Data Processing Rules (updated 21.09.2020)
eHealthPoint is an application that provides support to the patient in dealing with health data.
eHealthPoint is maintained and developed by "MediCloud, Ltd.", unified registration number 40203037065, registered address: Baložu iela 12-1/3, Riga, Latvia, LV-1048.
SIA MediCloud customers are controllers regarding the information that the institutions connected to the eHealth Health Point allow you to view in it. SIA MediCloud is a processor who processes personal data on behalf of controllers.
The authorities connected to the eHealthPoint, when obtaining personal data from the application, become the controller of this personal data and are responsible for the processing of this personal data in accordance with the legislation on personal data protection.
In the event of any uncertainty, please contact our Helpdesk on business days from 09:00 to 18:00, by phone +371 67243124 or by e-mail firstname.lastname@example.org.
What kind of personal information do we collect and why?
To ensure the functionality of the Application, we collect, process, and store information about you.
Primarily, it is the following:
- the information you have provided to the eHealthPoint to ensure its functionality;
- the information we obtain from you when you are using the eHealth Point: audits and statistics to understand how you use our services and improve them, and to ensure the safety of the eHealth Point;
- the information that authorities connected to eHealthPoint allow you to view.
Profile information (for registered users only):
Profile information is the information about you that you refer to in the eHealthPoint section and we store it in your database.
Working email address
We use your e-mail address as a unique validated user identifier - the e-mail address is how we distinguish one user from another and make sure that the data we represent to you is really yours. One e-mail address corresponds to one profile.
When you create a new profile or change your password, we will send you the appropriate e-mail with the instructions.
Password hash string
Password is your "key" for data access. By entering the correct password you prove to us that you are you. For our part, we need to make sure that we have done our best to protect your password, so we do not know (and do not want to know) it: when you create your password when registering or changing it, your device (computer or mobile device) will convert it in a special code called hash. Knowing this string makes it almost impossible to know your real password, but every time you enter your password, this string will be the same after the conversion and we will know that your password has been entered correctly. We store this string in our database and use it to allow or deny you access to personal data without knowing your real password. Anyone with your password will be able to pretend to be you at eHealthPoint, so make sure only you know it.
First name, Last name
We need your first name and last name to know how to address you. In cases when you allow us to transfer your data to other institutions and systems, they will use your name to understand who owns the data or to identify you.
If your profile is verified, we will save your verification data in name and surname to minimize the risk of data error.
Personal identifier (personal code)
Your personal code (or other unique personal identifier used in your country) is required to be able to identify you outside the eHealthPoint and to ensure that the data processed by other authorities and systems is yours.
If your profile has been verified, we will store the verification data in your personal code to minimize the possibility of data error.
We use information about the country in order to understand what your personal code should look like and to help you not make a mistake when code is inputed. When you allow us to transfer your data to other authorities and systems, they can use your nationality according to their own processes.
Date of birth
According to the law, the eHealthPoint may only process the data of persons who have reached the relevant age. With your permission, the date of birth can be passed to other institutions and systems to process according to their processes.
With your permission, the contact phone can be transferred with your data to other institutions and systems for use in accordance with their processes. For example, medical registrars may contact you using this number to confirm your appointment.
In languages that distinguish between the names of women and men, we will use your gender to continue communicating with you in a friendly tone, addressing you with informal "You."
We store verification information about your profile in order to be able to distinguish verified profiles from unverified ones and to protect them from unauthorized access.
Profile information (for unregistered users in the mobile Application):
The eHealthPoint mobile application allows you to save your profile information without registering. This data is stored in the device's memory and we do not know this information until the data is sent to the emergency services (ie the Emergency Medical Service) when you press the emergency call button in the "SOS" section. The data that the operational services will receive with your call includes your name, personal identification number and the last location of your device.
The eHealthPoint mobile application processes location data for as long as the eHealthPoint mobile application is running to provide the most accurate data possible, but it is not passed on to anyone (nor do we receive it), but only the last location of your device is sent to the operational service.
Information about your family doctor that you entered in the Application is stored only on your device and is not available for us.
Information about your appointments (selected time of appointment, service, doctor and institution, type and status of records) is stored on our servers and transferred to the appropriate authority, which handles the data according to its processes. Institutions will send you informative e-mails about your appointment and changes via the eHealthPoint, which will provide information about your account. In view of the above, we recommend that you use only an e-mail adress that can only be accessed by you, in order to avoid access to your personal data by persons to whom you do not wish to disclose information about yourself. We also recommend that you use only email providers you trust.
If you register another person for services, you are responsible for obtaining and using this personal data at the eHealth Point
Documents and files:
eHealthPoint stores the following information about the documents available to you on its servers: institution (publisher), author, document type, number, unique identifier, date and status. The documents themselves are not stored on our servers, and every time you open the document, it is requested from the appropriate authority and displayed to you.
Documents in eHealthPoint is available only to verified users.
At the eHealthPoint, you have the opportunity to additionally upload files containing information about your health, with the purpose that medical institutions that have concluded cooperation agreements with SIA MediCloud and SIA Meditec (service provider that provides “Doctor’s Office” services to medical institutions (a solution that helps healthcare professionals automate the workflow) and who are connected to the eHealth Point, could use the documents if it is necessary to provide you with health care services. Thus, you give your explicit consent to the processing of this personal data for the provision of healthcare services. Uploaded documents are stored on our servers. The maximum allowable size of one file is 10mb.
You have the opportunity to find out who has received information about your health in the files you have uploaded.
To obtain this information, send us an application in free form, signed with a secure electronic signature, to e-mail email@example.com.
You, as the user, are responsible for the information contained in these files, that the files do not contain information the processing of which is against the law, and you, as the user, are fully responsible for what you have uploaded to the eHealth Point.
Vaccination data (dae of vaccination, vaccine series, disease, doctor's data and notes) created by you are stored on our servers and are only available in your profile at the eHealthPoint.
If your profile has been verified, data about your vaccinations from other institutions connected to the eHealthPoint will be stored together with the records created by you and can be viewed on your profile.
Your eHealthPoint profile can store information about your loyalty from institutions connected to the eHealthPoint.
Loyalty information (dates, level names, points, or discount percentages) is only displayed in verified user profiles.
Communication with the eHealthPoint help-desk:
When communicating with the eHealthPoint Helpdesk, it processes your personal data to provide you with assistance in using the eHealthPoint. When providing you with assistance in using the eHealthPoint, your e-mails and the information contained therein, your telephone calls and the information provided therein to the helpdesk, as well as, if required by your application solution, data from your profile in the eHealthPoint, may be processed.
To make sure that the profile being contacted by the applicant is yours, the helpdesk specialist can ask questions that will confirm your identity.
We will never ask for your password.
All activities performed by you or someone else at the eHealthPoint are logged (recorded). That is, we keep a description of the activity performed at the eHealthPoint, the time of operation and the person performing the specific activity.
These data are needed to address problematic issues in the helpdesk, as well as, in an anonymised way, to analyze the behavior of eHealthPoint users in order to improve the quality of services provided. Audit logs can also be used to ensure the safety of the eHealth Point.
How do we store your data?
Your personal data is stored in secure databases on our servers, access to which is strictly limited.
Users access to their personal data is controlled by eHealthPoint password and profile verification.
Any other access to users personal data is restricted, logged (fixed) and controlled.
Storage of personal data
SIA MediCloud stores personal data in accordance with the defined purposes of personal data processing and legal bases of personal data processing as long as at least one of the following criteria exists:
- your (data subject's) consent to the relevant processing of personal data is valid;
- there is a legal obligation to store data for a certain period of time in accordance with regulatory enactments;
- it is necessary to realize one's legitimate interests.
In order to access your personal data, which is processed by SIA MediCloud as a controller, you must submit an electronically signed application sent to the e-mail address: firstname.lastname@example.org.
You also have the right to request a restriction on the processing of personal data, to object to the processing of personal data, to request the rectification of personal data in accordance with the provisions of the Regulation.
You can delete all the information and personal data you have entered in the eHealthPoint in your profile at any time, as well as you can delete your profile and the information contained in it in general.
SIA MediCloud communicates with the data subject using the contact information provided by the data subject (contact telephone number, e-mail address). The requested information can be received at the e-mail address provided by the user. In order for us to make sure that you are who you tell you are, you have to answer our questions or, with verified profiles, confirm your identity in person.
In case of claims, the data subject may submit a complaint to the State Data Inspectorate - Riga, Blaumaņa Street 11 / 13-11, LV-1010.
Categories of recipients of personal data Institutions - MediCloud clients
Institutions connected to the eHealthPoint only receive the information you provide to them using the eHealthPoint functionality (eg creating an appointment or providing a location).
Data about you created in institutions without the involvement of the eHealthPoint, but processed in it (eg documents or vaccinations), are processed in accordance with the conditions of the institution. In such cases, the eHealthPoint acts as a processor of personal data.
In certain cases, SIA MediCloud transfers personal data to the processor (for example, SIA Telia Latvija in connection with the use of its data center, SIA Meditec, which ensures the operation of the Telephone System and E-mail system), as well as may provide information to state institutions or officials.
Access to data is controlled using eHealthPoint username and password.
A user who has successfully logged in the system is considered the owner and legitimate user of that profile. Therefore, the use of third-party profiles without proper permission is considered a violation of this policy.
The password of eHealthPoint users is stored in the database in the form of a hash string, which ensures that the password is known only to the user who created it. The responsibility for not disclosing the password lies with the user.
Data security for your devices
Before using the eHealthPoint, the user must make sure that the devices is safe enough. Vulnerabilities and data leaks due to user fault are the responsibility of the user.
After completing work with eHealthPoint and from public equipment, we recommend that you exit your profile and make sure that your browser has not saved your password for reuse.
Data of other persons you use in eHealthPoint
The use of other personal data must ensure the legitimacy of its processing. By entering data in eHealthPoint, you confirm that you have the appropriate permissions to process this person's data.
Cookie processing policy
The eHealthPoint web application requires cookies for normal operation. A cookie is a text file that is usually placed in the browser of a global website user's computer to improve the performance of that website. A cookie stored on a user's device allows the user's actions on the website to be identified. This may be necessary for different purposes.
Controller: SIA MediCloud.
We use so-called "session" cookies to remember the fact of logging in when you work with eHealthPoint, Google Analytics cookies, as well as cookies that "remember" your refusal to use Google Analytics cookies.
Third-party cookies - Google Analytics
eHealthPoint uses Google Analytics to collect traffic statistics on the eHealthPoint site, which is important to us in tracking service usage, popularity and user behavior, as well as audience management.
To provide this functionality, the eHealthPoint uses the Google Analytics gtag.js interface (https://developers.google.com/gtagjs/) with IP address anonymization (https://developers.google.com/analytics/devguides/collection/gtagjs/ ip-anonymization) without user-level tagging (respectively, Google Analytics does not collect eHealthPoint-specific information and can only monitor general traffic statistics).
For Google Analytics must allow the use of appropriate cookies.
The Google Analytics tool is powered by Google Inc. (A U.S. company) that has access to the statistics collected through this tool, including the user's IP address, connection time, and other technical information. In this way, third-party (Google) cookies are placed on the user's device.
Information about the operation of Google cookies can be obtained in the relevant Google privacy or cookie policies (a link to these documents is included in the security code banner) and SIA MediCloud is not responsible for the processing of third party personal data. Read more about how Google Analytics processes data here: https://support.google.com/analytics/answer/6004245
Cookies are used only after you have agreed to this policy ("session" cookies) or to use specific cookies (Google Analytics cookies).
SIA MediCloud has the right to change this policy, and the changes will be published on this website.