Legal
Privacy Policy
1. Who we are
The controller responsible for the processing of personal data under this Privacy Policy is:
Elan Clinic OÜ
Registry code: 17338832
Address: Sepapaja 12/1, Tallinn 11415, Estonia
Email: info@elanclinic.ee
2. What personal data we collect
Depending on how you interact with us, we may process the following categories of personal data:
2.1 Booking and communication data
- Name
- Email address
- Phone number
- Communication content (messages you send to us)
- Appointment details (requested time, service type, notes relevant to scheduling)
2.2 Health and intake data (special category data)
If you complete an intake form or provide medical information in connection with consultations and services, we may process health information (special category personal data).
This may include information you provide about your symptoms, medical history, medications, lab results, lifestyle factors, and other information relevant to providing medical services.
2.3 Website usage data
When you use our website, we may collect information about your device and browsing activity, such as IP address, approximate location (derived), browser type, pages visited, and interaction events.
This information may be collected via cookies and similar technologies, including through Google Tag Manager and Google Analytics 4.
3. Purposes of processing
We process personal data for the following purposes:
- Scheduling consultations and managing bookings (including confirming appointments and communicating practical details).
- Providing medical services and ensuring continuity and quality of care.
- Fulfilling legal obligations applicable to healthcare providers, including requirements related to medical documentation and accounting.
- Operating, securing, and improving our website and understanding how visitors use it (analytics).
- Processing orders for digital products (where applicable) and managing customer support.
4. Legal bases (GDPR)
We process personal data based on one or more of the following legal bases:
- Consent (GDPR Article 6(1)(a)) — for example, where you choose to submit information via forms, and where consent is requested for certain cookies/technologies.
- Performance of a contract (GDPR Article 6(1)(b)) — to handle your booking request and provide the services you request.
- Legitimate interests (GDPR Article 6(1)(f)) — to operate our business, secure our services, prevent abuse, and improve our website and communications.
- Legal obligation (GDPR Article 6(1)(c)) — for example, statutory requirements related to healthcare documentation and accounting.
For health data (special category data), we process such data only when a valid condition under GDPR Article 9 applies — typically your explicit consent (Article 9(2)(a)) and/or where processing is necessary for the provision of health care (Article 9(2)(h)).
5. Data retention periods
We keep personal data only for as long as necessary for the purposes described above, unless a longer retention period is required or permitted by law.
- Booking and communication data: retained as long as necessary to manage the booking and related communications, and thereafter for a reasonable period to handle follow-up, disputes, or legal claims.
- Medical records and health information: retained in accordance with applicable Estonian and EU legal requirements for healthcare documentation.
- Accounting and transaction data: retained as required by applicable accounting and tax rules.
- Analytics data (cookies): retained according to the settings of our analytics tools and only as long as needed to generate aggregated statistics.
6. Third-party processors and data transfers
We may use trusted service providers (processors) to help us operate our website and deliver services. When we do, we ensure appropriate contractual safeguards are in place.
6.1 Google Analytics / Google Tag Manager
We use Google Tag Manager (GTM) and Google Analytics 4 (GA4) to understand how visitors use our website and to improve performance and content.
6.2 Gumroad (digital products)
If we offer digital products, payments and order fulfillment may be handled by Gumroad. Please review Gumroad's privacy documentation for details.
6.3 International transfers
Some of our service providers may process data outside the European Economic Area (EEA). Where required, we use appropriate safeguards (such as adequacy decisions and Standard Contractual Clauses).
7. Cookies & analytics
7.1 Types of cookies
- Necessary cookies: required for the website to function and to provide basic security features.
- Analytics cookies: used to measure website usage and improve the site (e.g., GA4 via GTM).
7.2 How to control cookies
You can control and delete cookies through your browser settings. Disabling certain cookies may impact website functionality.
8. Your rights under GDPR
Subject to GDPR conditions and limitations, you have the following rights:
- Right of access — obtain confirmation whether we process your data and access to your personal data.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your data in certain circumstances.
- Right to restriction of processing — request limitation of processing in certain circumstances.
- Right to data portability — receive certain data in a structured, commonly used format.
- Right to object — object to processing based on legitimate interests.
- Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise your rights, contact us at info@elanclinic.ee.
9. Security
We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, alteration, or disclosure.
For data protection requests and questions, contact: info@elanclinic.ee.
You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate:
https://www.aki.ee
This Privacy Policy may be updated from time to time. The latest version will be published on this page.