Lifeyear OÜ – Privacy Policy

(Specialist Dashboard – Estonia)

Effective Date: 13 February 2026

Statement

Lifeyear OÜ is committed to protecting the privacy and security of personal data processed through the Lifeyear Specialist Dashboard (the “Dashboard”). This Privacy Policy explains what information Lifeyear OÜ collects, how it is used, with whom it may be shared where necessary and how personal data is protected when using the Dashboard.

This Privacy Policy applies solely to the processing of personal data relating to specialist users of the Dashboard. The processing of patient personal and health data accessed through the Dashboard is governed by separate patient-facing privacy documentation.

This Privacy Policy is prepared in accordance with the General Data Protection Regulation (GDPR) and applicable Estonian data protection law. Unless otherwise stated, this document applies solely to the Dashboard and the processing of personal data carried out through it.

Use of the Dashboard may take place in cooperation with healthcare organisations and is subject to cooperation and data processing arrangements in place between Lifeyear OÜ and the relevant healthcare organisation, as well as the Dashboard Terms of Use.

Who Is Responsible for Processing Personal Data

Data Controller: Lifeyear OÜ
Company number: 16035006
Registered office: Valukoja tn 10, 11415 Tallinn, Estonia
Contact email: info@lifeyear.com

Lifeyear OÜ determines the purposes and means of processing personal data related to the use of the Dashboard.

If questions or concerns arise regarding the processing of personal data, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon; AKI) may be contacted at www.aki.ee.

Personal Data Processed

Lifeyear OÜ processes only the personal data needed to provide access to the Dashboard and to ensure its secure operation:

Contact data, such as name, email and telephone number;
Technical and usage data, such as IP address, device and browser information and system logs;
Information provided in connection with user support requests.

Clarification: notes, comments, and other patient-related information entered by specialists in the Dashboard constitute patient personal and health data and are governed by the separate patient-facing privacy documentation.

Legal Basis for Processing

Personal data is processed only where a lawful basis exists.

Lifeyear OÜ may process personal data on the following legal bases:

Performance of a contract or professional cooperation arrangement, where processing is necessary to provide access to the Dashboard;
Legal obligation, where processing is required under applicable law;
Legitimate interests, where processing is necessary for the operation, maintenance, and security of the Dashboard and does not override the rights and freedoms of the user.

Purposes of Processing

Personal data is processed in order to

Ensure access to the Dashboard and its proper functioning;
Manage user accounts and authentication;
Enable communication and user support related to the use of the Dashboard;
Ensure the security, integrity, and reliability of the Dashboard and related systems;
Comply with applicable legal and regulatory obligations;
Prevent misuse or security incidents.

Place of Processing

Personal data is processed by Lifeyear OÜ in Estonia and by trusted service providers within the European Economic Area (EEA) and the United Kingdom (UK). If personal data is transferred outside the EEA or the UK, such transfer takes place in accordance with the requirements of the GDPR.

Third Parties and Processors

Personal data may be processed by carefully selected service providers that support the operation and security of the Dashboard (such as hosting and infrastructure providers), in accordance with applicable data protection requirements.

Lifeyear OÜ does not disclose personal data to third parties or use it for purposes that are not consistent with the original purposes of collection.

Retention of Personal Data

Personal data is retained only for as long as necessary to fulfil the purposes described in this Privacy Policy:

Account and access data are retained for the duration of authorised access;
Technical and usage data are retained for a limited period for security, audit, and system integrity purposes;
Support-related information is retained until the request has been resolved.

After the retention period expires, personal data is securely deleted or anonymised.

Security Measures

Appropriate technical and organisational measures are implemented, including:

Encryption in transit and at rest;
Role-based access control and two-factor authentication;
Logging and monitoring of access;
Regular security reviews and testing;
Data minimisation and access restriction.

Cookies

The Dashboard uses cookies and similar technologies that are necessary to support secure user access, session management, and the reliable operation of the Dashboard.

The Dashboard does not use cookies or similar technologies for analytics, advertising, marketing, profiling, or tracking.

Your Rights

Under the GDPR, you have the right to:

Access your personal data;
Request correction of inaccurate or incomplete data;
Request deletion of personal data in accordance with applicable law;
Restrict or object to certain processing;
Lodge a complaint with the Estonian Data Protection Inspectorate.

Requests may be submitted to info@lifeyear.com and will be handled within one month.

Changes to This Privacy Policy

This Privacy Policy may be updated from time to time. The current version is available on the Lifeyear website and other relevant Lifeyear platforms, together with the effective date.

Change History

13 February 2026: Updated and clarified the wording regarding the place of processing, added reference to the United Kingdom, and clarified the availability of the Privacy Policy.

Contact Information

Lifeyear OÜ

Valukoja tn 10, 11415 Tallinn, Estonia

Email: info@lifeyear.com

If the response is not satisfactory, the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon; AKI) may be contacted at www.aki.ee.