Book appointment
Populaarsed otsingud
Botulinum injections Morpheus8 Exosomes

Privacy Policy

1. What is the Purpose of the Privacy Policy?

The purpose of this Privacy Policy is to provide Medemis patients with information about what personal data is processed, how it is processed, for what purposes, and what rights individuals have regarding the processing of their personal data.

Medemis OÜ, as the data controller, has the registration code 11222809, and its address is Ahtri 4, 10151 Tallinn. The contact phone number is +372 699 8333, and the email address is info@medemis.ee.

The Medemis Data Protection Officer is Niina Knjajeva, who can be contacted via email at niina.knjajeva@medemis.ee.

This Privacy Policy complies with the notification obligations stipulated in Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation or GDPR), which governs the protection of natural persons regarding personal data processing and the free movement of such data.

2. For What Purposes and How Does Medemis Process Personal Data?

Medemis provides healthcare and aesthetic services. The company processes patient contact and health data to deliver healthcare services. The legal basis for this processing is GDPR Articles 6(1)(b) and 9(2)(a), Section 41(1) of the Health Services Organization Act, and the patient’s consent.

The first name, last name, and personal identification number are required to verify the patient’s identity. Medemis uses phone numbers and email addresses to contact patients regarding service delivery (e.g., sending booking confirmations, reminders, notifications about changes, and other essential information).

Medemis collects and stores patient health data and procedure-related information necessary for service delivery. These data are stored in the Medemis client database for up to 10 years.

When patients pay for services, Medemis processes their billing information to facilitate payment. In compliance with the Accounting Act, invoices are retained for seven years. If outstanding invoices remain unpaid and no agreement is reached, Medemis may engage a debt collection service and share invoice information with the service provider.

Medemis sends marketing communications to clients via email with their consent. Clients confirm their consent to receive newsletters by signing up through the website form. Providing a date of birth for registration in the Medemis client database is considered consent to receive birthday discount offers.

3. How Does Medemis Protect Patient Personal Data?

Medemis keeps patient data confidential. To prevent unauthorized access or disclosure, Medemis employs technical and organizational measures. All employees and partners of Medemis are bound by confidentiality obligations included in their contracts.

4. What Rights Do Individuals Have Regarding Their Personal Data?

Under GDPR, individuals have the following rights:

  • The right to access and obtain a copy of their personal data
  • The right to request the transfer of their data to another data controller
  • The right to request the deletion, correction, or supplementation of their personal data
  • The right to request restrictions on the processing of their data

To exercise these rights, individuals are asked to contact their regular Medemis representative or email their request to niina.knjajeva@medemis.ee.

If an individual is concerned about a potential GDPR or other data protection law violation at Medemis, they are encouraged to contact niina.knjajeva@medemis.ee.

If dissatisfied with how Medemis handles their complaint, the individual has the right to file a complaint with the Data Protection Inspectorate.

Data Protection Inspectorate Contact Information

  • Phone: +372 627 4135
  • Email: info@aki.ee
  • Postal Address: Väike-Ameerika 19, Tallinn 10129

Join our newsletter

Gift card

Personalized services provide long-lasting joy.
Check gift cards