The protection of privacy and the legitimate use of personal data are a top priority for Carecall (” we ” or ” Carecall “). We are committed to ensuring your privacy. This Privacy Policy (“Policy “ ) explains how we collect, use, store and disclose your personal data, within our website (the ” Site “), the mobile application (the ” App “), the platform Software-as-a-Service for specialists and clinics (the ” Platform “) and the provision of any other service connected to them (collectively, the ” Services“;). We suggest that you read this Policy carefully before using the Services or the Site, and / or opening an account on the Platform (” Account “).
Carecall reserves the right to change this Information from time to time, especially if the changes are due to changes in our operating procedures, or to legislative or regulatory changes.
Carecall is Carecall OÜ with registered office in Tallinn, Tartu mnt 67/1-13b, 10115 Tallinn, Estonia, Register number is 16854023. We manage the website www.carecall.ee and other sites connected to it. We are part of the Carecall Group, a group of companies operating in various countries of Europe and Turkey.
For the purposes of the data protection laws of the European Union, in particular the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to processing of personal data, hereinafter ” GDPR “), Carecall, jointly with the following companies of the Carecall Group:
• Carecall OÜ, Tartu mnt 67/1-13b, 10115 Tallinn, Estonia, registration number in the Tallinn Commercial Register 16854023 (” Carecall “)
where our technical leadership team is based, they are the data controllers of your personal data.
If you are a physician or health professional using the Platform and Services in a professional capacity and (a) have entered into a contract to receive our premium / paid Services (the ” Services Agreement “), or (b) work in , for or with a clinic or facility that has entered into a Service Agreement, the following Carecall Group companies may be co-controllers of the processing of your personal data in relation to the provision of specific Services, as indicated in the Service Agreement that may be stipulated with we:
• Turksa Technology OÜ, with registered office in Tallinn (Estonia), registration number in the Tallinn Commercial Register 14473357 (” Turksa “),
You can contact our data protection officer (” Carecall “) by sending an email to info@carecall.ee or by post, by sending your request to the Carecall office.
The nature of the personal data that we collect and use, as well as the purposes of the processing and the related legal bases on which the processing is based, depend on the type of user and the different use of the Platform, Site, App or Services by of the latter. In particular:
If Carecall processes your personal data based on its legitimate interest pursuant to art. 6.1 (f) of the GDPR, Carecall will have carried out a test on the balancing of its interests with your fundamental rights, in order to ensure that the latter are not harmed or endangered by the exercise of our legitimate interest. Remember that you can always contact us to express your opposition to the processing carried out by us (see paragraph “ What are your rights regarding the processing of personal data ”, below).
We may disclose your personal data to other companies of the Carecall Group (see paragraph “ Who are we? ” Above), exclusively for the purpose of providing you with the requested Services.
We may also share your personal data with external suppliers, again for the sole purpose of providing you with the requested Services. Unless you are notified otherwise, and you are asked for your consent to transfer the data to another controller, each of these third parties acts as a data controller on our instruction, and has entered into an appointment agreement. of the controller with us pursuant to art. 28 GDPR. Among them, there are:
Some of the aforementioned third parties are based outside the European Union. In this case, it is our obligation to ensure that the legal requirements are met to proceed with the transfer of data in full safety, and we will in any case remain responsible for compliance with your rights and legal obligations in relation to the personal data transferred.
Finally, we may disclose your data to comply with any legal or regulatory requirements or dictates, to enforce compliance with our policies or conditions of use or the Service Agreement, to contact judicial authorities or other public authorities or to comply with their legitimate requests, or to protect our rights. We may also share your personal information with other business entities, in the event of a merger, acquisition or investment in that business entity, or in the event of a business reorganization.
Except in the cases mentioned above, we will not transfer your personal information to third parties without your consent.
Pursuant to the GDPR, and regardless of the type of use of the Platform and the Services made by you, you have the following rights:
by contacting us preferably in the manner indicated in the “Contacts” section of this Notice;
We will always comply with our legal obligations regarding your rights as an interested party, to enable you to exercise them fully. We will try to reply to you within a reasonable time and, in any case, within one month (or within the time frame that we will notify you immediately in the event of complex or numerous requests). We reserve the right to charge a reasonable fee (which reflects the costs of providing information) or to refuse to respond when requests are manifestly unfounded or excessive: in this case, we will explain the situation to you and notify you of your rights. We also reserve the right to verify the identity of the applicant, to avoid sharing your personal data with unauthorized third parties.
Our goal is to ensure that the information we hold about you is always accurate. To help us keep your information up to date, you will need to take care to notify us of any changes to your personal data. Following a report or request from you, we will ensure that your personal data in our possession is accurate and up-to-date.
We do not resort to processing of personal data that result in decisions based entirely and solely on the automated processing of your personal data. We do not use any profiling system or tool to process your data, nor fully automated decision-making processes based on your personal data.
Our Site and our App may contain links to other sites, apps or platforms, including through “social” buttons. Although we do everything possible to ensure that such links are always directed to sites, apps or platforms that share our high standards for the respect of privacy, we are not in any case responsible for the content, security or privacy policies of other websites, and a link on our Site does not constitute an endorsement of the site in question. Once transferred to another site, app or platform, the user is subject to the terms and conditions of the latter (including the relevant privacy policy and underlying practices). We invite you to consult the conditions of service and the relevant privacy policies or policies applicable to these sites, apps,
Carecall and the Carecall Group adopt security measures of a technical, physical, electronic, operational and administrative nature, adequate to protect your personal data from unauthorized access. We follow industry accepted standards to protect personal information provided to us, both during transmission and after receipt: for example, periodic Platform security testing, segmentation and control of data access within the organization, and use of pseudonymisation, anonymisation or encryption techniques. Unfortunately, the transmission of information via the internet (including e-mail) is not always completely secure. Despite our constant efforts to ensure maximum protection of your personal data, we cannot guarantee the security of your data in the act of transmitting them to our Site, App or Platform, especially if the transmission takes place in an unsecured manner. The user therefore assumes the risk deriving from said transmission. Once we receive your information, we will use strict procedures and adequate security features to prevent any unauthorized access or sharing.
For any questions relating to your personal data, you can contact us:
If you are a patient or user of our Site or App looking for information on healthcare professionals or facilities, this section applies to you.
1. Account creation and registration to use our Services
We collect your personal data directly when you register on our Site or App, for the use of the Services, or when booking a visit or an appointment through the Platform. When registering or booking, we ask you to provide basic data, including your email address and telephone number. You can also register using social platforms such as Facebook or Google, in which case you will be asked to allow those companies to share some of your personal information with us (as indicated on the registration page). You can also add additional information such as your first name, last name, gender or phone number. We save this information in our systems to allow you to use the Services.
Our Services allow you, among other things, to: book online visits, send messages and / or chat with specialists, save your personal information in your My Account, and publish on the Site your opinion about your experience during the online visit. You can also check your visit history, and manage your account.
From your User Account in the App, you can manage automatic and system notifications (for example, pop-up windows).
When you register to use our Services, or book an online visit or an appointment, you accept the Terms of Service by clicking in the relevant box, and therefore enter into a legally binding contract. The need, on our part, to execute the obligations of this contract and to allow you to access the Services, constitutes a valid legal basis for the processing of your personal data, as specified in Article 6.1 (b) of the GDPR.
2. Use of the Services
Reservations: When you book a visit or an appointment with a specialist or clinic, or when you request a diagnostic test, through the Site or the App, we will obtain additional personal data from you, including for example:
We will store this data on the Platform and pass it on to the specialist or clinic. After transmitting your personal data, the specialist or clinic will become independent data controllers, for purposes determined by them (for example, to provide you with their medical services). Such processing will be subject to the specialist’s or clinic’s personal data processing and retention policy.
Furthermore, we may send you (via telephone message or e-mail) a communication confirming the booking, and / or a reminder before the date of the visit; and we will notify you in case of cancellation. After the visit, we may contact you to ask you to write a review of your experience on the Site. Before the visit, the specialist may decide to send you, through the Platform, a questionnaire about your symptoms and the reason for your visit. Answering the questionnaire is optional, but will help the specialist prepare for the visit. It will be the specialist who will send you the questionnaire, and only he who will receive the answers, unless you expressly consent to the storage of your answers within your My account, for future review or use by you.
Medical history in the Account: one of the Services we offer to users is to save their data (history of bookings and appointments; health data provided to specialists; etc) within your Account. This allows you, among other things, to:
Chat with the doctor or private message: through our platform you can also start a chat with a specialist or send him a private message: we will know about it but we will not access it, and the contents of these conversations will remain private between you and the specialist.
You can review the history and content of chats or messages at any time.
The need, on our part, to execute the conditions of service and to allow you to access the Services, constitutes a valid legal basis for the processing of your personal data, as specified in Article 6.1 (b) of the GDPR.
However, some of the personal data that you share with us during the booking process are or could be considered (individually or jointly) data relating to your state of health, and therefore merit specific protection under the GDPR. For more information relating to the legal basis for the processing of this data, you can refer to Section II (B) of this information (“ Do we process data relating to your health? ”).
3. Write a review or public question
When you decide to post a review on the Site relating to your experience with a specialist or medical facility, or post a question addressed to professionals on the Platform, we may collect some of your personal data (for example, if you include identifying data, and / or describe the reason for your visit or details about your medical history). For this reason, we will ask for your consent to the processing of health data. The processing of health-related personal data on the basis of consent complies with Article 9.2 (a) of the GDPR.
Remember that your reviews will be made public. We advise you not to enter any information of a private or sensitive nature, as what you publish will be visible to all users of the Site.
4. Communications
As a user of the Services with your own Account, you will receive communications from us relating to topics that may be of interest to you (i.e., strictly connected to the Services you use): for example, communications relating to new features, new products, Services additional or ancillary, promotions, news and other topics related to the Services or news regarding the Carecall group initiatives that may be of interest to you.
The legal basis for sending such communications (via telephone message or e-mail) is the legitimate interest pursuant to Article 6.1 (f) of the GDPR. Nevertheless, since these are communications of a potentially commercial nature, you will always have the right to object to the receipt, in which case we will stop contacting you, except for (a) service communications sent by your doctor through our Platform relating to visits or appointments. booked by you through the Platform (for example reminders, cancellations, requests from the specialist, invitations to review), which come from your doctor (who uses our Services) and not from us (see Section II (D) of this Disclosure ” We also act as data” data processors “on behalf of specialists and clinics“); and / or (b) other service communications, of a non-commercial nature, relating to your Account or the Services (for example: changes to contractual conditions, malfunction notifications, messages of a legal or regulatory nature).
Other data and purposes of the processing
As part of the use of the Site, App or Platform, we may obtain other types of data, including, for example: information relating to your device (computer or mobile phone), IP address, time zone and language, or the browser you use. We will also collect information regarding the timing, methods and duration of use of the Services by you (first and last use, duration of the session in the Account). If you use the App, we may also obtain your location data via GPS (you will always have the option to disable this feature directly on your mobile device).
We will process these data sets of a technical nature (the ” Metadata “) for:
We process this information on the basis of our legitimate interests, which constitute a legal basis for the processing of personal data pursuant to Article 6.1 (f) of the GDPR. Remember that you will have the right to object to the processing of this data at any time.
In some of the following cases:
we may obtain access to personal data relating to your state of health, which are deserving of specific protection under the GDPR.
We will therefore need your prior consent to process this data, which we will ask you from time to time. Your consent is, in this case, necessary to be able to use the aforementioned Services; in fact, we could not provide them to you without being able to process these data. The processing of your health data on the basis of your consent complies with Article 9.2 (a) of the GDPR. You can withdraw your consent at any time, in which case we will not be able to continue to provide you with the Services for which the sharing of such data is necessary.
If you book a visit or appointment on behalf of another person (for example, for a minor family member), you authorize us to collect that person’s personal data. We will process your personal data for the same purposes for which we process yours, applying the same policies and security measures.
We provide various services to doctors and clinics. Our Services allow our clients’ doctors and clinics, among others, to upload and save patient personal data, patient visit information and information regarding their health status. They also allow them to send communications and text messages or emails to patients via our Platform and to manage their work commitments.
When we process your data on the instruction of the doctor or clinic of our client to whom you have contacted (and not because you have used our Services directly or created an Account with us), and your patient data is transmitted to us by the latter, we simply act as data controllers (pursuant to Article 28 of the GDPR), in the name and on behalf of our customers, and always and only on the basis of their instructions and indications; never for our own independent purposes.
This also applies to specialists and clinics who send you messages of heads, emails, advertising campaigns or similar communications through our platform: it is they, and not us, who decide whether to send them to you or not. We take no responsibility for these communications, nor for the processing of your personal data by specialists or clinics or for the existence of an adequate legal basis for it.
If you do not wish to receive such messages, or want to exercise your rights regarding your personal data processed by your specialist or clinic, we suggest that you contact the doctor or clinic that sent you the message asking them not to be contacted.
Regarding the personal data you provide pursuant to sections II (A), (B), and (C) above, which we process as “data controllers” (pursuant to the GDPR) on the basis of our report direct with you, we will keep them in our systems only for as long as necessary for the purposes set out above or as necessary to comply with legal obligations to which we are subject.
The period in which we keep your data will vary depending on the type of information and the purposes for which we use it. Generally, we will keep our records for up to 6 years after the end of your relationship with us, to comply with our legal obligations. For more information, see the following table:
| Typology | Retention period |
| Booking a visit or appointment, creating an Account and using the Services | We will keep the personal data you provide in our systems in order to create an Account and / or book a visit or appointment with a specialist or clinic as long as your Account is active (in order to provide you with our Services), and for a period of additional 6 years (only in order to comply with our legal obligations). |
| Medical history in the Account | We will keep in our systems the health data relating to your medical history, which you have saved in your Account, for as long as your Account is active. |
| Chat with your doctor | We will keep the chat content in our system for a period of 2 years from the date of the conversation. |
| Reviews | The reviews published by you on the Platform will not be deleted, except at your express request. |
| Metadata | The Metadata relating to your Account will be stored by us as long as your Account is active (in order to be able to provide you with our Services), and for a period of further 6 years (only in order to comply with our legal obligations). |
| Complaints | We will process your personal data provided in connection with filing a complaint for 6 years from the closing date of the complaint, only to protect us in the event of any legal action. |
In addition to the cases illustrated in Section I of this Notice, when you book a visit or an appointment with a professional or a medical facility using the Platform, or when you communicate your data to them through the Platform (such as, for example, as part of a chat, a private conversation or the completion of a pre-visit questionnaire), with your consent we will transmit your personal data to them in order to be able to provide you with the Services requested by you. Your consent is, in this case, necessary to be able to complete the booking and intermediation services between you and the professional or the structure; in fact, without this data, we cannot provide you with these Services.
Once your data has been received from us, the professional or the structure will become independent controllers of the processing of your personal data, for their own purposes and distinct from those identified in this Notice (for example, for treatment purposes, or in order to comply their contractual obligations towards you if you decide to use their services).
If you are a doctor or a health professional who uses the Platform and the Services in a professional capacity, and you have registered on the Platform by creating your Account (a “Registered Professional”), possibly also having entered into a Services Agreement, the following apply forecasts.
1. Account creation, registration on the Platform and use of the Services
You provide us with your data when you register on the Platform (creating your Account) and start using our Services, and / or when you enter into the Service Agreement. Alternatively, we may have obtained your personal data from the clinic or facility you work for or at, in the event that the latter entered into a Service Agreement (in which case, your data was disclosed to us under the sole responsibility of said structure; you will therefore have to contact the latter to oppose the processing or withdraw consent to the sharing of your personal data with us).
At the time of registration on the Platform, or the signing of the Service Agreement by you or the structure for which you work, we will collect data relating to your professional activities and other useful information for the creation of your Account and your profile on the Platform, which will be visible to users. The information provided may include or relate to, inter alia:
If you have signed a Service Agreement and / or have enabled the booking calendar and / or the telemedicine function or other paid features on the Platform, we will ask you to provide us with additional information necessary for the provision of our Services, for example: receipt; payment methods accepted by you; information relating to the organization of visits.
As part of the Services, and with the aim of giving your profile more visibility on the Platform, we may include your professional information, your name and surname, your specialization and your address in some search engines (including Google or Google My Business) and online maps (including Google Maps). You can always object to this type of use, simply by communicating your opposition to us. You will have the ability to manage your profile on this platform directly and independently, and decide which personal data will be published to you.
When (a) you register on the Platform to use our Services, and then accept the Terms of Service by clicking in the relevant box, or (b) a Services Agreement is signed by you or the facility for or in which you work, a legally binding contract. The need, on our part, to execute the obligations of this contract and to allow (you or the healthcare facility) to access the Services, constitutes a valid legal basis for the processing of your personal data, as specified in Article 6.1 (b) of the GDPR.
If you (or the facility for or in which you work) have entered into a Services Agreement, further information relating to the processing of your personal data, and the personal data of third parties that you may provide to us in the context of the use of the Services, can be found in the Service Agreement.
2. Communications
As a Registered Professional customer of ours, you will receive from us communications relating to topics that may be of interest to you (i.e., strictly connected to the Services you use): for example, communications relating to new features, new products, additional or ancillary Services, promotions, news and other topics relating to the Services or news regarding the Carecall group initiatives that may be of interest to you.
The legal basis for sending such communications (via telephone message or e-mail) is the legitimate interest pursuant to Article 6.1 (f) of the GDPR. Nevertheless, since these are communications of a potentially commercial nature, you will always have the right to object to the receipt, in which case we will stop contacting you, except for communications of a non-commercial nature relating to your Account, the Services or the Services Agreement (for example : changes to contractual conditions, notifications of malfunctions, messages of a legal or regulatory nature).
3. Other data and purposes of the processing
As part of your use of the Services, we may obtain other types of data, including, for example: information about your device (computer or mobile phone), IP address, time zone and language, or the browser you use. We will also collect information regarding the timing, methods and duration of use of the Services by you (first and last use, duration of the session in the Account).
We will process these data sets of a technical nature (the ” Metadata “) for:
We process this information on the basis of our legitimate interests, which constitute a legal basis for the processing of personal data pursuant to Article 6.1 (f) of the GDPR. Remember that you will have the right to object to the processing of this data at any time.
Regarding the personal data you provide when registering on the Platform or as part of the provision of the Services, which we process as “data controllers” (pursuant to the GDPR) on the basis of our relationship with you, we will keep in our systems only for as long as necessary for the purposes set out above or as necessary to comply with legal obligations to which we are subject.
The period in which we keep your data will vary depending on the type of information and the purposes for which we use it. Generally, we will keep our records for up to 6 years after the end of your relationship with us, to comply with our legal obligations. For more information, see the following table:
| Purpose of the treatment | Retention period |
| Account creation or signing of the Services Agreement | We will process your data as long as you have an active Account or Service Agreement. If you delete your user account or terminate the service contract, we will keep your personal data for a period of 6 years. |
| Metadata | The Metadata relating to your Account will be stored by us as long as your Account is active (in order to be able to provide you with our Services), and for a period of further 6 years (only in order to comply with our legal obligations). |
| Complaints | We will process your personal data provided in connection with filing a complaint for 6 years from the closing date of the complaint, only to protect us in the event of any legal action. |
If you are a doctor or a health professional whose personal data of a professional nature appear on the Platform, but you are never registered on the Platform (and therefore do not have an Account or are subject to a Service Agreement: an “Unregistered Professional”) , the following provisions apply.
Carecall obtained your personal data from public information sources, for example:
or by Carecall users (patients) who have posted a review of their experience on the Site.
In this case, the purposes of the processing of your personal data are as follows:
If you have contacted us to receive information about us or our Services, we may also use your personal data to send you communications relating to topics that may be of interest to you (i.e., strictly connected to the Services we provide): for example, communications relating to new features, new products, additional or ancillary Services, promotions, news and other topics relating to the Services or news regarding the Carecall group initiatives that may be of interest to you.
The legal basis for the processing of your personal data is, in this case, the legitimate interest of My Doctor (pursuant to article 6.1 (f) of the GDPR).
The personal data we process are the following, if you act as a freelancer in your name:
This page describes what information we collect through cookies, how we use it and why we sometimes need to store and store these cookies. We also explain on this page how to prevent the storage of these cookies, although this may reduce or “break” some elements and features of the website.
Cookies are small files that are downloaded to your computer or any other device used to browse our website. Almost all professional websites use cookies. Usually, a cookie includes the following information: the name of the website from which it comes; how long the cookie will remain on your computer or device; and a value (usually a randomly generated unique number). Some cookies may include additional data, in particular relating to the time zone or the language used for browsing websites.
Some cookies are always active when you visit us and you cannot disable them unless you change your browser settings. We call these cookies necessary . We use them to make sure our digital services work properly and enable core website functionality, such as user login and account management. They are also useful for analyzing how our platform is used by users.
We also use functional cookies to make your experience more user-friendly , in particular to store your information on our websites and to personalize the content of our services.
We also use performance cookies to observe how our services are used and to obtain usage statistics.
We also use third party cookies . These cookies may track how you use different websites, including ours. For example, you may receive cookies from a social media company when you log into our website using a social media plug-in. You can disable these cookies.
Marketing cookies used for targeted advertising: you can disable these cookies.
We use cookies for a variety of reasons described below. To make the best use of our website, we recommend that you set your device to accept all cookies. However, by using your device settings, you may disable or limit some types of cookies.
We use third party cookies to pursue our legitimate interests and to improve our websites for our users.
Depending on the type of cookie, some of them are stored for a short period of time, while others are stored for longer periods. You will find more detailed information below.
Session cookies: these cookies only last for a given session you have with us and are automatically deleted when you close your browser.
Persistent cookies: these cookies last even if the browser has been closed or the device has been turned off and are active for a period of time defined in the cookie. We use persistent cookies when we need to know who you are for longer than necessary for a single browsing session. For example, we use them to remember your preferences for the next time you visit our site.
You can prevent the setting of cookies by changing your browser settings: you can find instructions on how to do this in the table below. Please note that disabling cookies will affect the functionality of this and many other websites you visit. Disabling cookies will usually also result in disabling some functionalities and features of our services. Therefore it is recommended not to disable cookies.
| Browser | Link to Settings | How can you manage cookies |
| Google Chrome | https://support.google.com/chrome/answer/95647?hl=en-EN&p=cpn_cookies | Click on the three dots located in the upper right corner and open the “settings”. In the site settings click on “security and privacy” to manage cookies. |
| Safari | https://support.apple.com/en-us/105082 | Go to the “preferences” settings page and click on “security”. In the “security” section you can manage your cookies. |
| Microsoft Edge | https://support.microsoft.com/en-us/search?query=enable%20cookies%20in%20edge | Click on the three dots located in the upper right corner and open the “settings”. In the site settings click on “privacy, search and services” to manage cookies. |
| Mozilla Firefox | https://support.mozilla.org/it/kb/Siti%20web%20e%20avviso%20di%20blocco%20dei%20cookie | Click on the three bars located in the upper right corner and open the “options”. In the site options click on “security and privacy” to manage cookies. |
We hope that all the information provided will be useful to you. If you want to get more information you can contact us at the following address.
E-mail: info@carecall.ee
