Skip to content

Personal data processing

Everything related to a person and their existence can be described as data. Personal data includes, for example, a person’s name, address and contact details, as well as information about their financial situation. In addition, personal data includes data that is by nature more sensitive, i.e. sensitive personal data, such as personal health data. Thus, personal data refers to any information that allows for the identification of an individual, regardless of the form or format in which such information is held.

The processing of personal data refers to any operation performed on personal data. Silmalaser OÜ processes personal data, including health data, for the purpose of providing specialist medical care. The eye clinic also participates in conducting research as part of its educational and research activities and fulfils other duties assigned to the clinic by various legislative acts.

We process your personal data if:

  • You visit our clinic – we process your personal data, including data relating to your medical condition for the diagnosis and treatment of illness, injury or post-traumatic conditions, to relieve your symptoms, prevent the deterioration or exacerbation of your condition, and restore your health.
  • Your loved one is being treated at our clinic – we process your personal data to verify your connection to the patient. We will provide you, as the patient’s loved one, with data about the patient’s medical condition, though only if the patient or an investigating authority (e.g. the police) has not prohibited the transfer of the data.
  • The patient has indicated you as their contact person – we process your personal data to provide data about the patient.
  • You wish to have your medical records released – we will use your personal data or, with your consent, the personal data of the person who submitted the request, to issue the requested documents.
  • You send us a request for clarification, a letter of enquiry, a request for information, or a complaint – we will use your personal data to investigate the circumstances described in the complaint and respond to your correspondence. If you have sent us correspondence that can only be answered by another institution, we will forward the correspondence to that institution and inform you of this.
  • You submit a suggestion or a letter of thanks – we will publish your personal data (name) on our clinic website and intranet with your consent.
  • You apply to work for us – we will base our decisions on your own disclosures and on information gathered from public sources. We expect to be able to communicate with the persons named as the candidate’s referees. Each candidate has the right to know what data we have collected about them and has the right to access, explain or object to the data collected. Details of other candidates will not be published
  • You make payments through our booking system – Silmalaser OÜ acts as the data controller; Silmalaser OÜ transfers the personal data necessary for processing payments to the data processor, AS Maksekeskus.

We have the right to transfer your personal data (including your name, personal identification code and contact information) and information regarding any outstanding debts for publication in credit default agencies (e.g. AS Krediidiinfo credit default agency) if your debt to the company is more than 30 days past due, as well as to debt collection agencies for the purpose of debt collection.

Security cameras

Security cameras have been installed at the clinic to prevent situations that could endanger property, to respond to dangerous situations or to identify the person responsible for any damage to property. These cameras are installed on the exterior walls or inside the clinic buildings, and they transmit real-time video, record it, and allow it to be processed and played back later. The cameras may not be used to record sound or monitor specific individuals, but only to monitor a specific area (such as a room or outdoor area) and the activities taking place there. When processing the data collected by the cameras, the hospital uses security measures to protect the collected data from unintentional or unauthorised monitoring, copying, modification, transfer and deletion. Recordings may only be transferred outside the clinic or accessed if there is a legal basis for doing so (e.g. the police).
Camera recordings are retained for 30 calendar days. After the retention period expires, the recordings are deleted either using the data deletion function or by overwriting the data, depending on the camera’s technical capabilities.

Correspondence

All correspondence sent to us is registered in the clinic’s document management system. Correspondence with private individuals is subject to a general access restriction because the correspondence contains personal data. This means that if someone wants to access correspondence or documents from a private individual, they must submit a request for information to the company. When we receive a request for information, we will review whether the requested documents may be issued fully or partially. In the case of partial issuance, we will redact any personal data that the requester is not authorised to process in order to prevent the disclosure of excessive information.

Possible grounds for access restrictions are set out in § 35 of the Public Information Act.

Notwithstanding any access restrictions, we will issue documents related to you to authorities or individuals who have a legal right to request such documents (e.g. the police, the Health Insurance Fund, the Health Board, an insurer in the event of an insurance claim).

We send documents containing sensitive personal data to the addressees by registered post or encrypted e-mail. We forward documents to institutions via a secure document exchange centre wherever possible.

Correspondence with private individuals is generally kept for five years and then destroyed.

Accessing your personal data

You have the right to access the data we have collected about you. To do so, please submit a handwritten or digitally signed application.

We will refuse to comply with your request for access if it may:

  • infringe on the rights and freedoms of another person;
  • hinder the prevention of a crime or the apprehension of a criminal;
  • hinder the establishment of truth in a criminal case;
  • jeopardise the protection of the confidentiality of a child’s parentage.

You have the right to request the correction of inaccurate personal data. If we no longer have a lawful basis for using your personal data, you may request that we stop processing it or delete it. Where justified, we will comply with your request to correct, stop processing or delete your data.

If you have any doubts about a decision made by a doctor at our hospital, you may consult another specialist to obtain a second opinion, the purpose of which is to assess:

  • the accuracy of the diagnosis;
  • the necessity of the prescribed medication or healthcare service;
  • the alternatives explained and the expected impacts;
  • the risks associated with the provision of the healthcare service.

Data retention and archiving

Silmalaser OÜ retains personal data for the following periods: employee data for up to 10 years after termination of the employment contract; transaction data for 15 years after termination of the contract; the retention of patient health data is governed by Regulation No. 56 of the Minister of Social Affairs of 2008 ‘Conditions and Procedures for Documentation and Retention of Documents in the Provision of Healthcare Services’.

Protection of rights and contact details

If you have any questions about the processing of personal data, you can contact our data protection specialist  by e-mail at  margot.moisavald@silmalaser.ee.

If you believe that we have violated your rights in the processing of your personal data, you can submit a complaint with either the clinic’s data protection specialist or the Data Protection Inspectorate (Väike-Ameerika 19, Tallinn 10129, e-mail info@aki.ee).

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.