Privacy & Terms

  1. The purpose of the Privacy Terms and Conditions and the Processor of Personal Data
    1. These privacy terms and conditions (hereinafter the Privacy Terms and Conditions) describe how VIVEO Health OÜ, registry code 14351223, address Veerenni tn 38, 10138 Tallinn, Estonia (hereinafter VIVEO) processes the personal data of natural persons (hereinafter the Data Subject) when using the VIVEO Health Solution healthcare portal  at www.viveohealth.com (hereinafter the Health Portal) and when using the VIVEO Health mobile application (hereinafter the Platform, hereinafter referred to together as the Health Platform) and for other purposes specified in the Privacy Policy.
    2. The Data Controller for personal data is VIVEO Health OÜ, registry [email protected].
    3. VIVEO also processes personal data as the Data Processor for third-party healthcare providers and private doctors (hereinafter the Partner Clinic) to be able to provide healthcare services to Data Subjects through the VIVEO Health Portal and Platform (hereinafter together the Health Platform). In this case, the Data Controller is the Partner Clinic and VIVEO is the Data Processor. The Privacy Terms and Conditions of the healthcare provider are available for review at the location of the healthcare provider or on its website.
    4. These Privacy Terms and Conditions do not regulate a situation in which VIVEO processes personal data before the Data Subject contacts VIVEO and agrees to the Terms of Use of VIVEO. In such a case, the Data Processor is the Partner Clinic or the cooperation partner of VIVEO, who would like the Data Subject to begin using the Health Platform (for example, the employer of the Data Subject, etc.).
    5. VIVEO has the right to unilaterally amend and supplement the Privacy Policy. Data Subjects shall be notified of any amendments to the Privacy Policy via viveohealth.com.
  2. Protection of personal data
    1. VIVEO ensures the security and protection of personal data by processing personal data in accordance with the principles of the Regulation European Union 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
    2. VIVEO ensures the security and protection of personal data by processing personal data in accordance with the principles of the legislation of the Rupublic of Estonia.
    3. VIVEO also ensures the security of personal data in accordance with the HIPAA regulation (if it is valid at the place of service) and the applicable strong security requirements for information systems.
    4. In all matters related to the Privacy Terms and Conditions and to the processing of personal data, you can contact the data protection specialist of VIVEO, by sending an inquiry by e-mail to [email protected].
  3. Purposes for the processing of personal data
    1. VIVEO processes the personal data of the Data Subject for the following reasons:
      1. In order to provide health care services and enable the use of the Health Platform so that Data Subjects could use the health care services (hereinafter the Service) provided by VIVEO and Partner Clinics via the Health Portal, which includes, inter alia:
        1. Identification of the Data Subject;
        2. Checking the accuracy, consistency, and completeness of personal data;
        3. The provision of healthcare services to the Data Subject via the VIVEO Health Platform;
        4. Communication with the Data Subject, including for video consultations and telemedicine, for the provision of healthcare and for other purposes provided for in the Privacy Policy;
        5. The disclosure of personal data to a Partner Clinic or other health care provider conducting health research and analysis, and payment for the corresponding service;
        6. If necessary, the disclosure of personal data to the insurer for the purpose of insurance or insurance mediation.
      2. To ask for feedback from the Data Subject, responding to it and to improve and analyse the Service;
      3. To fulfil the obligations and exercise the rights arising from legislation and to ensure the economic activities of VIVEO;
      4. To fulfil the obligations of VIVEO and exercise the rights provided for by legislation and the agreement concluded with the Data Subject.
      5. VIVEO only send direct marketing offers based on the Data Subjects’s consent, which can be withdrawn. Consent may be granted upon entry into the contract.
  4. Personal data to be processed
    1. VIVEO processes the following personal data:
      1. In the case specified in clause 3.1(a):
        1. First and last name, date of birth, personal identification code, gender, e-mail address, telephone number, photo, insurance cover details (insurance policy number in the case of insurance cover, insurance cover status, incl. financial balance), place of residence, cookies used on the VIVEO health platform (insofar as they may contain personal data; read more about the terms governing the use of the cookies of VIVEO here [hyperlink]);
        2. Health data, i.e., data on the state of health of the Data Subject, which provides information on the past, present, or future physical or mental health of the Data Subject (hereinafter Health Data). The health data processed by VIVEO depends on the specific health care provided to the Data Subject;
        3. Health data may include information collected from the Data Subject in completing the VIVEO questionnaire, such as the eating habits; level of physical activity; data on smoking and alcohol consumption; body weight; height; body mass index; data on symptoms (for example, headaches, flickering in front of the eyes, tinnitus, dizziness, heart function, stress, weakness, sleep disorders, etc.) of the Data Subject. In addition, information on the diseases against which the Data Subject is currently receiving treatment, data on treatment sought in the department of emergency medical care, past and current illnesses, data on medicines being administered;
        4. Health data also includes data on the health of the Data Subject, which the Data Subject submits to VIVEO in connection with the preparation of a complaint (symptoms of the complaint, files attached to the complaint, etc.) and the medical history;
        5. Health data also includes information generated during the provision of the Service, including the results of the VIVEO questionnaire; diagnosis; treatment plan; comments by a healthcare professional; other data arising from telephone and/or video calls made with the Data Subject and from the visit of the Data Subject; the status and priority of the complaint;
      2. In the case specified in clause 3.1(b): the text of the feedback provided by the Data Subject and the assessment of the quality of service contained therein, first and last name, date of birth, personal identification code, e-mail address, telephone number, photo, insurance coverage data, address of residence, cookies used on the VIVEO Health Platform (insofar as they may contain personal data);
      3. In the case specified in clause 3.1(c): any of the above personal data (determined in accordance with the specific obligation to be fulfilled by VIVEO);
      4. In the case specified in clause 3.1(d): any of the above personal data (determined in accordance with the specific law applied by VIVEO).
    2. The disclosure of personal data by the Data Subject to VIVEO is mandatory under the agreement concluded between the Data Subject and VIVEO, insofar as the processing of the data is necessary for the performance of the respective agreement. Completion of the VIVEO questionnaire (and thus, the disclosure of personal data) is not mandatory.
    3. As a general rule, VIVEO collects personal data directly from the Data Subject, except for:
      1. The following personal data from the employer of the Data Subject: first and last name, date of birth, personal identification code, gender, telephone number, e-mail address, insurance coverage data, the name, address of residence (if this is not provided to VIVEO by the Data Subject personally) of the employer – in this case, the Data Controller is the employer of the Data Subject;
      2. From the Partner Clinic, the data specified in clauses 4.1 a)–d) and 4.3 a) of the Privacy Terms and Conditions – in this case, the Data Controller is the Partner Clinic;
    4. Health data from the National Health Information System if the corresponding information system exists and a contract has been concluded for its use (the Data Controller is the national health authority).
  5. Legal basis for the processing of personal data
    1. VIVEO processes personal data to provide the Service, relying on the agreement for the use of the health platform concluded between VIVEO and the Data Subject and the general terms and conditions for the provision of healthcare services (see clause 3.1(a) above).
    2. VIVEO processes personal data as the Data Processor in accordance with the agreement concluded between the Partner Clinic and VIVEO, where VIVEO allows the Partner Clinic to use the VIVEO health platform to provide healthcare services to the Data Subject. In this case, the healthcare service agreement has been concluded between the Partner Clinic and the Data Subject in accordance with the general terms and conditions of the Healthcare Service.
    3. VIVEO also processes personal data to receive feedback from the Data Subject and to develop the Service (see clause 3.1(b) above). In this case, the legal basis for the processing of personal data is the legitimate interest of VIVEO as the Data Controller. It is the legitimate interest of VIVEO to determine the satisfaction of Data Subjects with the Service, to improve the Service on the basis thereof, and to process personal data for this purpose.
    4. VIVEO also processes personal data to fulfil its obligations arising from legislation (see clause 3.1(c) above). In this case, the legal basis for the processing of personal data is the fulfilment of the legal obligations of VIVEO as the Data Controller.
    5. In addition, VIVEO processes personal data to exercise the rights of VIVEO arising from legislation and the agreement entered into with the Data Subject (see clause 3.1(d) above). In this case, the legal basis for the processing of personal data is the legitimate interest of VIVEO as the Data Controller. It is the legitimate interest of VIVEO to exercise its legal and contractual rights in the manner deemed necessary by VIVEO.
  6. Disclosure of personal data to third parties
    1. VIVEO does not disclose the personal data of the Data Subject to third parties, except in the case of:
      1. the server and data management service provider where VIVEO stores and processes personal information outside of the offices of VIVEO, such as Amazon Web Services, Inc. (the server is located in the European Union);
      2. VIVEO Health OÜ, for the development of the Health Platform and the fulfilment of obligations arising from the legislation of the Republic of Estonia, statistical, financial, and other reporting and analysis, the planning of marketing and business projects only to the extent that is necessary for the purpose;
      3. Service providers needed for the operation of VIVEO (for example, accounting, IT development and administration, marketing, information systems, sales, legal and data protection service providers) if this is necessary for the operation and development of the Service, fulfilment of a legal obligation, and the protection of own rights to the extent that is the minimum necessary).
      4. The National Health Information System if a corresponding agreement has been entered into.
    2. All authorised Data Processors referred to in clause 6.1 shall ensure the protection of such personal data as provided for in the legislation governing the protection of personal data.
    3. VIVEO also has the right to disclose the personal data of the Data Subject to an authority which has the right, pursuant to applicable legislation, to require VIVEO to disclose the personal data processed by it, and if VIVEO has the obligation to disclose personal data.
  7. Retention of personal data
    1. VIVEO will not store the personal data of the Data Subject for longer than is necessary if this is based on the purposes for which personal data is being processed or existing legislation.
    2. The Data Subject of the personal data is stored in accordance with the principles of the GDPR:
      1. As a general rule, 30 (thirty) years after the confirmation of the details of the Service provided to the Data Subject, in which VIVEO retains the personal data of the Data Subject in connection with the provision of the Service to the Data Subject (see clause 3.1(a) above), except in the following cases:
        1. the consignment note and the reply to the consignment note for a period of five years after the confirmation of the data;
        2. a tissue sample containing health data taken for the performance of intravital pathomorphological testing shall be stored based on the need to provide health care services, for a maximum of 30 years after the confirmation of the data.
      2. For a maximum of five (5) years after the feedback of the Data Subject, insofar as VIVEO processes the personal data of the Data Subject in connection with the processing of the feedback (see clause 3.1(b) above);
      3. pursuant to the obligation arising from legislation and which VIVEO must fulfil, in which VIVEO stores the personal data of the Data Subject in order to fulfil the obligations arising from the legislation in force in the Republic of Estonia (see clause 3.1(c) above);
      4. pursuant to the limitation period for a claim that VIVEO has the right to file or which may be filed against VIVEO, in which VIVEO processes the personal data of the Data Subject to exercise the rights of VIVEO under the law and the agreement concluded with the Data Subject (see clause 3.1(d) above).
    3. Personal data processing log data, which may contain the Health Data of the Data Subject, shall be stored for five (5) years.
    4. The basic accounting documents containing personal data shall be stored for seven (7) years from the end of the financial year to which they relate.
  8. Rights of the Data Subject in the processing of personal data
    1. The Data Subject has the right to contact a VIVEO data protection specialist at any time by sending a request via e-mail to [email protected] to:
      1. request access to personal data relating to the Data Subject;
      2. request the correction of personal data;
      3. request the deletion of personal data;
      4. restrict the processing of personal data;
      5. submit objections to the processing of personal data;
      6. request the transfer of personal data;
      7. request that no decision based on automated processing be taken in regard to the Data Subject;
      8. withdraw the consent granted for the processing of personal data;
      9. file a complaint with the Data Protection Inspectorate.
  9. Applicable legislation and the settlement of disputes
    1. The law of the Republic of Estonia shall apply to the Terms of Use, the legal relations, and disputes arising therefrom.
    2. Disputes arising between VIVEO and the Client on the basis of the Terms of Use will be resolved in good faith through negotiations. If it is impossible to resolve the dispute in this way, disputes are settled in an Estonian Court (Harju County court) on the basis of Estonian jurisdiction.