Privacy Policy

The privacy policy of Lumen Dental Clinic

Everything related to individuals and their lives can be described as data.

A person’s personal data include, for example, their name, address, contact information, as well as information about their financial situation, etc. Personal data also include various sensitive data (‘sensitive personal data’), such as personal medical data. Thus, personal data are all data which can be used to identify a person, regardless of their form.

Pursuant to the Regulation of the Minister of Social Affairs No. 56 “The conditions and procedure for maintaining records of the provision of health services”, a dental care chart must be drawn up for each patient and preserved for 110 years from the date of birth of the patient. Different types of personal data are entered in the dental care chart, the obligation of which results from various legislative instruments. Data collected from the patient and during the examination are entered in the dental care chart. Also including data related to treatment. Submission of data to the dental clinic is mandatory, as they are the basis for the provision of the service. In the case of non-submission of the data, the dental clinic has the right to not provide the service.

Processing of personal data means any operation involving personal data. Lumen Dental Clinic processes personal data including health records for the provision of specialised medical care, i.e. dental care. In addition, dental care includes other tasks laid down in legislation that are related to the provision of the service.

Your personal data are processed when:

  • you book an appointment – in this case, the personal data including your name, personal identification code, address, phone and e-mail address, and the reason for your appointment are processed;
  • you come to the appointment – in this case, your personal data including the data on health status are processed for the diagnosis and treatment of dental disease or injury to alleviate your symptoms, prevent the condition from worsening or disease from spreading, and for restoring your health;
  • you book and appointment for your child or a person under your guardianship – in this case, the personal data are processed to verify your relation to the patient;
  • your child or person under your guardianship comes to the appointment – in this case, the personal data are processed to verify your relation to the patient; Information about the health status of the patient is transmitted to you as the parent or guardian of the patient. But only if the patient or an investigative authority (e.g. police) has not prohibited the transfer of data;
  • the patient has indicated you as their contact person – in this case, the data are processed to transmit information about the patient to you;
  • you request the issue of your medical records – in this case, your personal data or those of the person who requested the issue of your records with your consent are used when issuing the records requested;
  • you submit a request for explanation, memorandum, request for information or complaint – in this case, your personal data are used to verify the facts in the request for explanation / memorandum / request for information / complaint and to reply to the letter. If you have sent us a letter to which only another institution can reply, we will forward the letter to them and inform you thereof;
  • you submit a proposal or letter of appreciation – with your consent, we will publish your personal data (name) on the clinic’s website and intranet;
  • you are applying for a job – we will rely on the data disclosed by you and data collected from public sources. We assume that we can contact the candidate’s references. Each candidate has the right to know which data have been collected concerning them and has the right to access, explain and object to the data we have collected. The data concerning other candidates will not be disclosed.



All correspondence will be stored in the clinic’s e-mail system. Correspondence with private persons has a general access restriction, as the letters contain personal data. This means that if someone wants to examine a private person’s correspondence or a document, they have to submit a request for information to the dental clinic. Upon receipt of a request for information, we review whether the requested documents may be issued or they may be issued in part. In the event of a partial issue, we will redact your personal data, which the applicant is not entitled to process, in order to prevent issuing excessive data.

Despite the restriction on access, we issue documents related to you to institutions or persons who have the legal right to request these documents (e.g. the police, health insurance fund, Health Board, insurer in the case of an insured event, etc.).

Documents containing sensitive personal data are delivered to the addressees by registered mail or encrypted e-mail. If possible, we forward documents to institutions through a secure document exchange centre.

We generally retain correspondence with private persons for 10 (ten) years, after which the documents are destroyed.

Transmission of documents concerning you

Pursuant to legislation or contracts for the supply of services, we provide your personal data to the following institutions:

Name of institution Data composition and transmission The law
Health Information System or e-health Dental care chart, transmitted after the visit The law
The Estonian Health Insurance Fund Dental care chart, transmitted if a contract for the provision of respective service has been concluded with EHIF Law, contract
Dental insurance Dental care chart, transmitted after insured event Contract
Service provider of dentistry programme Hammas Dental care chart Contract

When transmitting data, modern security measures are implemented for proper and secure data protection


Accessing the data concerning yourself

You have the right to access the data we have collected about you. To do this, please submit a manually or digitally signed request to us.

We refuse to fulfil your access request if it may:

  • damage the rights and freedoms of other persons;
  • hinder the prevention of a criminal offence or apprehension of a criminal offender;
  • complicate the ascertainment of the truth in a criminal proceeding;

You have the right to request the correction of any incorrect personal data. If we no longer have a legal basis for the use of your personal data, you have the right to request the termination of use or deletion of these personal data. We will fulfil your request for correction, termination of use or deletion of personal data if it is justified.

If you have any doubts about the decision of our dental clinic, you have the right to contact another medical specialist for a second opinion which concerns the assessment of:

  • the accuracy of the diagnosis,
  • the need for the prescribed medicine or healthcare service,
  • explained alternatives and expected effects,
  • risks associated with the provision of the healthcare service.


Contact information for protecting your rights

If you have any questions related to the processing of your personal data, you can contact the data protection specialist of our clinic Kalle Immato by phone +372 601 1812 or by e-mail

If you believe that we have violated your rights during the processing of your personal data, you may submit a complaint to the dental clinic’s data protection specialist or the Estonian Data Protection Inspectorate (Väike-Ameerika 19, Tallinn 10129, e-mail address:

Lumen Dental Clinic makes every effort to protect your personal data and to comply with the data protection and privacy legislation.