Privacy policy
1. General Principles
1.1 The protection of personal data is very important to MedReport OÜ, and we take it with
the utmost seriousness. This Privacy Policy describes what personal data we collect, how
and why we process it, and what your rights are in relation to your personal data.
1.2 In processing personal data, we comply with applicable legislation, including:
– the General Data Protection Regulation (EU) 2016/679 (GDPR),
– the Estonian Personal Data Protection Act,
– the Health Services Organisation Act, and
– other relevant regulations governing the processing of health data.
1.3 MedReport OÜ processes personal data only on lawful grounds, for specific purposes,
and to the minimum extent necessary.
1.4 These terms apply to the processing of personal data carried out in the course of
providing services by MedReport OÜ.
2. Data Controller
Company name: MedReport OÜ
Registry code: 16381793
Address: Sepapaja 12/1, Tallinn 11415
E-mail: info@medreport.ee
Data Protection Officer contact: info@medreport.ee
3. Personal Data Processed
We process the following data:
– General data: name, personal identification code, date of birth, contact details.
– Health data: results of examinations and tests, treatment information, hereditary factors,
and health behaviour.
– Billing data: bank account number, invoices, payment history.
– Contract and service data: contracts, orders, complaints.
– Communication data: e-mails, recorded phone calls (with notification).- Website usage data: IP address, device type, visits, etc.
4. Purposes and Legal Basis for Data Processing
MedReport OÜ processes personal data for the following purposes:
– To conclude and perform contracts (including the provision of healthcare services).
– To comply with legal obligations (e.g. reporting data to the Estonian Health Insurance
Fund).
– On the basis of legitimate interests (e.g. improving service quality, compiling statistics).
– To process contact details (e.g. e-mail, phone) in order to inform clients of their health
examination results, including potential health risks.
– On the basis of consent, e.g. for direct marketing, if the client has given such consent.
5. Cookies and Website Usage Information
Our website uses cookies and Google Analytics:
– Collected data may include browser type, IP address, language preference, device type,
session data.
– You may disable cookies at any time in your browser settings.
– Statistics are collected in an anonymised form.
6. Data Retention
We retain personal data only as long as necessary:
– For contract performance and compliance with retention obligations (e.g. 5 years or more,
as required by law).
– For statistical purposes (e.g. sales records up to 5 years).
– For security and dispute resolution purposes.
7. Data Disclosure
Personal data may be disclosed to:
– Authorised processors (e.g. laboratories, doctors, IT service providers) solely for the
purpose of providing the service.
– Public authorities, where required by law.- Third parties (e.g. auditor, legal counsel) only on a lawful basis.
– Health data will only be disclosed on lawful grounds and, where appropriate, in
anonymised form.
8. Your Rights
You have the right to:
– access your data,
– request correction or deletion,
– restrict processing or object to it,
– withdraw consent,
– request data portability.
All rights may be exercised by writing to info@medreport.ee. If your rights have been
violated, you have the right to contact the Estonian Data Protection Inspectorate.
9. Security
– We apply appropriate technical and organisational measures to protect personal data.
– Access is granted only to employees and partners who need it for work purposes.
– Contracts with authorised processors ensure compliance with data protection
requirements.
10. Complaints and Breach Procedure
– If you suspect a breach, please contact us at info@medreport.ee.
– You have the right to lodge a complaint with the Estonian Data Protection Inspectorate.
– In the event of a data breach, we will notify, if necessary, within 72 hours.