Data Processing Rules
eHealthPoint is an application that provides support to the patient in dealing with health data.
eHealthPoint is maintained and developed by "MediCloud, Ltd.", unified registration number 40203037065, registered address: Baložu iela 12-1/3, Riga, Latvia, LV-1048.
“MediCloud, Ltd” is registered as a Controller in the Personal Data Processing Register of the State Data Inspection with registration number 006160.
What kind of personal information do we collect and why?
To ensure the functionality of the Application, we collect, process, and store information about you.
Primarily, it is the following:
- the information you have given to eHealthPoint to ensure its functionality;
- the information we collect by using eHealthPoint: audit and statistics to understand how you use our services and improve them;
- the information that authorities connected to eHealthPoint allow you to view.
Profile information (for registered users only):
Profile information is the information about you that you refer to in the eHealthPoint section and we store it in your database.
Working email address
We use your e-mail address as a unique validated user identifier - the e-mail address is how we distinguish one user from another and make sure that the data we represent to you is really yours. One e-mail address corresponds to one profile.
When you create a new profile or change your password, we will send you the appropriate e-mail with the instructions.
Password hash string
Password is your "key" for data access. By entering the correct password you prove to us that you are you. For our part, we need to make sure that we have done our best to protect your password, so we do not know (and do not want to know) it: when you create your password when registering or changing it, your device (computer or mobile device) will convert it in a special code called hash. Knowing this string makes it almost impossible to know your real password, but every time you enter your password, this string will be the same after the conversion and we will know that your password has been entered correctly. We store this string in our database and use it to allow or deny you access to personal data without knowing your real password. Anyone with your password will be able to pretend to be you at eHealthPoint, so make sure only you know it.
First name, Last name
We need your first name and last name to know how to address you. When you allow us to transfer your data to other systems, they will use your name to understand who owns the data.
If your profile is verified, we will save your verification data in name and surname to minimize the risk of data error.
Personal identifier (personal code)
Your personal code (or other unique personal identifier used in your country) is required to be able to identify you outside of the eHealthPoint and to ensure that the data we receive from other systems is yours.
If your profile has been verified, we will store the verification data in your personal code to minimize the possibility of data error.
We use the country to understand how your personal code should look and be able to help you not make a mistake. When you allow us to transfer your data to other systems, they can use your nationality according to their own processes. The country you select also affects the minimum age for a user who can sign up for eHealthPoint.
Date of birth
According to the law, the eHealthPoint may only process data of persons who have reached the respective age. We use the country you specify to determine this age. With your permission, the date of birth can be passed to other systems to process according to their processes.
With your permission, the contact phone can be transferred with your data to other systems to use according to their processes. For example, authority registrars can contact you using this number to confirm your appointment.
In languages that distinguish between the names of women and men, we will use your gender to continue communicating with you in a friendly tone, addressing you with informal "You."
We keep your profile verification case information in order to be able to distinguish verified profiles from unverified and protect them from unauthorized access.
Profile information (for unregistered users in the mobile Application):
eHealthPoint mobile Application allows you to save your profile information without registering. These data are stored in the machine's memory and we do not know about them, as long as they are not sent to the operational service when you press the Emergency Call button in the "SOS" section. The data that the operational services will receive along with your call will include Name, Last Name, Personal code and location of your device.
Location data is retrieved all the time while the Application is running to provide the most accurate data possible, but only the last place will be used in case of data transfer to the operational service.
Information about your family doctor that you entered in the Application is stored only on your device and is not available for us.
Information about your appointments (selected time of appointment, service, doctor and institution, type and condition of the appointment) is stored on our servers and passed to the appropriate authority that operate the data according to their own processes. For changes regarding appointments, institutions will send information e-mails to you via eHealthPoint.
eHealthPoint keeps information on the list of documents available to you on their servers (authority, author, document type, number, unique identifier, dates and status).
The documents themselves are not stored on our servers, and each time the document is opened, it is requested from the appropriate authority and displayed to you.
Documents in eHealthPoint is available only to verified users.
Vaccination data (date of vaccination, vaccine series, disease, physician's data and notes) you create are stored on our servers and only available for your profile.
If your profile has been verified, data about your vaccinations from other institutions connected to eHealthPoint will be stored with your data and can be viewed on your profile.
On your servers, the eHealthPoint keeps information about your loyalty from the institutions connected to eHealthPoint.
Loyalty information (dates, level names, point numbers, or discount percentages) is displayed only for verified profiles.
Communication with help-desk:
When communicating with the eHealthPoint Service, it processes your data according their own processes: including your e-mails, telephone calls, and, if requested by the application solution, data from your profile in eHealthPoint.
To make sure that the profile you are talking about is yours, a help-desk specialist can ask questions that will confirm your identity.
We will never ask for your password.
All the activities you or someone else performs in eHealthPoint are logged: we keep a description of the activity (no personal data), running time and performer.
These data are needed to address problematic issues in the Help desk, as well in order to analyse the behaviour of eHealthPoint users in a depersonalised way, to improve the quality of services provided.
How do we store your data?
Your personal data is stored in secure databases of our servers, access is strictly limited.
User access to their data is controlled by eHealthPoint password and profile verification.
Any other access to personal data of users is restricted, logged and sanctioned according to the internal processes of "MediCloud, Ltd".
In accordance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, you have the right to completely delete your data, stop processing, and request copies of the data processed through our Helpdesk on business days from 09:00 to 18:00, by phone +371 67243124 or by e-mail firstname.lastname@example.org.
Requests will be processed in line, but not longer than within 30 days.
In order to make sure that you are you, be prepared to answer our questions, or in case of verified profiles, to confirm your identity in person.
Dissemination of your data to third parties
Institutions - MediCloud customers
Authorities connected to eHealthPoint receive only the information you provide to them through eHealthPoint functionality (e.g. creation of an appointment or transfer of location).
Data generated by you in institutions without eHealthPoint involvement, but processed in it (e.g. documents, or vaccinations) are processed according to the institution's conditions. In such cases, eHealthPoint serves as a data processor (operator).
eHealthPoint uses Google Analytics to collect visit statistics for the eHealthPoint portal, which is important to us, keeping track of service load, popularity and user behaviour, as well as for audience management.
To ensure this functionality, eHealthPoint uses the Google Analytics gtag.js interface (https://developers.google.com/gtagjs/) with special anonymization of IP addresses (https://developers.google.com/analytics/devguides/collection/gtagjs/ip-anonymization)without using tagging at user level (i.e., Google Analytics does not collect eHealthPoint users specific information and is able to control only general visit statistics).
To use Google Analytics, you must allow the use of appropriate cookies.
Read more about how Google Analytics handles your data here: https://support.google.com/analytics/answer/6004245
Access to data is controlled using eHealthPoint username and password.
A user who has successfully entered the system is considered to be the owner and legitimate user of that profile. Therefore, the use of foreign profiles without proper permission is considered a violation of these terms.
eHealthPoint users' password is stored in the database in the form of a mixed code that ensures that the password is only known to the user who created it. Responsibility for non-disclosure remains with the user.
Data security for your equipment
Before using the eHealthPoint, the user must make sure that the equipment is safe enough. Vulnerabilities and data leaks due to user fault are the responsibility of the user.
After completing work with eHealthPoint and public equipment, we recommend that you exit your profile and make sure that your browser has not saved your password for reuse.
Data of other persons you use in eHealthPoint
The use of other personal data must ensure the legitimacy of its processing. By entering data in eHealthPoint, you confirm that you have the appropriate permissions to process this person's data.
The normal operation of eHealthPoint web application requires cookies.
We use so called "Session" cookies to remember the entry in eHealthPoint, Google Analytics cookies, and cookies that "remember" your refusal to use Google Analytics cookies.
Cookies are only used after consent to this policy ("session cookies") or for the use of specific cookies (Google Analytics cookies).