Revised on 03.05.2023
Minudoc OÜ (henceforth also “we” and „Siffi“) highly values the privacy of each client (henceforth “you”). In this privacy notice, we will explain to you what kind of data we collect about you, why we do it and what we do with your data.
Minudoc OÜ (hereafter „Siffi“) is a company that manages and administrates Siffi platform and mediates clients registered via Siffi platform to registered Siffi mental health service providers and vice versa.
Siffi applies the necessary technical, physical and organisational security measures to Siffi platform to protect the client’s personal data from loss or unlawful processing.
We collect the following data about you:
personal data: first and last name;
contact information: e-mail address, phone number;
transaction data: information about the time, duration and cost of your transactions on the Siffi platform, language preferences;
special categories of data (information on health): descriptions of health issues directed to the health service provider through the Siffi platform, and the feedback given to these problems from the service provider;
optional data: such as profile photos that can be uploaded by our customers, and/or pictures or videos shared with health service providers via chat for better clinical decisions;
mental wellbeing profile information based on our proprietary questionnaires across 5 dimensions of your mental wellbeing. These questionnaires have clinical surveys incorporated, but also use feedback on other aspects of your life;
support and quality related information: feedback on the quality of service you used on Siffi platform, mobile device logs like phone OS, make and model, user given permissions, our app versioon;
In general, we get the information directly from you, when you create your account in Siffi and use the health services that it mediates.
Also, your information is entered into the Siffi platform by the persons providing the health service for you, with the objective of that information being forwarded to you.
We need and we use your data through Siffi platform to mediate health and wellbeing services to you. For example, for creating a user account, for managing it, and for connecting it through the Siffi platform to the services offered, including for creating references between you and the service provider.
personal data – we need this data to verify your identity;
contact information – we need this to get in touch with you, send you notifications about your service (for example, about a booked time with a health service provider);
transaction data – we use this information for billing with the health service provider, and for providing you information about transactions you have carried out in Siffi;
special categories of data (information on health) – this is data we use only when forwarding it to the person providing the health service for you, and vice-versa, when forwarding their feedback back to you;
optional data such as photos and videos – this is needed for better clinical decisions by service provider. But you can choose not to supply these and can still use our services;
support and quality related information – this is needed for troubleshooting any technical or service usage issues. Some of the feedback can not be shared with us, i.e. service ratings. Most of this is collected automatically on your login;
If you do not submit information to us and if you do not provide the consent outlined in section 4 of this notice, it will not be possible for us to provide health services for you through the Siffi platform as our service providers need that data.
When processing your data, we rely on various following legal bases:
the need to enter into a contractual relation with you or execute a contract we have signed with you;
your consent – this is our basis when processing special categories of data (health information).
Without your consent, we cannot provide health services for you through the Siffi platform. At any moment, you have the right to revoke your consent. To give and withdraw consent, please see the My consents subsection of your account;
our need to fulfil legal obligations – for example, the obligation to store accounting documents for 7 years, which stems from the Accounting Act;
the need to exercise our legitimate interests, for example, company management and carrying out general business activities, detection of violations of law and fraud;
the need to protect your vital interests or those of any other person (for example, when disclosing your information in case of an accident to an emergency medical service worker);
other legal bases.
We do not share the data you have entrusted with us, except in a limited number of cases described below, and in case if it is necessary to fulfil the objectives described in this privacy notice:
Service providers: like many other companies, we may outsource data processing services to trusted third party providers, such as IT and consultation services;
Public authorities and government institutions: we may share data with the authorities if we are legally obligated to share said data or if the sharing of data is necessary to protect our rights;
Professional consultants and others: we may share your data with professional consultants such as auditors, lawyers, accountants and other providers of consultation services in very limited cases, such as for instance legal due diligence process;
Third persons in relation to the company’s transactions: From time to time, we may share your data with third persons during a corporate transaction, for example, the sale of the company or part of the company to another company. This may also occur during company restructuring, the establishment of a joint enterprise, a merger, or any other type of reorganisation of the company’s assets or shares.
If we share your data with the persons listed above, we will guarantee the protection of your data through a data processing contract that we will enter into with this person.
We do not store or send your personal data outside the EEA or to countries that are have not taken a decision on the adequate level of data protection in relation to Article 25 section 6 of Directive 95/46/EC or its extension regulation (EU) 2016/679 Article 45 section 1
In general, we store your data until it is needed to fulfil the various objectives of data processing.
We store your special categories of data (information on health) for 7 days starting from their entry into the platform by you or by your chosen service provider.
For determining the storage period of other data, we use the following criteria:
How long do we need to store data to offer you our services?
If you have created an account with us, we store your data for the entire time that your account is active or until the data are needed for providing services for you.
If we have a legal, contractual or any other type of obligation of the kind to store your data, we will do so until that obligation applies to us. Examples of such obligations are laws that set requirements for data storage, the regulations and decisions of the government, according to which data necessary for proceedings have to be maintained, or data that are needed for settling court disputes.
You can delete your account anytime. For that you will need to navigate to Profile view via web or mobile app and hit “Delete my account”. That will erase your account on Siffi and will anonymise your personal data, which can not be deleted.
As a data subject, you have the following rights:
Right of access to the data – you have the right to know what kinds of data about you are being stored. You can access your data through the account you created on the Siffi platform through the subsection My profile.
Right to rectification – you have the right to demand the correction of your personal data if they are incorrect. If needed, you can change the data you have submitted to us (except your identification code) yourself in the Siffi platform through the subsection My data.
Right to erasure (‘right to be forgotten’) – you have the right to demand us to erase your personal data (for example, if we do not need the data anymore, if you withdraw the consent you have given us for processing your personal data, etc.).
Right to restriction of processing – in certain cases, you have the right to prohibit or limit the processing of your personal data for a certain period (for example, if you have submitted an objection in relation to data processing).
The right to object – depending on a concrete situation, you have the right to submit objections to the processing of your personal data if the processing of your data is based on our legitimate rights or on public interest. Data processing for the purpose of direct marketing can be objected at any time.
Right to data portability – you have the right to demand that information you have given us be given to you in a machine-readable format. You can also demand for your data to be transferred to another data controller, but only if it is technically feasible. The right to data portability only applies to data that we process based on your consent or to fulfil the obligations of a contract we have entered into with you.
Automatic individual decision-making (including profiling) – if we have notified you that we are carrying out automated individual decision-making (including profiling), which will entail legal consequences for you or will impact you in a significant way, you have the right to demand that decisions are not made based on automated processing alone.
If you have any questions about information in this privacy notice or if you want to submit a claim for the execution of your rights as a data subject, please contact us via e-mail at email@example.com.
We will do our utmost to address your claims and wishes in a timely manner and free of charge, except in cases, where it would entail a disproportionate cost. If you are not satisfied with our reply, you have the right to take your claim to the Data Protection Inspectorate