Ligipääsetavus
Hädaabinumber 112
Perearsti nõuandeliin 1220
Mürgistusinfo 16662
Hädaabinumber 112
Perearsti nõuandeliin 1220
Mürgistusinfo 16662
Võta ühendust
Facebook Instagram Spotify

General Terms for Processing of Personal Data

Foreword to the General Terms for Processing of Personal Data

As a controller of personal data, we are responsible for your personal data. We process your personal data for the purpose of providing you with health care services. We also process your personal data in agreement with you to achieve our clinical instruction and clinical research purposes. As an employer, we process your personal data for the performance of an employment contract. In addition to the above, we process your personal data for the performance of a contract under the law of obligations entered with you and obligations arising from legislation. If you have any questions regarding the processing of personal data, including requests for information about personal data, please contact us at the e-mail address kiirabi@kiirabi.ee, by phone +372 740 8806 or by post at Riia 18, 51010 Tartu.

General Terms for Processing of Personal Data

1. Application of the General Terms for Personal Data Processing

The Tartu Ambulance Foundation (hereinafter Tartu Ambulance) applies the General Terms for Processing of Personal Data (hereinafter the General Terms) to the processing of personal data in the field of treatment, studies and research, as well as in employment and obligation relationships.


2. Data subject’s right to information

2.1. Information that Tartu Ambulance is obliged to disclose to the data subject:

2.1.1. the purpose of the processing of personal data;

2.1.2. the right of access, rectification, erasure or restriction of your personal data and the procedure for exercising your rights;

2.1.3. the name and contact details of the controller;

2.1.4. contact details of the Data Protection Inspectorate;

2.1.5. the right to lodge a complaint with the Data Protection Inspectorate if the rights of the data subject have been violated in the processing of personal data.

2.2. Information that Tartu Ambulance is obliged to provide to the data subject if the law stipulates an obligation to notify the data subject of the processing of his or her personal data:

2.2.1. the information referred to in point 2.1,

2.2.2. the legal basis for the processing of personal data;

2.2.3. the period for which the personal data are to be retained or the basis for determining the retention period;

2.3. recipients or categories of recipients of personal data to whom Tartu Ambulance transfers the personal data of the data subject.

2.4. Tartu Ambulance may provide the information specified in clause 2.2 to the data subject later, restrict its submission or refrain from submitting it if it violates the rights and freedoms of another person or the relevant basis arises from the law.


3. Data subject’s right to their personal data

3.1. Tartu Ambulance is obliged, at the request of the data subject, to provide the data subject:

3.1.1. their personal data,

3.1.2. information on the origin of the personal data;

3.1.3. the information provided in Section 2.2.

3.2. Tartu Ambulance may provide the information specified in clause 3.1 to the data subject later, restrict its submission or refrain from submitting it if it violates the rights and freedoms of another person or the relevant basis arises from the law.


4. Data subject’s right to rectification and erasure of personal data

4.1. The data subject has the right to demand that Tartu Ambulance rectify their personal data if they do not correspond to the actual circumstances.

4.2. The data subject has the right to demand that Tartu Ambulance supplement their personal data if they are incomplete and it is relevant considering the purpose of processing the personal data.

4.3. The data subject has the right to demand the deletion of the personal data collected from Tartu Ambulance if:

4.3.1. the processing of personal data is not permitted by law;

4.3.2. the processing of personal data did not take into account the principles of processing personal data, or

4.3.3. Tartu Ambulance is obliged to delete the data to fulfil an obligation arising from a law, court judgment, international agreement or other binding agreement.

4.4. Tartu Ambulance restricts the processing of personal data instead of deleting it if:

4.4.1. the data subject contests the accuracy of the personal data and their accuracy or inaccuracy cannot be ascertained, or

4.4.2. personal data must be retained for evidentiary purposes.

4.5. If Tartu Ambulance has applied a restriction on the processing of personal data instead of deleting personal data, Tartu Ambulance must notify the data subject of the removal of such restriction.

4.6. Tartu Ambulance is obliged to notify the data subject in written if Tartu Ambulance refuses to rectify, delete or restrict the processing of personal data and provide the reasons for the refusal. Upon notifying the data subject, Tartu Ambulance will notify the data subject of their right to turn to the Data Protection Inspectorate or the court to contest the decision.


5. Obligation to notify of correction, deletion and restriction of processing of personal data

5.1. In case of correction of personal data, Tartu Ambulance is obliged to notify the processor of the personal data from whom the incorrect personal data has been received of the correction and the content of the correction.

5.2. If personal data has been corrected, deleted or the processing thereof has been restricted, Tartu Ambulance is obliged to notify the recipients to whom the data had previously been transferred.

5.3. Recipients of personal data are obliged to rectify, delete or restrict the processing of personal data processed under their responsibility.


6. Procedure for exercising the rights of the data subject

6.1. Tartu Ambulance is obliged to respond to the data subject’s requests clearly and justifiably.

6.2. Tartu Ambulance will notify the data subject of the actions taken based on the data subject’s request without undue delay within one month of receiving the request.

6.3. Tartu Ambulance may ask the data subject for compensation for reasonable costs provided for by law or legislation issued based on the law accompanying the execution of the application or refuse to take the requested measures if the data subject’s request is unjustified or excessive.

6.4. Tartu Ambulance identifies the person of the data subject and this person right to receive information and personal data concerning the data subject, or the right to demand the correction and deletion of personal data.


7. Data subject’s right to turn to the Data Protection Inspectorate

The data subject has the right to turn to the Data Protection Inspectorate with a complaint if the data subject finds that data subject’s rights are violated in the processing of personal data.


8. Legal bases for processing personal data

8.1. The legal bases for the processing of personal data by Tartu Ambulance are:

8.1.1. the legal basis,

8.1.2. the informed consent of the data subject;

8.1.3. a contract in force with the participation of the data subject;

8.1.4. vital interest in protecting the vital interests of the data subject or another natural person;

8.1.5. legitimate interest in the case of a legitimate interest of the controller or a third party.


9. Purposes of processing personal data

9.1. The purposes of processing personal data by Tartu Ambulance are:

9.1.1. health care service, including analysis of the quality of care;

9.1.2. clinical instruction, including practical training;

9.1.3. clinical research, including conducting a clinical trial of a medicinal product,

9.1.4. performance of the employment contract;

9.1.5. performance of a contract under the law of obligations;

9.1.6. compliance with a legal obligation.


10. Sources of personal data

10.1. The sources of personal data on health care service, including health data, are information provided by the patient, documents describing the patient’s state of health and test results, other health care service providers and state databases.

10.2. The sources of personal data on clinical instruction are those that the patient involved in the studies has allowed to be used as sources of clinical instruction. Above all, these sources are the information provided by the patient himself, but also documents describing the patient’s state of health and the results of examinations.

10.3. The sources of personal data in clinical research are those that the patient involved in the research or the Human Research Ethics Committee has allowed to be used as sources of clinical research. Above all, these sources are documents describing the patient’s state of health and test results, as well as state databases and other health care service providers.

10.4. The sources of personal data in an employment relationship are the employee, the persons involved in the employment relationship and state databases.

10.5. The sources of personal data of a contractual relationship are contract performance operations and state databases, if it is allowed by the law.


11. Types of personal data processed

11.1. The categories of personal data processed by Tartu Ambulance are:

11.1.1. personally identifiable information, in particular name, surname and personal identification code;

11.1.2. contact details, in particular telephone number, e-mail address and residential address;

11.1.3. special categories of personal data, in particular health data, genetic data and biometric data;

11.1.4. personal data related to the performance of the contract, including the personal data of the patient’s next of kin, as well as bank details and data on obligations;

11.1.5. personal data related to the performance of the employment contract, including data certifying education and profession and data of the employee’s minor children.


12. Security of the processing of personal data

12.1. Tartu Ambulance applies appropriate organisational and technical security measures when processing personal data.

12.2. State supervision over the application of security measures is exercised by the Data Protection Inspectorate and the Information System Authority.


13. Transfer of personal data

13.1. Tartu Ambulance transfers personal data on a legal basis.

13.2. Tartu Ambulance transfers personal data to recipients in the Republic of Estonia.


14. Processor

14.1. Tartu Ambulance involves a processor in the processing of personal data if it is necessary to achieve the purpose of processing of personal data.

14.2. Tartu Ambulance enters a contract for the processing of personal data with the processor, which sets out the requirements for the processing of personal data for the processor.

14.3. Tartu Ambulance is in the role of an processor if it is provided for by legislation, has been agreed upon in a contract or arises from the fact of processing personal data.


15. Retention of personal data

Tartu Ambulance retains personal data for the deadlines set out in legislation, the data subject’s informed consent, a contract entered with the participation of the data subject or the legal claim.


16. State supervision

16.1. State supervision over compliance with the requirements for processing personal data is exercised by the Data Protection Inspectorate.

16.2. The contact details of the Data Protection Inspectorate are e-mail address info@aki.ee, phone +372 627 4135, postal address Tatari 39, Tallinn 10134.