Principles for the Processing and Protection of Personal Data at AS Kliinik Elite

Personal data refers to any information relating to an identified or identifiable natural person, which allows the recognition of their physical, psychological, physiological, economic, cultural, or social characteristics, relationships, or affiliations. Personal data includes, for example, an individual’s name, personal identification code, home address, contact details, financial status, and more. This also includes sensitive personal data, such as health data. Processing of personal data encompasses any operation performed on personal data. Personal data may be collected, stored, used, and processed in various ways by public authorities, companies or other legal entities, and individuals, provided there is a legal basis for doing so.

General Principles for the Processing and Protection of Personal Data at AS Kliinik Elite

• AS Kliinik Elite holds a license for the provision of specialized medical care and processes personal data, including health data, for the purpose of providing such care and fulfilling other legal obligations imposed on healthcare institutions.
• In the processing of personal data, we adhere to applicable legal frameworks, including the General Data Protection Regulation (EU Regulation 2016/679, GDPR) and the Personal Data Protection Act of Estonia.
• The controller of your personal data is AS Kliinik Elite (Sangla 63, Tartu, registration number 10911961). Processors are the clinic’s contractual partners who provide services on behalf of AS Kliinik Elite (e.g., IT service providers, laboratories, courier services).
  In cases where the nature of the service provided by a partner, the division of responsibilities, and workflow requires the partner to act as a joint controller, you will be informed of this separately via specific consent and information documents.
  You have the right to: Access your personal data, Request correction or supplementation of inaccurate data, Request deletion of unlawfully processed data, Request restriction of data processing.
  To exercise these rights, please contact us via email at info@elitekliinik.ee.
• Video Surveillance:
  Security cameras are installed at the entrances of the clinic’s premises (Sangla 63, Tartu) and at the beginning of the third-floor corridor. These cameras do not record audio or track individuals, but only monitor specific areas for security purposes — such as preventing threats to people or property, identifying hazardous situations, or determining liability for damage. Access to surveillance recordings is restricted, and recordings are shared outside the clinic only with a lawful basis (e.g., with the police). Recordings are retained for 7 calendar days.
• Telephone Calls:
  Telephone conversations are not recorded at AS Kliinik Elite.
• Disclosure of Personal Data:
  Documents and data are disclosed only to institutions or persons who are legally entitled to receive such information (e.g., state authorities, insurance providers in the case of a claim).
• In the case of transferring personal data to third countries, we act in accordance with Article 13(1)(f) of the GDPR. Data is transferred only with the data subject’s written informed consent, for a specific analysis set, and the data subject is informed of potential risks involved in transferring data to countries with inadequate data protection levels.
  For matters concerning data protection, please contact our Data Protection Officer at +372 740 9933 or via email at malle@elitekliinik.ee.
• If you believe that AS Kliinik Elite has violated your rights as a data subject, you may file a complaint with our Data Protection Officer or the Data Protection Inspectorate (Tatari 39, 10134 Tallinn; info@aki.ee).

When Do We Process Your Personal Data? We process your personal data in the following situations:

1. Visiting our website (www.elitekliinik.ee): We collect the IP address and time of visit to generate anonymous statistics about website usage, in order to improve the site and user experience. This data is processed using Google Analytics based on your consent through cookies, in accordance with Directive 2002/58/EC Article 5(3). Data is retained for one month. You can opt out by adjusting your browser settings.
2. Receiving outpatient or day care services:  We collect and process your personal and health data to diagnose and treat illness, injury, or poisoning, to alleviate symptoms, prevent worsening conditions, or restore health. Access to health data is restricted to contracted staff directly involved in service provision. Processing is based on the Health Services Organization Act, and retention periods are defined by law.
3. Participating in cervical cancer screening:  We process your data to conduct necessary tests, based on the Public Health Act and Health Services Organization Act.
4. Being a donor:  Your personal and health data are processed to assess donor suitability, based on the Cells, Tissues and Organs Act and the Health Services Organization Act.
5. Requesting pre- or antenatal tests performed abroad (incl. third countries):  Your sample and required personal data are sent securely with your written consent via encrypted platforms or courier services.
6. Applying for employment:  We process your application and publicly available data. We assume we may contact references listed in your CV. Only employees involved in recruitment will access your data, which will not be disclosed externally.
7. Sending requests, feedback, or complaints:  We process your data to clarify the issue and respond appropriately.
8. Requesting medical records:  Sensitive documents are sent only via registered post or encrypted email.
9. Complying with state reporting obligations and billing to the Estonian Health Insurance Fund.

AS Kliinik Elite is committed to taking all necessary measures to protect your personal data and to comply fully with applicable data protection and privacy laws.