KSA kliendiõhtu 30. oktoobril Tartus – küsi otse laserkirurgilt, eripakkumised.
KSA kliendiõhtu 30. oktoobril Tartus – küsi otse laserkirurgilt, eripakkumised.
Data Controller
In this data protection policy, the data controller KSA Medica OÜ (registry code 14391553, address J. Vilmsi tn 5, Tallinn 10126) (hereinafter “KSA”) provides you with an overview of the personal data collected from you, the purposes and legal bases of processing, the principles for determining retention periods, the recipients of data when data is transferred, your rights, and the contact details of the data controller, including the data protection specialist.
Your Data
To contact you, book an appointment for you, and provide you with healthcare services, KSA collects and processes the following personal data about you: first name, last name, personal identification code, e-mail address, phone number, age, the location where the examination will be conducted, as well as the health data necessary for booking your appointment and providing the service, including your glasses prescription strength.
By agreeing to the use of cookies on the KSA website, technical data about your device is collected for the purposes of website development, improving user-friendliness, marketing, and statistics — such as the IP address of the computer or network you used and the time of your visit. The IP address is not linked to identifiable personal information. You can always opt out of cookies by changing your device’s browser settings and deleting cookies.
By agreeing to receive marketing notifications, these messages may be grouped based on your previous activity at KSA. When you interact with the notifications, technical information is collected — for example, whether you opened an offer, which devices you used, and what their technical characteristics are. With your consent, the grouping of marketing messages may also be automated. You have the right to unsubscribe from such notifications at any time.
KSA processes only the personal data that you have voluntarily provided to us. Please note that if you choose not to provide the personal data necessary for booking an appointment, we will not be able to contact you, make a booking for you, or provide you with the service.
Purpose and Legal Basis of Data Processing
KSA provides ophthalmology day surgery and outpatient ophthalmology services at KSA Silmakeskus based on activity licence No. L04236 issued by the Health Board on 28.03.2018 with decision No. 6.4-4/67. More specifically, KSA focuses on the Flow3 non-incisional laser procedure for the treatment of myopia and astigmatism.
Your personal data security is of great importance to KSA. The healthcare provider and any persons involved in the provision of healthcare services must keep confidential any patient-related personal and health information obtained during the provision of services or performance of work duties. They must also ensure that the information contained in service documentation is not disclosed to third parties unless required by law or agreed with the patient, as provided in § 768 (1) of the Law of Obligations Act.
KSA, as the data controller, is responsible for the security of your personal data and keeps it confidential, processing and disclosing it only in cases and according to the procedure established by law.
A healthcare provider who is legally obligated to maintain confidentiality has the right to process personal data, including special categories of personal data (health data), without the data subject’s consent, when necessary for planning and providing healthcare services, in accordance with § 41 (1) of the Health Services Organisation Act.
To fulfil the requirements arising from the contract concluded with you and from legal acts, KSA has the right to process other data specified in the contract. For example, legal acts require that patient data included on invoices be stored, as well as documentation related to those invoices.
Based on the separate consents you have provided, KSA has the right to use website cookies and your e-mail address for the purpose of sending KSA newsletters that match your profile. You have the right to withdraw the consents you have given to KSA at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.
Data Transfer
KSA may transfer your personal data to third parties, such as an auditor, a legal service provider, an accountant, or any other person who provides services necessary for KSA’s activities (e.g., IT services). Such persons are also responsible for ensuring the security of your data when handling and transferring it on behalf of KSA. KSA may also transfer your personal data to state authorities on the basis of their official requests, but only under the conditions and procedures established by law.
KSA has implemented the necessary organisational, physical, and information-technology security measures to ensure that your personal data is protected against any misuse, unauthorised access, disclosure, alteration, or destruction. For example, KSA monitors the operations and technical as well as legal compliance of its contractual partners to ensure the protection of personal data. Access to your personal data is granted only to authorised persons. These persons are also required to comply with confidentiality obligations.
Data Retention
KSA does not retain your personal data longer than reasonably necessary to achieve the purposes for which the data was collected or processed, in accordance with the applicable legal data retention periods. We are required to store your health data for up to 30 years under the conditions set out in the Health Services Organisation Act. We retain your inquiries regarding data processing for up to three years. Other data collected for marketing purposes is retained for as short a period as possible, but no longer than five years.
Your Rights Regarding Data Processing
Right to access personal data – Based on this right, you may access all personal data that KSA has collected about you, as well as information regarding the processing of your personal data.
Right to rectification of personal data – Based on this right, you may request the correction of inaccurate or incomplete personal data by KSA. For example, you may request correction if your e-mail address has changed and you wish to replace the old address with the new one.
Right to deletion of personal data – This right may be exercised primarily in relation to the personal data that KSA processes on the basis of your consent.
Right to restrict processing – You may exercise this right, for example, if you believe that the processing of your personal data is unlawful, or if the purpose of processing no longer applies, or if you wish to stop the use of your data for sending commercial notifications, including profiling.
Right to withdraw consent given to KSA for the processing of personal data – Based on this right, you may withdraw at any time the consent you have previously given to KSA for data processing.
Right to withdraw consent given to KSA for the processing of personal data – Based on this right, you may withdraw at any time the consent you have previously given to KSA for data processing.
Contacts
If you have any questions regarding the processing of your personal data or wish to exercise any of the above-mentioned rights, please submit a digitally signed application to KSA by e-mail at info@ksa.ee or contact KSA’s data protection specialist at info@moss.legal. KSA has the right to refuse to fulfil the request, in which case KSA will inform you of the circumstances and reasons forming the basis of the refusal.
