Privacy Policy - Lumen Dental Clinic

Last updated: 24 November 2025

Who we are and how to contact us

Lumen Erakliinik OÜ (registry code: 10210543, address: Harju County, Viimsi Parish, Haabneeme small town, Randvere tee 11, 74001) is the controller responsible for the processing of your personal data within the meaning of this policy. If you have any questions or wish to exercise your rights, please contact us:

Email: info@lumen.ee
Phone: +372 601 1812
Data Protection Officer: Merike Immato — merike.immato@lumen.ee

Simple explanation — why we collect your data

We collect only the data that is necessary to provide you with dental care services, fulfil our legal obligations, or respond to your enquiries. Data will not be used for any other purpose without your consent.

What data we collect

We may process the following data, at least some of it depending on the service:

personal data: name, personal identification code, date of birth, address, contact details;
health data (special category data): diagnoses, treatment plan, procedures, contents of the dental record;
billing and insurance data;
data concerning a parent/legal guardian and contact person;
data submitted when applying for employment.

Legal bases for processing

We process data on the following grounds:

Provision of services (contract): provision of services between you and us (GDPR Art. 6(1)(b)).
Legal obligation: for example, maintaining a dental record (GDPR Art. 6(1)(c)).
Processing of health data for healthcare purposes: this is permitted under GDPR Art. 9(2)(h) and local healthcare legislation.
Legitimate interest: in certain cases, for example resolving disputes or ensuring security, provided that this does not adversely affect your rights.
Consent: for certain additional services, we may ask for your explicit consent; withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

Data retention

Data are retained for as long as necessary to provide the service or until the retention periods prescribed by law expire. Important retention periods include:

dental record: retained for up to 110 years from the patient’s birth (Regulation No. 56 of the Minister of Social Affairs);
private correspondence: generally approximately 10 years;
other information: in accordance with legislation or a justified need for archiving.

Data transfer and with whom we share data

We do not sell your data to third parties. We transfer data only when:

required or permitted by law, for example to law enforcement authorities or the Health Board;
transfer is necessary for the provision of services, for example to the Health Information System, the Estonian Health Insurance Fund, or insurers;
you have given your consent.

When transferring data, we use secure channels: encrypted email, a secure document exchange centre, or registered mail.

Correspondence and access

All correspondence received by us is stored in our secure systems. Correspondence between individuals has restricted access and is disclosed only on the basis of law or with your consent. If someone submits a request to us for access to your correspondence, we will assess the lawfulness of the request and, where necessary, redact certain sensitive parts.

Your rights

You have the right to:

ask whether we process your data and receive information about such processing;
receive a copy of the data concerning you that are being processed;
request correction of inaccurate data;
request deletion of data where there is no legal basis for processing;
restrict processing under certain conditions;
object to the processing of data;
withdraw consent where processing was based on consent.

We may refuse to comply with a request if doing so would adversely affect the rights of another person, obstruct the investigation of a criminal offence, or conflict with healthcare-related obligations.

Automated decision-making

This Clinic does not use automated decision-making or profiling that would affect your rights.

Where we obtain data from

In most cases, we collect data directly from you, but we may also receive data from:

other healthcare providers;
the Health Information System (e-Health);
a parent, legal guardian, or representative;
an insurer in the event of an insurance case;
authorities that have a legal right to share data.

Security measures

We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, or destruction. This includes access restrictions, encryption during data transmission, regularly updated security policies, and employee training.

If you wish to lodge a complaint

If you believe that we have not fulfilled our obligations, please first contact our Data Protection Officer. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate:

Estonian Data Protection Inspectorate, Väike-Ameerika 19, 10129 Tallinn
Email: info@aki.ee

Telephone:	+372 60 11 812
Mobile:	+372 53 416 072
E-mail:	info[at]lumen.ee

Lumen Dental Clinic
Mo	08:00-19:00
Tu	08:00-19:00
We	08:00-19:00
Th	08:00-19:00
Fr	08:00-19:00
Sa	09:00-15:00

Lumen Dental SPA
Mo	9:00-19:00
Tu	9:00-19:00
We	12:00-19:00
Th	09:00-16:00
Fr	09:00-16:00
Sa	CLOSED

Address:	Lumen Dental Clinic Viimsi Äritare, 3rd floor Paadi tee 3, Viimsi, Estonia



Telephone:	+372 60 11 812
Mobile:	+372 53 416 072
Email:	info[at].lumen.ee