See clearly, live freely
See clearly, live freely
KSA Medica OÜ (registry code 14391553, address: J. Vilmsi tn 5, Tallinn 10126) (hereinafter referred to as “At KSA”) collects and processes your personal data in connection with your employment relationship.
The security of your personal data is important to KSA. Therefore, KSA finds it necessary to inform you about the personal data it collects, the purposes for which it is collected, the conditions of retention, and your rights regarding the processing of your personal data.
Identification Data: image, name, address, phone number, data from an identity document, including document number and expiry date.
Personal Data: date of birth, personal identification code, information about children, family members and their contact details.
Professional Contact Information: name, professional email address.
Employment Data: job title, overall work experience, education level, educational institution, field of study, diploma/certification number and year of issue, language proficiency, employment history, working time records (including hours worked, vacation schedules, sick days, other absences), bank account number, information related to the performance of work duties (including warnings and their content), occupational health and safety data, including data on occupational accidents, salary and other benefits or payments and the underlying data used to calculate them (e.g., working time records), deductions from salary and the basis for such deductions, data on statutory or additional benefits provided and the prerequisites for such benefits, data necessary for the provision of vacations and special leave, including any additional leave granted.
Information Related to the Use of IT and Communication Tools: mailbox size, recipients, content of the professional email inbox to the extent it relates to work duties, authentication information (usernames, passwords), computer name, username, IP address, activity logs and user logs, or other metadata.
All of the above are hereinafter collectively referred to as “Personal Data.”
KSA may combine Personal Data provided by you with data obtained from other sources, such as public databases, social media, or third parties.
Legal Basis for Data Processing
KSA processes your Personal Data for the performance of the employment contract concluded with you or to take steps necessary for its execution. After the termination of the employment contract, the legal basis for processing is KSA’s legitimate interest—to revoke access to business accounts and systems, ensure business continuity, protect property, detect data misuse or other misconduct, and to prepare or defend legal claims.
It is also in KSA’s legitimate interest to transmit Personal Data to professional advisers or to keep your KSA email inbox temporarily active for up to three months if its immediate closure would harm business operations.
Occupational health, accounting data, and other data required by public authorities are processed to comply with legal obligations under applicable legislation.
Purpose of Personal Data Collection
KSA processes your Personal Data for the following purposes:
KSA processes your Personal Data solely for the purposes outlined in these data protection terms or as required by law. If the data are to be processed for other purposes, you will be informed of such purposes and relevant processing conditions.
Disclosure of Personal Data
KSA may disclose your Personal Data to third parties such as auditors, legal service providers, accountants, cloud service providers, or any other entity providing services to KSA (e.g., IT services), as well as to companies affiliated with KSA. Your data may also be shared with public authorities or supervisory or law enforcement bodies. KSA has taken all reasonable steps to ensure that such third parties maintain the confidentiality and security of your Personal Data.
The third parties to whom KSA transmits your Personal Data may be located either within the European Union or in countries that the European Commission has not recognized as providing an adequate level of data protection.
Data Security
KSA has implemented appropriate organizational, physical, and IT security measures to protect your Personal Data from misuse, unauthorized access, disclosure, alteration, or destruction. Third parties are informed that they may process your Personal Data only to the extent and for the purposes specified in these data protection terms.
Access to your Personal Data is restricted to authorized personnel only, all of whom are bound by confidentiality obligations.
Accuracy and Retention of Personal Data
KSA retains your Personal Data for as long as required or permitted by law, but no longer than necessary for the purposes for which it was collected or processed.
Your KSA email account will be closed immediately upon termination of employment, unless you held a key business continuity role (e.g., managerial or sole responsibility for critical tasks), in which case closure may be delayed for up to three months.
KSA takes reasonable steps to ensure the accuracy and reliability of your Personal Data.
Your Rights in Relation to Personal Data
You have the following rights in connection with the processing of your Personal Data:
Contact Information
If you would like more information about the processing of your Personal Data or wish to exercise any of the rights listed under section 7, please contact KSA at info@ksa.ee.
We recommend contacting KSA first regarding any complaints related to the processing of your Personal Data. However, you also have the right to lodge a complaint with the relevant supervisory authority.
KSA Eye Clinic has appointed a Data Protection Officer, whose duties are performed by MOSS Legal Law Office OÜ (email: rando@moss.legal; phone: +372 663 1222).
