last updated 10.09.2018
Maxilla processes personal information as little as possible but as much as necessary to fulfill its duties and responsibilities. Maxilla is based on the processing of personal data on Estonian and European Union law. Access to personal data is restricted to the staff whose duties require it, and the processing of data is limited to the data necessary for the performance of the duties. Maxilla makes every effort to protect the personal data of persons from being disclosed to the person who has no rights to access the data. Processing of personal data is necessary for the execution of contracts and help us to provide you with better products and services. We would like you to be aware of what personal information we process, what is the reason for the processing of personal data, how we use personal data and what your rights and obligations are.
- You use the services of Maxilla;
- Maxilla provides you with healthcare service;
- You call Maxilla’s contact phone;
- You contact Maxilla via e-mail or other means of communication;
Maxilla does not process data related to persons under 13 years of age deliberately, except in cases where the processing of the data is necessary for the provision of medical treatment.
Purpose of collection and processing of personal data
Maxilla collects and processes personal data and other data for providing medical treatment, other business purposes, providing services, communicating with patients, consumers, employees and partners, answering inquiries and resolving applications, marketing of goods and services, evaluating the quality of services and goods, processing of customer feedback related websites, products and services, detecting and preventing fraud or misuse, market research, product testing, detection and elimination of technical and information security issues. Maxilla may process personal data due to legitimate commercial interests, such as fraud prevention; direct marketing; network and information system security; data analysis; improvement, modification, and improvement of services; identification of trends in use; defining marketing campaigns and advertising effectiveness.
Maxilla’s legitimate interests come from business and management to provide you with the best services and products, as well as the best and most secure user experience of web pages, services, and applications. For instance, Maxilla’s legitimate interest lies in the fact that marketing would be relevant to you. Therefore, we can process your data with the aim of sending marketing material that matches your interests. This may also apply to the processing of personal data performed in your interest. When we process your personal information in accordance with our legitimate interests, we will always consider and take into account any possible effects (both positive and negative) on you and your rights under the Personal Data Protection Act. The legitimate business interests of Maxilla do not automatically exclude your interests – we will not use your personal information for activities in which our interests outweigh the impact on you.
Submission of personal data to Maxilla is not obligatory, but refusal to provide them may mean that Maxilla will not be able to offer you services, answer queries or resolve requests.
Principles of personal data protection
Maxilla implements physical, technical and administrative safeguards such as locks, electrical monitoring systems, firewalls, anti-malware programs, spam filtering systems and the like to protect the privacy of your personal data. We are constantly updating and testing security technology. We only allow access to your personal information to those employees who need this information to do their work. In addition, we train our staff in terms of the importance of confidentiality, personal data privacy, and security.
Maxilla is using Hammas treatment management software (hereinafter also called Hammas) for healthcare provision. The Hammas software can manage patient data, health information, digital pictures, work schedules, billing, send SMS reminders, and more. This will enhance the work of both doctors and the entire clinic and help users to deliver a consistently high level of healthcare.
An illustrative list of the main situations where Maxilla can process your personal information
Maxilla processes your personal information, for example, in the following cases:
- on the provision of healthcare – the collection of health data (including from the eHealth database), entering, modification and addition of your medical record is necessary primarily for the provision of medical care and, in particular, for assessing the state of health and the dynamics of treatment;
- you register for an appointment – by registering for an appointment (on-site, by e-mail, by telephone, via web-booking), we process your data (name, personal identification code, address, contact details, etc.);
- you come to the appointment of a dentist (medical specialist) – we collect data about your state of health in order to diagnose and treat you;
- you register your child or a person under your guardianship to our appointment – We process your personal data and check your involvement with the patient;
- Your child or a person under your guardianship has come to us to the appointment of a dentist (medial specialist) – We process your personal data and check your involvement with the patient; We will provide you with information about the patient’s health information unless otherwise provided by the patient or law enforcement authorities;
- the patient has designated you as their contact person – we process your contact information for the transmission of patient-related information;
- you are requesting the issuance of your own (your child or a person under your guardianship) medical files – issuing of files takes place in AS Maxilla in accordance with legal grounds. On your consent, we use data to issue documents;
- you submit a proposal or an expression of thanks – we will, with your consent, disclose your personal information (name) among our employees;
- you file a complaint or request for information (including by means of communication) – we use your personal data to determine the circumstances surrounding the complaint / request for information and to respond to the complaint / request for information. If you have sent us a query that can only be answered by one of our contractual partners (hire-purchase provider, insurance company, etc.), we will forward the letter to the correct authority and inform you about it;
- you are applying for a job in Maxilla – we use the data shared with us by you and data that can be collected from public sources. By sending us your CV, you give consent to use for contacting you.
Data to be processed
Maxilla may collect and process the following data about you:
- first and last name
- residence data;
- contact information (telephone number, email, postal address, etc.);
- personal identification code;
- health data (including e-health data);
- document data (e.g.. document number, etc.);
- browser and device data;
- information gathered through cookies, pixel tracking and other technology;
- other data necessary for the provision of healthcare services.
The method for the collection of personal data
Maxilla will collect your data:
- directly from you or your representative, if you book your treatment appointment, contact with us through means of communications, on providing healthcare through a healthcare provider;
- from e-health database;
- from indirect sources (such as public databases, marketing partners, social media, including your friends or other related parties and other third parties).
Use of personal data
Maxilla may use your data for your legitimate business interests, including:
- To conclude transactions with you (e.g., conclusion of a health care contract and other agreements);
- To communicate with you (e.g., regarding terms of service, resolution of requests and queries, negotiations, etc.);
- for the provision of health care services (including planning treatment, diagnosis, treatment, etc.);
- for carrying out and develop business (e.g., data analysis, an audit of activities, development of new products and services, improvement and alteration of existing services, identification of trends in use, evaluation of the effectiveness of advertising campaigns);
- for the purpose of monitoring and preventing fraud, money laundering, fraud and other actual and potential prohibited or illegal activities;
- For forwarding to you marketing communications regarding services of Maxilla and other companies, including offers, coupons or benefits that we believe may be of interest to you. Such marketing communications may come directly from us or via Maxilla’s affiliates or third parties;
- for forwarding to credit institutions if you have applied for financing from a credit institution for purchasing services or goods offered by Maxilla;
- to legal, audit-related, regulatory, insurance, security and processing requirements;
- for responding to requests from public and government agencies, including authorities that may be located outside your country of residence;
- for judicial cooperation with law enforcement authorities or for other purposes arising from legislation;
Data protection and processing in Maxilla’s online environment
Maxilla will collect information about you, including, but not limited to, the website www.maxilla.ee (also referred to as the Web Environment), including, for example, 1) services that allow you to create accounts or profiles in the Web Environment, including the data needed to create an account or profile (for example, your name and email address); 2) if you book an appointment in the Web Environment in which case your name, contact information, delivery address and invoicing address, as well as the credit card details required for the processing of the reservation, may be requested; 3) if you participate in campaign organized or sponsored by Maxilla ; 4) if Maxilla asks you to answer queries used for research, analysis or customer group measurement; 5) for marketing; 6) communication with you (incl., responding to queries); 7) to improve services and the Web Environment and improve the user-friendliness; 8) to inform you; 9) for processing of bookings; 10) for conducting surveys; 11) for organizing sales campaigns, etc.
Maxilla collects information from you about using the Web Environment on software and other applications in the device, such as 1) the log information, including the time and duration of the use of the Web Environment by you, the search terms you enter through the Web Environment, and any information stored in the cookies Maxilla has saved on your device; 2) location information, including the GPS signal of your device or the information of the nearby Wi-Fi area and cellular phones that may be communicated to Maxilla during the use of the Web Environment; 3) other data, including the applications you use, the websites you visit, and information on how you interact with the content provided through the online environment.
Maxilla has the right to collect other information about you about the use of your device or your web environment in different ways that Maxilla will explain to you at the time of collection or otherwise, with your consent.
You are entitled to refuse to provide certain types of personal information to Maxilla, but this may affect your choices when using the Web Environment.
If you use the web browser to access the Web Environment, you can set up your browser so that it either allows all cookies, disables all cookies or informs you when the cookie is sent. Each web browser is different, so you need to identify in the “Help” menu on how to change the cookie settings. Your operating system may include additional cookie checks.
You have the right to refuse to accept cookies by activating the respective cookie blocking feature in your browser. Some services may be designed to work only with cookies, and blocking cookies may affect your ability to use these services or certain parts of them.
Maxilla may, with certain third parties, use technology called beacons (base station packets or “pixels”) intended to transfer information from your device to the server. Beacons can be added to web content, videos, and emails, and they allow the server to read certain types of information from your device; to see when you have viewed a specific content or email, set the date and time when you viewed the respective beacon, and the IP address of your device. Maxilla and third parties use beacons for various purposes, including analysis of the use of the web environment and (with cookies) the provision of content and advertising according to your preferences.
Maxilla can use web beacons that are attached to the Web Environment or email, and allow Maxilla to determine if and how much you have visited a subpage of a Web Environment. For example, electronic images (e.g., banners, pictures, etc.) can function as beacons.
Sharing and disclosure of personal data and other data
Personal data may be transmitted by Maxilla or disclosed to third parties:
- to subcontractors and co-operating partners who process personal data for representing Maxilla’s legitimate commercial interests. Maxilla’s co-operation partners and subcontractors may be media, marketing or IT companies that help Maxilla to develop marketing methods that enable Maxilla to offer targeted marketing to clients, as well as providers of healthcare software, labs;
- for suppliers providing Maxilla with information technology services such as web hosting, data analysis, payment processing, order fulfillment, information technology, and related infrastructure provision, customer service, and email management;
- for suppliers who help Maxilla with raffles, competitions, and other campaigns;
- for law enforcement authorities, as personal data may be disclosed if this is necessary to comply with the law or to comply with the legitimate interests of Maxilla, such as detecting, protecting or eliminating fraud, misuse or security problems;
- for other third parties in the case of reorganization, merger, sale, joint venture, assignment, transfer or other changes to Maxilla’s assets or bankruptcy or similar acts.
Maxilla may use third parties to forward you the advertisements of products and services of interest to you. These companies can save or read unique cookies (including pixel tracking) in your browser. They can also use these technologies and data collected on your Internet usage to recognize you on different devices (such as your cell phone and laptop).
Maxilla websites, social media channels, applications, and services may contain links to third party websites. Maxilla is not responsible for the processing of personal data on these websites.
Specific conditions for the processing of personal data may be provided for the use of certain parts of the services. You will be informed of these third-party terms and will be asked to consent to use this part of the service. If you agree to create a user account and sign up with a third party service, Maxilla will not be liable for any third party service or for any matter arising therefrom.
Preservation and storage and processing of personal data
Maxilla will preserve your data for the time necessary for meeting the purpose of collection, therefore, or for a longer period if required by law. If data is no longer required for the original purpose, they will be deleted in accordance with Maxilla’s data processing policies and procedures.
Your rights regarding data processing
If Maxilla processes personal data with your consent, you are entitled to withdraw the consent at any time. If the legal basis for the processing of personal data derives from the legitimate interest of Maxilla, you are entitled, subject to specific circumstances, to object to the processing of personal data. You always have the right to object to the processing of personal data when used for direct marketing purposes. You have the right to access your personal data in the Maxilla’s registries or to receive a notice on the absence of such data in the registers, except in the cases provided for in the legislation. You also have the right to access the sources of personal data contained in the register and their use and the countries of destination where the personal data has been transmitted. In addition, you have the right to correct and / or supplement the personal data processed.
If you wish to exercise your above rights, you can apply to Maxilla’s Data Protection Officer by e-mail at firstname.lastname@example.org. The withdrawal of your consent will not render processing of personal data before the withdrawal unlawful.
Correcting personal data, restricting processing, and deleting personal data
Maxilla is obligated, without undue delay, to correct, delete or supplement the personal data entered in the register if they are incorrect, unnecessary, incomplete or obsolete due to the purpose of the processing. Maxilla must also avoid disseminating such data if this could harm your personal data protection.
You have the right to require Maxilla to restrict the processing of personal data in the following cases:
- if you have challenged the accuracy of the personal data being processed;
- if you find that processing of personal data is unlawful, but you do not request the deletion of personal data, but restrict their use;
- if Max does no longer need your personal data for data processing purposes, but they are necessary for you to prepare, submit or defend legal requirements; or
- if you have filed an objection to the processing of personal data in accordance with the EU General Data Protection Law as long as Maxilla verifies whether the legitimate causes of Maxilla or a third party outweigh your interests, rights and/or freedoms.
If you have requested to limit the processing of personal data for the above reasons, Maxilla will notify you before the termination of the processing of personal data has been discontinued.
If Maxilla refuses your request for correction of inaccurate data, you will be informed thereof in a format that can be reproduced in writing. The notification shall also state the reasons for the refusal. In this case, the matter can be addressed to the Data Protection Officer.
Maxilla informs the data recipients to whom the data is provided and the source of inaccurate personal data about correcting the personal data unless this is impossible or unr