Data protection

Data protection notice of Confido Health Plan can be found below.

Choose suitable insurance conditions

Data protection notice for insured persons of Confido Health Plan (valid from 21.08.2025)

This data protection notice establishes the terms and conditions for processing personal data by Tervisekindlustusagent OÜ (registry code 16572262) in the processing of personal data on the Confido Health Plan self-service portal. This data protection notice applies to persons who have insurance coverage within the framework of the Confido Health Plan mediated by Tervisekindlustusagent.

Tervisekindlustusagent reserves the right to unilaterally amend and supplement this data protection notice. An up-to-date data protection notice is published and available at any time on Tervisekindlustusagent’s website https://terviselahendus.ee/

Contents

1. Definitions
2. The role of tervisekindlustusagent in the processing of personal data
3. Collected personal data, purpose of processing and legal basis
4. Sources of personal data
5. Retention of personal data
6. Transfer of personal data
7. Security of personal data
8. Rights related to personal data

1. Definitions

The following terms are used in this data protection notice:

Data Protection Notice – this data protection notice, which regulates the processing of personal data of insured persons and their relatives by Tervisekindlustusagent OÜ.

Confido Health Plan – damage insurance developed by the insurer, whereby Tervisekindlustusagent reimburses the insured person on behalf and on the authority of the insurer for the cost of services provided by cooperation partners or third parties, within the limits of the agreed health insurance risk coverage.

Insurer – AS LHV Kindlustus, registry code 14973611, address Tartu mnt 2, 10145 Tallinn, Harju county.

Policyholder – a person that has entered into an insurance contract with the insurer through Tervisekindlustusagent. If the insured person is not an independent co-insurer, the policyholder is the employer of the insured person.

Insured person – an individual insured by the policyholder or independently as a co-insurer.

Cooperation partners – third parties who provide services to an insured person through their employees. The list of cooperation partners can be found here: https://terviselahendus.ee/en/partners/.

Relative – the spouse, partner, parents and children up to the age of 18 of the insured person. A relative is a person insured under the insurance contract if they have provided confirmation of this.

Service – any healthcare service covered by the insurance offered by the insurer. The healthcare services covered by the insurance can be found in the insurance terms: https://terviselahendus.ee/en/insurance-conditions/.

Tervisekindlustusagent – Tervisekindlustusagent OÜ, registry code 16572262, address Veerenni 51, 10138 Tallinn, Harju County.

Confido Health Plan self-service portal – a digital environment through which a person can submit a claim, and where claims are processed and the data of the insured persons are managed.

General Data Protection Regulation – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

2. The role of tervisekindlustusagent in the processing of personal data

2.1.

As an insurance agent, Tervisekindlustusagent mediates the exchange of data between the insurer and cooperation partners within the Confido Health Plan, including the processing of personal data necessary for the conclusion and fulfilment of the insurance contract. In the context of the General Data Protection Regulation, Tervisekindlustusagent is considered to be the processor of the personal data of the insured persons and their relatives for the purpose of handling claims on behalf of and based on the instructions of the insurer.

2.2.

In the context of the General Data Protection Regulation, the insurer is considered the controller of the personal data of the insured persons and their relatives, who determines which personal data is collected from the insured persons and their relatives and for what purposes.

3. Collected personal data, purpose of processing and legal basis

3.1.

Tervisekindlustusagent processes the following personal data of the insured persons and their relatives only for specified purposes and on the basis of applicable law:

Personal data category
Personal data
Purpose
Legal basis
Identification data

First and last name, personal identification code, date of birth, e-mail address, residence, language of communication.
If facial recognition technology is used for identification purposes, Tervisekindlustusagent collects a photo and/or a photo of the identification document of the insured person/ relative/ policyholder’s representative.
Facial recognition technology is used to verify that the face of the insured person/relative/policyholder’s representative is clearly visible in the submitted photo and that it matches the face on the identification document. This process involves the processing of facial features and other biometric characteristics.
Tervisekindlustusagent only uses facial recognition technology if the person has given explicit consent. The person may withdraw their consent at any time by contacting Tervisekindlustusagent. Withdrawal of consent does not affect the lawfulness of any prior processing.
For the purpose of identity verification, Tervisekindlustusagent may use trusted third party service providers to whom personal data of the insured person/relative/policyholder’s representative is transferred with the sole purpose of identity verification.

Creating a user on the Health Plan self-service platform, identity verification.

Contract fulfilment.

The processing of biometric data for the purpose of identity verification takes place on the basis of explicit consent.

Insurance data

Identification data of the insured person and their relative, insurance card number, IBAN number.

Determining the existence of insurance and identifying the insurance limit, handling claims.
Contract fulfilment.
Health data

Data regarding health status, including appointments, analyses, prescriptions, referral letters, etc. The composition and scope of the health data depends on the service used.

Determining the existence of insurance and identifying the insurance limit to determine whether the insurance coverage is applicable for the service being sought, and handling claims.
Contract fulfilment.
Contact information
Phone number, e-mail address
Direct marketing and seeking feedback.
Consent or legitimate interest.
Contact information of the policyholder
First and last name, personal identification code, e-mail address.
Identification and use of the Health Plan self-service portal by the policyholder’s representative(s).
Contract fulfilment.
Contact information of cooperation partners
First and last name, personal identification code, e-mail address.
Identification and use of the Health Plan self-service portal by the cooperation partner’s employee(s).
Contract fulfilment.
Complaints and proposals
Data associated with the complaint or proposal (first and last name, e-mail address, feedback provided).         
Quality assurance.
Legal obligation and legitimate interest.

4. Sources of personal data

4.1.

Tervisekindlustusagent receives information about the insured person from the following sources, depending on who has taken out the insurance:

4.1.1.

If the insured person is insured through a policyholder (e.g. an employer), the policyholder transfers the necessary information to the Health Plan self-service portal;

4.1.2.

If the insured person is an independent co-insured person, they transfer the data themselves directly to Tervisekindlustusagent;

4.1.3.

If the insured person is a relative, the necessary identification data is provided by the insured person who insured the relative.

4.2.

Tervisekindlustusagent may also receive personal data from an identity verification service provider that has been authorised by Tervisekindlustusagent to verify and confirm identity.

4.3.

The health data will be transferred to Tervisekindlustusagent either by the insured person or relative themselves or, with their consent, via cooperation partners. If the insured person or relative uses a cooperation partner’s service and wishes to use the Confido Health Plan insurance limit, the cooperation partner’s employee enters the insured person’s or relative’s personal identification code in the Health Plan self-service portal to verify the existence of insurance coverage and the insurance limit. If available, the cooperation partner’s employee will add information about the service provided to the Health Plan self-service portal.

5. Retention of personal data

5.1.

Tervisekindlustusagent does not retain personal data longer than necessary based on the purpose of processing and in accordance with applicable law.

5.2.

Accounting documents are retained for 7 (seven) years from the end of the respective financial year in accordance with the Accounting Act.

5.3.

Data collected for the performance of the contract and for making refunds, as well as data regarding feedback, with no specific legal retention period, are retained for up to 3 (three) years after the termination of the contract.

6. Transfer of personal data

6.1.

Tervisekindlustusagent transfers the insured person’s or relative’s personal data only if:

6.1.1.

Such an obligation is imposed by law (e.g. an obligation to provide information to a court or law enforcement authorities);

6.1.2.

It is necessary for fulfilling the insurance contract;

6.1.3.

It is carried out through Tervisekindlustusagent’s authorised service providers (e.g. IT service provider, identity verification service provider), who are entitled to process personal data only for the relevant purpose and to a limited extent. If Tervisekindlustusagent refers to a third-party website for the collection of personal data (e.g. for identity verification purposes), we recommend also reading the privacy policy of the third-party service provider.

6.2.

When transferring personal data, Tervisekindlustusagent always applies the principles of data protection, including the requirements of minimisation, purpose limitation and confidentiality.

6.3.

Tervisekindlustusagent does not transfer the personal data of the insured person or relative outside the European Economic Area. If the need for such a transfer arises in the future, Tervisekindlustusagent will only do so if the recipient of the data is located in a country for which the European Commission has issued an adequate protection decision or if appropriate additional safeguards are in place (e.g. European Commission standard contractual clauses). In such cases, Tervisekindlustusagent also updates the data protection notice with the relevant information.

7. Security of personal data

7.1.

Tervisekindlustusagent implements necessary organisational, physical and information technology security measures to protect the processed personal data from any misuse, unauthorised access, disclosure, alteration or destruction, even when personal data is transferred abroad.

7.2.

Only authorised individuals have access to the personal data of the insured person and their relative. Authorisations are granted on a need-to-know basis, and individuals with access to personal data are obliged to adhere to confidentiality obligations.

8. Rights related to personal data

8.1.

The insured persons and their relatives have all rights arising from the applicable law regarding the processing of their personal data, which include:

8.1.1.

Right of access – the insured person or relative has the right to inquire at any time whether Tervisekindlustusagent has personal data about them and to obtain information about the personal data processed by Tervisekindlustusagent.

8.1.2.

Right to correct personal data – the insured person or relative has the right to request from Tervisekindlustusagent the rectification or completion of their personal data if it is inaccurate, incomplete or incorrect.

8.1.3.

Right to object – the insured person or relative has the right to object to the processing of their personal data, for example when such processing is based on the legitimate interests of Tervisekindlustusagent.

8.1.4.

Right to erasure of personal data – the insured person or relative has the right to request the deletion of their personal data, for example when the processing is based on consent provided by the insured person or relative and they have withdrawn their consent.

8.1.5.

Right to restriction of processing of personal data – the insured person or relative has the right to request that Tervisekindlustusagent restrict the processing of their personal data under certain circumstances, for example, when the data is no longer needed, or the insured person or relative has objected to the processing.

8.1.6.

Right to withdraw consent to the processing of personal data – if the processing of personal data is based on consent given by the insured person or relative, they have the right to withdraw the consent given to Tervisekindlustusagent at any time. Withdrawal of consent does not apply retroactively, i.e. it does not affect the lawfulness of the prior processing.

8.1.7.

Right to data portability – the insured person or relative has the right to receive the personal data they have provided to Tervisekindlustusagent and request, if technically feasible, that Tervisekindlustusagent transfer this data to a third party service provider.

8.1.8.

Right to lodge a complaint – the insured person or relative has the right to lodge a complaint directly with Tervisekindlustusagent by emailing andmekaitse@confido.ee or with the Data Protection Inspectorate at info@aki.ee, phone +372 627 4135, address Tatari 39, 10134 Tallinn.

8.2.

The rights listed in this chapter regarding the processing of personal data do not include all their rights. In certain cases, the rights of other data subjects or legal obligations of Tervisekindlustusagent may limit the rights of the insured person or relative.

8.3.

To exercise the rights related to the processing of personal data, submit requests, or raise any questions, please contact Tervisekindlustusagent at andmekaitse@confido.ee.