In effect as of 11.02.2018
Minudoc OÜ (henceforth also “we” and „Siffi“) highly values the privacy of each client (henceforth “you”). In this privacy notice, we will explain to you what kind of data we collect about you, why we do it and what we do with your data.
Minudoc OÜ is a company that manages and administrates Siffi platform and mediates clients registered via Siffi to registered Siffi health service providers and vice versa. Minudoc OÜ does not itself provide health services under any circumstances.
Minudoc OÜ applies the necessary technical, physical and organisational security measures to Siffi platform to protect the client’s personal data from loss or unlawful processing.
We collect the following data about you:
personal data: first and last name, personal identification code;
contact information: e-mail address, phone number, contact address;
transaction data: information about the time, duration and cost of your transactions on the Siffi platform;
special categories of data (information on health): descriptions of health issues directed to the health service provider through the Siffi platform, and the feedback given to these from the service provider, audio recordings made during the provision of health services on the Siffi platform.
In general, we get the information directly from you, when you create your account in Siffi and use the health services that it mediates.
Also, your information is entered into the Siffi platform by the persons providing the health service for you, with the objective of that information being forwarded to you.
We need and we use your data through Siffi platform to mediate health services to you. For example, for creating a user account, for managing it, and for connecting it through the Siffi platform to the services offered, including for creating references between you and the service provider.
personal data – we need this data to verify your identity.
contact information – we need this to get in touch with you, send you notifications about your service (for example, about a booked time with a health service provider).
transaction data – we use this information for billing with the health service provider, and for providing you information about transactions you have carried out in Siffi.
special categories of data (information on health) – this is data we use only when forwarding it to the person providing the health service for you, and vice-versa, when forwarding their feedback back to you.
If you do not submit information to us and if you do not provide the consent outlined in section 4 of this notice, it will not be possible for us to provide health services for you through the Siffi platform.
When processing your data, we rely on various following legal bases:
the need to enter into a contractual relation with you or execute a contract we have signed with you;
your consent – this is our basis when processing special categories of data (health information).
Without your consent, we cannot provide health services for you through the Siffi platform. At any moment, you have the right to revoke your consent. To give and withdraw consent, please see the My consents subsection of your account;
our need to fulfil legal obligations – for example, the obligation to store accounting documents for 7 years, which stems from the Accounting Act;
the need to exercise our legitimate interests, for example, company management and carrying out general business activities, detection of violations of law and fraud;
the need to protect your vital interests or those of any other person (for example, when disclosing your information in case of an accident to an emergency medical service worker);
other legal bases.
We do not share the data you have entrusted with us, except in a limited number of cases described below, and in case if it is necessary to fulfil the objectives described in this privacy notice:
Our subsidiaries and related companies: we can share your personal data with our subsidiaries and related companies, which are all located in the European Union.
Service providers: like many other companies, we may outsource data processing services to trusted third party providers, such as IT and consultation services;
Public authorities and government institutions: we may share data with the authorities if we are legally obligated to share said data or if the sharing of data is necessary to protect our rights;
Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other providers of consultation services;
Third persons in relation to the company’s transactions: From time to time, we may share your data with third persons during a corporate transaction, for example, the sale of the company or part of the company to another company. This may also occur during company restructuring, the establishment of a joint enterprise, a merger, or any other type of reorganisation of the company’s assets or shares.
If we share your data with the persons listed above, we will guarantee the protection of your data through a data processing contract that we will enter into with this person.
We do not store or send your personal data outside the EEA or to countries that are have not taken a decision on the adequate level of data protection in relation to Article 25 section 6 of Directive 95/46/EC or its extension regulation (EU) 2016/679 Article 45 section 1
In general, we store your data until it is needed to fulfil the various objectives of data processing.
We store your special categories of data (information on health) for 7 days starting from their entry into the platform by you or by your chosen service provider.
For determining the storage period of other data, we use the following criteria:
How long do we need to store data to offer you our services?
If you have created an account with us, we store your data for the entire time that your account is active or until the data are needed for providing services for you.
If we have a legal, contractual or any other type of obligation of the kind to store your data, we will do so until that obligation applies to us. Examples of such obligations are laws that set requirements for data storage, the regulations and decisions of the government, according to which data necessary for proceedings have to be maintained, or data that are needed for settling court disputes.
As a data subject, you have the following rights:
Right of access to the data – you have the right to know what kinds of data about you are being stored. You can access your data through the account you created on the Siffi platform through the subsection My data.
Right to rectification – you have the right to demand the correction of your personal data if they are incorrect. If needed, you can change the data you have submitted to us (except your identification code) yourself in the Siffi platform through the subsection My data.
Right to erasure (‘right to be forgotten’) – in certain cases, you have the right to demand us to erase your personal data (for example, if we do not need the data anymore, if you withdraw the consent you have given us for processing your personal data, etc.).
Right to restriction of processing – in certain cases, you have the right to prohibit or limit the processing of your personal data for a certain period (for example, if you have submitted an objection in relation to data processing).
The right to object – depending on a concrete situation, you have the right to submit objections to the processing of your personal data if the processing of your data is based on our legitimate rights or on public interest. Data processing for the purpose of direct marketing can be objected at any time.
Right to data portability – you have the right to demand that information you have given us be given to you in a machine-readable format. You can also demand for your data to be transferred to another data controller, but only if it is technically feasible. The right to data portability only applies to data that we process based on your consent or to fulfil the obligations of a contract we have entered into with you.
Automatic individual decision-making (including profiling) – if we have notified you that we are carrying out automated individual decision-making (including profiling), which will entail legal consequences for you or will impact you in a significant way, you have the right to demand that decisions are not made based on automated processing alone.
If you have any questions about information in this privacy notice or if you want to submit a claim for the execution of your rights as a data subject, please contact us via e-mail at firstname.lastname@example.org.
We will do our utmost to address your claims and wishes in a timely manner and free of charge, except in cases, where it would entail a disproportionate cost. If you are not satisfied with our reply, you have the right to take your claim to the Data Protection Inspectorate