensitive personal data being referred to as a special category of personal data, including personal health data. The processing of a patient’s personal data is any operation performed on his or her personal data.
- Braun Medical OÜ/Haavakliinik, as a health care provider, is obliged to transmit data on the health care provided to the patient to the Health Information System. The Health Information System is a database, which is part of the national information system, in which health-related data are processed for the purposes of activities related to the provision of health care.
We process personal data when:
- you come to the Haavakliinik for an appointment – we process your personal data, as well as data concerning your state of health, for the diagnosis and treatment of illness or injury;
- if the patient has indicated you as his/her contact person – we process your personal data (personal identification number, name) in order to verify your relationship with the patient and to provide you with information relating to the patient. This will only be done if the patient or the investigating authority (e.g. the police) has not prohibited the transfer of the data;
- you request the release of documents or data relating to your treatment – we will use the personal data of you or the person who has requested the documents or data with your consent to release the requested documents or data;
- you send us a request for clarification, a letter of advice, a request for information or a complaint – we will use your personal data to investigate the facts of the complaint and to respond to the letter. If you have sent us a letter to which another authority can reply, we will forward the letter to that authority and inform you as the sender of the letter;
- if you participate in training courses offered by us – we will process your data (name, contact details, position) to provide you with organizational information, to ask for advice, to issue documents certifying your participation in training courses, to prepare and send payment documents, and to send you newsletters about training courses and conferences;
We respect the legal time limits for storing the collected data.
Transfer of data
To comply with our legal obligations, we will transfer treatment-related data:
- To other databases, which are the Health Information System (Digital Health Record) and the Cancer Registry;
- All correspondence sent to us will be registered in the document management system of B. Braun Medical OÜ/Haavakliinik. Correspondence with individuals is subject to a general access restriction, as the correspondence contains personal data. This means that if someone wants to access correspondence or documents of a private person, he or she must submit a request for information to the Hospital Clinic. When we receive a request for information, we will check whether the requested documents can be disclosed or whether they can be disclosed in part. In the case of a partial issue, we will withhold the personal data that the applicant is not entitled to process, in order to avoid the issue of excessive data. Possible grounds for restricting access are set out in § 35 of the Public Information Act.
- Notwithstanding the access restriction, we will disclose documents and data relating to you to authorities or persons who are legally entitled to receive these documents or data (e.g. the police, the court, the Health Insurance Fund, the Health Board, the insurer in the event of an insured event, etc.).
- We will only send documents containing special categories of personal data to the addressees by registered mail or encrypted e-mail. For institutions, documents are sent via a secure document exchange center wherever possible.
Personal data breaches
- If a personal data breach occurs at the Haavakliinik and poses a likely risk to your rights and freedoms, we will report the breach to the Data Protection Inspectorate. We will take action to resolve the breach immediately and prevent further breaches.
- If the personal data breach is likely to result in a significant risk to your rights and freedoms, we will also notify you. The purpose of the notification is to enable you to take the necessary precautions to mitigate the situation
Access to personal data
You have the right to:
- access the information we have collected about you;
- request the rectification of inaccurate personal data or the completion of personal data that is incorrect or insufficient;
- request the deletion of personal data that we have no lawful basis for using;
- request restriction of the processing of personal data (e.g. while the accuracy of your personal data is being verified);
- object to the processing of personal data concerning you.
To do so, you should submit a request to us, signed by hand or digitally. The request may be made on the spot at the reception of the Havakliinik, on presentation of an identity document, or sent by post to the address J. Sütiste tee 17/1, 13419 Tallinn, Estonia or digitally signed and sent by e-mail to firstname.lastname@example.org.
We will reply to your request as soon as possible, but not later than within one month. The data collected about you will be provided in paper or electronic form, as you request. If we have reasonable doubts as to the identity of the person who has made the request, we may request additional information to identify the applicant.
We will refuse to comply with your request for access if it may:
- harm the rights and freedoms of another person;
- harm national security;
- obstruct or impair the prevention, detection, prosecution or punishment of an offence.
For any questions relating to the processing of personal data, you may contact the Data Protection Specialist of B. Braun Medical OÜ by e-mail: email@example.com.
Protection of rights and contact details
If you believe that we have violated your rights in the processing of your personal data, you may lodge a complaint with either the Data Protection Specialist of B. Braun Medical OÜ or the Data Protection Inspectorate (Tatari 39, Tallinn 10134, e-mail: firstname.lastname@example.org).