Login
+372 631 1900

VIVEO PRIVACY TERMS

Last modified 3 September 2019

1. Application of privacy terms

1. 1. These privacy terms (hereinafter the “Privacy Terms“) apply to all cases where VIVEO Health OÜ (hereinafter “VIVEO“) processes the personal data of natural persons (hereinafter “the Data Subject“) as the controller.

1.2. These Privacy Terms also do not regulate the processing of personal data by VIVEO prior to the Data Subject contacting VIVEO and agreeing to VIVEO’s Terms of Use. In this case, the controller of personal data is the Data Subject’s employer, which is VIVEO’s partner.

1.4. Details of how personal data is processed in the context of insurance are explained on the insurer’s website https://amtrustfinancial.com/about-us/privacy-policy.

1.5. The Privacy Terms are effective as of the above date. VIVEO reserves the right to unilaterally amend or supplement these Privacy Terms. Changes to the Privacy Terms are communicated to Data Subjects via email.

2. Controller and Data Protection Officer

2.1. The controller of personal data is VIVEO Health OÜ, registry code 14351223, address: Harju County, Tallinn, Kesklinna city district, Veerenni 53a, 11313.

2.2. Any questions regarding the Privacy Terms and the processing of personal data can be addressed to Reet Rattur, the Data Protection Officer at VIVEO, by sending an inquiry to info@andmekaitseekspert.ee

3. Purposes of personal data processing

3.1. VIVEO processes the personal data of the Data Subject for the following purposes:

a) planning, provision and/or organisation of the provision of health care (hereinafter: the Service), which includes:

i. identification of the Data Subject;
ii. verification of the accuracy and completeness of personal data;
iii. communication with the Data Subject;
iv. providing access to the VIVEO health portal; and
v. where appropriate, the transfer of personal data to the specialist health care provider or other health service provider conducting health research and analysis and payment for the relevant service;

b) requesting feedback from the Data Subject, responding to it and processing personal data to improve the Service;

c) to fulfil its obligations under the legislation of the Republic of Estonia;

d) to enforce VIVEO’s rights under applicable legislation of the Republic of Estonia and the agreement with the Data Subject.

4. Personal data to be processed

4.1. VIVEO processes the following personal data:

a) Under paragraph 3.1(a):

i. Name and surname, date of birth, personal identification code, gender, e-mail address, telephone number, photograph, insurance coverage details (insurance policy number, insurance coverage status, including financial balance), address of residence, cookies used on VIVEO health portal (to the extent that they may contain personal data; read the terms of use of VIVEO cookies here https://viveohealth.com/en/terms-of-use/);

ii. Health data, that is, any data relating to the health of the Data Subject that provide information about the past, present or future physical or mental health of the Data Subject (here in after the “Health Data“). Health Data to be processed by VIVEO depend on the specific health service provided to the Data Subject;Health Data may include information collected from the Data Subject during the completion of the VIVEO questionnaire, such as the Data Subject’s dietary habits; physical activity; smoking and alcohol consumption data; body weight; length; body mass index; information on symptoms (such as headaches, eye flicker, tinnitus, dizziness, cardiac activity, stress, weakness, sleep disturbances, etc.). Also, information on the conditions for which the Data Subject is currently being treated, details regarding contacts with the emergency department, past and present illnesses, details of the medicinal products to be administered;Health Data are also data on the health of the Data Subject, that the Data Subject submits to VIVEO with the preparation of the complaint (symptoms of the complaint, files attached to the complaint, etc.) and anamnesis;Health Data also include information generated during the provision of the Service, including the results of the VIVEO questionnaire; diagnosis; treatment plan; comments from the health professional; other data resulting from a telephone and/or video call with the Data Subject and a visit to the Data Subject; the status and priority of the complaint;

b) Under paragraph 3.1(b): The text of the feedback provided by the Data Subject, including an evaluation of the quality of service, name, surname, date of birth, personal identification code, e-mail address, telephone number, photograph, insurance coverage details, address of residence, cookies used on VIVEO health portal (to the extent that they may contain personal data);

c) Under paragraph 3.1(c): any of the above personal data (determined by the specific obligation that VIVEO is required to fulfil);

d) Under paragraph 3.1(d): any of the above personal data (determined by the specific right that VIVEO is enforcing).

4.2. The transfer of personal data from the Data Subject to VIVEO is obligatory under the contract between the Data Subject and VIVEO insofar as the data processing is necessary for the performance of the respective contract. The VIVEO questionnaire (and thus the transfer of personal data) is not mandatory.

4.3. As a general rule, VIVEO collects personal data directly from the Data Subject, except:

a) the following personal data from the Data Subject’s employer: name, surname, date of birth, personal identification code, gender, telephone number, e-mail address, insurance coverage, employer name, address of residence (unless provided by the Data Subject to VIVEO) – the controller in this case is the Data Subject’s employer;

b) Health Data from the Health Information System (the controller is the Ministry of Social Affairs of the Republic of Estonia), from the prescription centre (the controller is the Estonian Health Insurance Fund) and from health care providers in the Republic of Estonia if necessary (the controller is the respective health care provider).

5. Legal basis for personal data processing

5.1. VIVEO processes personal data for the provision of the Service under the health care service agreement between VIVEO and the Data Subject (see paragraph 3.1(a) above).

5.2. VIVEO also processes personal data to obtain feedback from the Data Subject and to develop the Service (see 3.1(b)above). In this case, the legitimate interest of VIVEO as controller in the processing of personal data is the legal basis. It is VIVEO’s legitimate interest to ascertain the Data Subjects’ satisfaction with the Service, to improve the Service on that basis, and to process personal data for this purpose.

5.3. VIVEO also processes personal data in order to fulfil its obligations under the legislation of the Republic of Estonia (see paragraph 3.1(c) above). In this case, the fulfilment of VIVEO’s legal obligations as controller in the processing of personal data is the legal basis.

5.4. In addition, VIVEO processes personal data to enforce VIVEO’s rights under applicable legislation of the Republic of Estonia and the agreement with the Data Subject (see paragraph 3.1(d) above). In this case, the legitimate interest of VIVEO as controller in the processing of personal data is the legal basis. It is VIVEO’s legitimate interest to exercise its legal and contractual rights in such manner as VIVEO deems necessary.

6. Transfer of personal data to third parties

6.1. VIVEO does not transfer the personal data of the Data Subject to third parties, except:

a) To a server and data management service provider, to the extent that VIVEO stores and processes personal data outside VIVEO’s offices, e.g. to Amazon Web Services, Inc. (the server is located in the European Union);

b) To the insurer, to the extent necessary for the Data Subject to obtain insurance coverage, e.g. to AmTrust Europe Limited (a company incorporated in England);

c) The Ministry of Social Affairs of the Republic of Estonia, the Estonian Health Insurance Fund and health care providers located in the Republic of Estonia, to the extent necessary for the provision of the Service to the Data Subject.

6.2. All authorized processors referred to in paragraph 6.1 ensure the protection of personal data as provided in the legislation governing the protection of personal data.

6.3. VIVEO also has the right to disclose the personal data of the Data Subject to an authority that, under the legislation in force in the Republic of Estonia, has the right to request the disclosure of personal data processed by VIVEO and if VIVEO is obliged to disclose personal data to that authority.

7. Retention of personal data

7.1. VIVEO does not retain the personal data of the Data Subject for longer than is necessary for the purposes for which the personal data are processed or for the purposes of applicable law.

7.2. The personal data of the Data Subject are retained:

a) As a general rule, for 30 years after the validation of data of the Service provided to the Data Subject, in which VIVEO retains the personal data of the Data Subject in connection with the provision of the Service to the Data Subject (see paragraph 3.1(a)above), except the following cases:

i. the referral and the reply to the referral for five years after data validation;

ii. a tissue sample containing health data taken for the purpose of carrying out a lifetime pathomorphological examination is retained for health care purposes but for a maximum period of 30 years after data validation.

b) Up to 5 years after the feedback of the Data Subject, to the extent that VIVEO processes the personal data of the Data Subject in relation to the processing of the feedback (see paragraph 3.1(b)above);

c) pursuant to the legal obligation to be performed by VIVEO, in which VIVEO retains the personal data of the Data Subject in connection with the fulfilment of its obligations under the legislation in force in the Republic of Estonia (see paragraph 3.1(c)above);

d) according to the limitation period of the claim that VIVEO has the right to submit or that can be submitted against VIVEO, in which VIVEO processes the Data Subject’s personal data to enforce VIVEO’s rights under the applicable legislation of the Republic of Estonia and the agreement with the Data Subject (see paragraph 3.1(d) above).

7.3. The personal data processing log, which may include the Data Subject’s Health Data, is retained for five years.

7.4. Accounting records containing the personal data are kept for seven years from the end of the financial year to which they relate.

8. Rights of the Data Subject in relation to the personal data processing

8.1. The Data Subject has the right to contact VIVEO Data Protection Officer Reet Rattur at any time by sending an inquiry to info@andmekaitseekspert.ee to:

a) request access to personal data relating to the Data Subject;
b) request the correction of personal data;
c) request the deletion of personal data;
d) restrict the processing of personal data;
e) object to the processing of personal data;
f) request the transfer of personal data;
g) request that no decision on the Data Subject be based on automated processing;
h) withdraw consent to personal data processing;
i) file a complaint with the supervisory authority (the Data Protection Inspectorate).