Contact
Free consultation
Fi-rr-house-blank
Fi-rr-user
Free consultation

Logotyp

Fi-rr-house-blank
Fi-rr-user
Unisolid-bars
PRIVACY POLICY OF THE PRIMEMEDHUB.COM PLATFORM
1. General Information and Data Controller

The controller of the personal data of users of the PrimeMedHub.com platform is:

Maxi Maja OÜ

Registered office: Harju maakond, Lasnamäe linnaosa, Lõõtsa tn 5, 11415 Tallinn, Estonia

Company registration number (Registrikood): 16093742

VAT ID: EE102309654 | Polish Tax ID (NIP): 5263400722 | EORI: EE16093742

This document complies with:

  • GDPR (Regulation (EU) 2016/679 of the European Parliament and of the Council of

    27 April 2016 on the protection of natural persons with regard to the processing of

    personal data and on the free movement of such data).

  • ePrivacy Directive (Directive 2002/58/EC of the European Parliament and of the

    Council of 12 July 2002 concerning the processing of personal data and the protection

    of privacy in the electronic communications sector), as well as standards for data

    protection in electronic communications.

The Controller has appointed a data protection contact point:

e-mail: [insert e-mail address, e.g. privacy@primemedhub.com].

In the case of entities processing sensitive data, such as health-related data (even if we do not store medical documentation), the Controller monitors GDPR compliance and is prepared to cooperate with supervisory authorities, such as the Polish Personal Data Protection Office or its equivalent authority in Estonia.

 

2. Multichannel Communication and CRM System

Initial contact with the User usually takes place via a contact form on the Platform, and all collected data is transferred to a centralized CRM administrative panel.

To ensure convenience and fast service, further communication may take place via:

  • Traditional channels: e-mail, phone calls, SMS.

  • Online messengers: WhatsApp, Telegram, Signal, Messenger, or other channels chosen by the User.

By choosing a specific messenger to communicate with the Platform, the User acknowledges that the providers of these applications (e.g. Meta, Telegram Group Inc.) are independent data controllers and operate under their own privacy policies.

Data from messengers (such as identifiers, phone numbers, and conversation history related to service organization) may be integrated into the CRM system to ensure continuity of service. The Controller ensures that such integration complies with the principles of data minimization (processing only necessary data) and security (e.g. encrypted transmission).

3. Scope of Processed Data

  • Identification and contact data: first name, e-mail address, phone number, username or identifier in messaging applications (e.g. @username on Telegram).

  • Preference data: type of procedure or service the User is interested in.

  • Statistical and informational data: history of interests and statuses (e.g. “pre-procedure”, “post-procedure”) stored in the CRM system.

  • Automatically collected data: IP address, device data, cookies, and similar technologies (e.g. for traffic analysis and content personalization – details in section 9 below).

IMPORTANT:

The Controller does not collect or store medical documentation (such as test results, X-rays, or medical images). Any medical data is transmitted by the User directly to the selected clinic via communication channels agreed with that clinic. Sensitive data (e.g. health-related data) is processed only to the extent necessary for informational purposes and solely on the basis of the User’s explicit consent, where applicable.

 

4. Purposes and Legal Bases for Processing

  • Handling inquiries and communication (Article 6(1)(b) GDPR): contacting the User via their chosen communication channel (e-mail, WhatsApp, Signal, etc.) to present partner offers.

  • Educational purposes and informational care (Article 6(1)(f) GDPR): sending pre-operative and post-operative materials (e.g. procedure preparation instructions) and preventive information electronically.

  • Statistical analytics (Article 6(1)(f) GDPR): analysis within the CRM system of which services are most frequently selected, enabling better offer matching in the future.

  • Additional purposes: ensuring Platform security and preventing abuse (Article 6(1)(f) GDPR), as well as fulfilling legal obligations (Article 6(1)(c) GDPR, e.g. reporting to supervisory authorities).

Processing of sensitive data (if applicable) is based on explicit consent (Article 9(2)(a) GDPR).

 

5. Data Transfers Outside the EU/EEA

When using messaging applications (e.g. WhatsApp) or communicating with clinics located outside the EU, personal data may be transferred to third countries.

The Controller uses services that ensure a high level of protection (e.g. end-to-end encryption in Signal/WhatsApp) and relies on Standard Contractual Clauses or the User’s explicit consent when choosing a specific communication channel.

Data recipients include: logistical and medical partners (clinics), IT service providers (e.g. CRM hosting), and entities processing data on behalf of the Controller under data processing agreements. All transfers are assessed for data protection adequacy in accordance with Chapter V of the GDPR.

 

6. Data Retention Period

  • Data stored in the CRM system is retained for the period necessary to conduct informational and preventive activities (e.g. up to 10 years from the last contact, due to the cyclical nature of preventive examinations), unless the User requests deletion earlier.

  • Analytical data (e.g. cookies) is retained for up to 2 years or until consent is withdrawn.

After the retention period, data is anonymized or deleted.

 

7. User Rights

The User has the right to access their data, data portability, rectification, and the right to erasure (“right to be forgotten”). The User may change their preferred communication channel at any time (e.g. switching from WhatsApp to e-mail).

Additionally, the User has the right to object to processing (e.g. for marketing purposes), the right to restrict processing, the right to withdraw consent (without affecting the lawfulness of prior processing), and the right to lodge a complaint with a supervisory authority (e.g. the President of the Personal Data Protection Office in Poland or the Harju County Court in Estonia).

Requests may be submitted via the Controller’s e-mail address; responses will be provided within one month.

 

8. Data Security Measures

The Controller applies appropriate technical and organizational measures, including data encryption, firewalls, regular security audits, staff training, and agreements with data processors, to protect personal data against unauthorized access, loss, or destruction. In the event of a personal data breach, the User will be informed in accordance with Articles 33–34 of the GDPR.

 

9. Cookies and Tracking Technologies

The Platform uses cookies to improve functionality, analyze traffic, and personalize content (e.g. Google Analytics). The User may manage cookies through browser settings. A detailed cookie policy is available at: [link].

The legal basis for processing is consent (Article 6(1)(a) GDPR) or legitimate interest (Article 6(1)(f) GDPR for essential cookies).

 

10. Changes to the Privacy Policy

The Controller reserves the right to amend this Privacy Policy in the event of legal changes or Platform functionality updates. Any changes will be published on the website along with their effective date.