Cookie Usage and Privacy Policy

This privacy notice explains how Minudoc OÜ (hereinafter "Minudoc", "we" or "us") collects, uses, discloses and protects your personal data when you use our platform either through our website or mobile application (hereinafter "Platform").
Your privacy and the protection of your personal data are of utmost importance to us. We confirm that we process your data lawfully, transparently and securely.
By creating a user account on the Platform, you confirm that you have read and understood this privacy notice.

Reviewed on 20.10.2025

1. Our Roles in Data Processing

   When processing your personal data, it is important to understand that Minudoc acts in two distinct roles:

   • Controller: Minudoc is the controller of your personal data when it concerns information necessary for creating, managing, and providing Platform services under the Terms of Use. This includes, for example, your name, contact details, and login information.

   • Processor: When you use the Platform to book and receive healthcare or wellness services (hereinafter "Service") from one of our partners (hereinafter "Health Service Provider" or "HSP"), the controller of the personal data (including health data) related to the provision of that Service is the respective Health Service Provider. In this case, Minudoc acts as the data processor and processes your data in accordance with the contract and instructions of the Health Service Provider.

2. What Personal Data Do We Collect, Why, and on What Legal Basis?

   We collect information about you in several ways when you use our Platform. Below are the main categories of data we collect, the purposes for processing, and the legal bases under the General Data Protection Regulation (GDPR).

   
   

   2.1. Data You Provide Directly

   • Creating an Account: When you create a user account on the Platform, you must securely authenticate yourself (using ID-card, Mobile-ID, or Smart-ID). During this process, we receive and store data necessary to identify you, such as your name, personal identification code, and contact details (e.g. email address).
     Legal Basis: Processing is necessary for the performance of a contract (the Terms of Use).

   • Payments for Services: When you order and pay for a Service through the Platform, we collect the information necessary to process the payment. We do not store your full credit card number but retain only the data required to identify the payment and for accounting purposes.
     Legal Basis: Processing is necessary for the performance of the contract, to facilitate the payment between you and the Health Service Provider.

   • Feedback and Ratings: You can rate and provide feedback on the Services received through the Platform.
     Legal Basis: Processing is based on your consent, which you provide by submitting feedback or content to the Platform.

   • Communication with Customer Support: When you contact us, we store the content of your inquiry and your contact information to respond and resolve the issue.
     Legal Basis: Processing is necessary for the performance of the contract (user support) and is also based on our legitimate interest in ensuring quality customer service.

   
   

   2.2. Automatically Collected Data

   • Data from Browsers, Devices, and Servers: When you visit our Platform, our servers automatically collect technical information, such as IP address, browser type, language preference, and device details.
     Legal Basis: Processing is based on our legitimate interest to ensure the Platform’s security, stability, and performance, and to improve user experience.

   • Cookies and Other Tracking Technologies: We use cookies and similar technologies to identify you as a Platform user and enhance your experience, for example, by remembering your login.
     Legal Basis: Partly based on our legitimate interest to ensure the Platform’s proper functioning. More information and consent management are available in our Cookie Notice.

   
   

   2.3. Data from Third Parties

   • Data from Authentication Services: Account creation and login occur through secure third-party authentication services (ID-card, Mobile-ID, Smart-ID), which transmit your basic information (name, personal code) to us.
     Legal Basis: Processing is necessary for the performance of the contract to provide a secure user account.

   • Data from Employers: If your employer enables you to use the Platform and pays for Services, we may receive information from your employer (e.g. your name and work email) to add you among authorized users.
     Legal Basis: Processing is necessary for the performance of the contract to provide Services made available by your employer.

   Note on Health Data: Health data and other personal information related to the provision of Services are processed by Minudoc as a processor on behalf of the Health Service Provider (HSP). The controller of such data is the respective HSP, which determines the purpose and legal basis of processing. Our role is to ensure secure transmission and storage of data according to the contract and instructions of the HSP.

3. Who We Share Your Data With

   We do not sell or rent your personal data to third parties. We only share your data when it is necessary and permitted by law. Your data may be shared with the following categories of recipients:

   • Healthcare and Health Service Providers (HSPs): When you book a Service through the Platform, we share the necessary data (such as your name and contact information) with the chosen HSP to enable booking and service delivery.

   • Third-Party Health Service Providers: We engage trusted partners who provide essential services to us, such as platform development, hosting, maintenance, security monitoring, and payment processing. They have access to your data only to the extent necessary to perform their tasks and are contractually obliged to maintain confidentiality and data security.

   • Authorities and Law Enforcement: We may disclose your personal data when required by law or when we believe in good faith that it is necessary to:
     (a) comply with legal obligations or court orders;
     (b) protect our rights, property, and safety;
     (c) prevent or investigate potential fraud or illegal activity;
     (d) protect the safety of our users or the public.

   • Third Parties in Business Transactions: If Minudoc is involved in a merger, acquisition, or sale of assets, your data may be transferred to another company as part of the transaction. We ensure that the protection of your personal data continues in accordance with this privacy notice.

   We generally do not transfer or store your data outside the European Economic Area (EEA). In rare cases where a service provider is located outside the EEA, we ensure full compliance with applicable data protection laws.
   
   When transferring data outside the EEA, we apply one of the following safeguards:

   • An adequacy decision by the European Commission confirming sufficient protection;

   • Standard Contractual Clauses (SCCs) approved by the European Commission;

   • Other appropriate safeguards provided under GDPR.

4. Your Rights Regarding Personal Data

   Under GDPR, you have the following rights:

   • Right of access – you have the right to know what data we hold about you. You can view your information under “My Data” in your Minudoc account.

   • Right to rectification – you can request correction of inaccurate data. You can also modify most of your details yourself (except your personal ID code) under “My Data”.

   • Right to erasure (“right to be forgotten”) – you can request deletion of your data when it is no longer needed, or you withdraw your consent.

   • Right to restriction – you can request temporary limitation of processing in certain situations (e.g. when you object to processing).

   • Right to object – depending on your situation, you may object to processing based on legitimate or public interest. You can always object to processing for direct marketing purposes.

   • Right to data portability – you can request a copy of your data in a machine-readable format or transfer it to another controller, where technically feasible.

   • Right to withdraw consent – if processing is based on your consent (e.g. providing feedback), you may withdraw it at any time.

   To exercise your rights, please contact us using the contact details below.
   Note: If your inquiry concerns data processed during the provision of Services (including health data), please contact the relevant HSP directly, as it is the controller of such data. Minudoc assists the HSP in fulfilling its legal obligations.

5. Data Retention

   We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, including legal and accounting requirements. In general, we keep your account data as long as your account is active. After deletion, your data will be removed or anonymized unless longer retention is required by law.

6. Security

   We apply appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. Access to your user account is protected through secure authentication methods.

7. Complaints

   If you believe that the processing of your data violates your rights, you have the right to lodge a complaint with the Data Protection Inspectorate (AKI). However, we encourage you to contact us first to find a prompt and satisfactory solution.

8. Contact Details

   If you have questions about how your data is processed, wish to exercise your rights, or need more information, please contact Minudoc OÜ:

   • Legal Entity: Minudoc OÜ

   • Registration Code: 14630213

   • Address: Vana-Lõuna 39/1, Tallinn 10134, Estonia

   • Email: info@minudoc.ee.

   • Phone: +372 501 9568

9. Changes to this Privacy Notice

   We reserve the right to update or amend this privacy notice from time to time. We will notify you of any changes through the Platform or by email using the contact information you provided.