Privacy policy

Valid from June 1st, 2020

It is very important for Healthcode AI (“we”) to respect the privacy of the customer (“you”), and in this document we explain to you what health information we ask from you , why we do it, what we do with the data and how we store it.

Who is HealthCode AI.

HealthCode AI is a company operating the Leia platform that collects, systematizes, and mediates the health information of users logged in to the Leia environment to health care providers registered in the same environment. HealthCode AI does not provide health and healthcare services itself.

HealthCode AI implements all necessary security measures to protect the customer’s personal data from loss, unauthorized access and processing.

What data we collect about You and why do we need it.

  • Personal data (name, identification code) is necessary for the medical center to identify you and reconcile them with your other health data.

  • Contact information (e-mail, telephone) is necessary so that the medical center can contact you when necessary.

  • Information entered by you about the illness or health problem (symptoms, their details, information added by the healthcare professional), from which a systematic overview is prepared for the medical center. This information is stored because it is important for your doctor to know all your previous health problems during the treatment process.

Storage of the data

The data listed above will be kept until you request to delete your data from our system. To delete the data, please send a corresponding digitally signed request to the e-mail address

NB! Once deleted, the data cannot be recovered, and you will no longer be able to use the LEIA Platform.

Other requests (prescription updates, vaccination requests, certificate requests, etc.) will not be saved.

You have the right to know what data about you is stored in the system. HealthCode is developing a system to view your data in real time, but in the meantime, you must send us a digitally signed request to if you wish.

How HealthCode AI will use your data

In addition to seeing your health information in a personalized form (I.e. with your name and ID code), the LEIA platform also stores your health information in an anonymized form – i.e. without your name, personal identification number or other identifying information. Non-identifying features such as gender and age may remain in the data.

HealthCode AI may use anonymized data for various purposes i.e. for the teaching of artificial intelligence. Artificial intelligence learns from anonymous data what symptom combinations people may have suffering from the same disease. In this way, artificial intelligence will be able to better detect what the disease a patient may have in the future and thus ask patients the most relevant questions.

Käesolevaga annate meile õiguse kasutada teie andmeid, mille oleme vastavalt kehtivatele andmekaitseseadustele anonüümseks muutnud. Anonüümseks muudetud andmete kasutamise õigus on ilma ajaliste või geograafiliste piiranguteta ning on ülekantav või edasi litsentseeritav ükskõik millisel viisil, kas praegu teadaoleval või teadmata kujul. 

You hereby grant us the right to use your data, which we have anonymized in accordance with applicable data protection laws. The right to use anonymized data shall be without time or geographical limitation and shall be transferable or sublicensable in any manner, whether currently known or unknown.

Legal bases of processing your data

We process your data on the following legal bases:

Your consent – based on which sensitive personal data (health data) is processed. Collection, processing, and transmission of your health data in the LEIA environment can only take place with your consent. You have the right to inquire about your data and the right to withdraw your consent.

Obligation of the company to comply with various laws regulating the operation of companies (e.g. the Accounting Act).

Data Protection Act and the General European Data Protection Regulation (GDPR).

The obligation to protect your life i.e. Inevitably to inform you or your GP clinic if life-threatening conditions or signs of illness occur.

Other legal bases permitted by law.

Sharing of Your data

We will not share the information you entrust to us, except in the limited cases set out below and where necessary to meet the purposes described in this Privacy Policy:

With our subsidiaries and affiliates – we may share your personal information with our subsidiaries or affiliates located exclusively in the European Union.

Public authorities and government agencies – we may share data with agencies if we are required by law to share data or the sharing of data is necessary to protect our rights.

Service Providers – to provide quality service, we may engage data processing services from trusted third party service providers. This is subject to confidentiality agreements and compliance with data protection laws.

Third parties involved in business transactions – in limited cases, we may share your information with third parties in the context of a corporate transaction, such as the sale of a business or part of a business, to another business. Also, in the context of company restructuring, joint venture formation, merger or other transfer of company assets or shares. If we share your data with the above persons, we will ensure the protection of your data in a data processing agreement concluded between us and such person.

We will not store or send your personal data outside the EEA or to countries for which a decision on adequacy has not been taken pursuant to Article 25 (6) of Directive 95/46 / EC or Article 45 (1) of its successor Regulation (EU) 2016/679.

Your rights over your data

As a data subject, you have the following rights:

Right of access – you have the right to know what data about you is stored in the system. HealthCode AI is developing a system to view your data in real time, but in the meantime, you must send us a digitally signed request to if you wish to obtain it.

Right to rectify data – you have the right to request the rectification of your personal data if it is incorrect. If necessary, you can change the data submitted to us by yourself (except for the personal identification code).

Right to delete data (“right to be forgotten”) – in certain cases, you have the right to request that your personal data to be deleted (i.e. you withdraw our consent to the processing of data).

Right to restrict processing – In certain cases, you have the right to prohibit or restrict the processing of your personal data for a certain period of time (e.g. if you have objected to the processing).

Right to object – Depending on the specific situation, you have the right to object to the processing of your personal data if the processing of your data is in our legitimate interest or in the public interest.

Right to transfer data – you have the right to request that the data you provide to us be transferred in a machine-readable form. You may also request the transfer of data directly to another controller, but only if this is technically feasible. The right to transfer only applies to data that we process with your consent.

Automated decision making (including profiling) – if we have informed you that we are performing automated processing (including profiling) that has legal implications or significant impact on you, you may request that the decisions made should not be limited only to automated processing.

If you have any questions about the information provided in this notice or would like to submit a request for data subject rights, please contact us at

We will do our best to address your requests and requests in a timely manner and free of charge, except where this would involve a disproportionate cost. If you are not satisfied with our answer, you can file a complaint with the Data Protection Inspectorate.