Privacy Notice
1. General
1.1 DocAid OÜ (“we” or “us”) provides a digital AI assisted tool for documenting health care professional-patient communication (“Service”). Your privacy is important to us and therefore, it is our policy to respect your privacy and take appropriate measures to protect your personal data.
1.2 This privacy notice (“Notice”) explains the principles on how we process, including collect, use, store and disclose personal data when: (i) you visit or otherwise interact with our website www.docaid.ai (“Website”) and/or docaid mobile application ("App"); (ii) you request a demo of our Service; (iii) you or the legal entity you work for or represent wishes to conclude or has concluded a contract with us; (iv) you communicate with us through e-mail, Website or other communication channels; or (v) you take any other actions, which entail us receiving and processing your personal data.
1.3 We process your personal data as described in this Notice and in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (2016/679) (“GDPR”) and other data protection legislation, as applicable towards the controller stated in Section 2 of this Notice.
1.4 In case you disclose any personal data regarding any third person(s) (e.g., your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Notice.
2. Controller
2.1 For the personal data processing purposes set out in Section 4 of this Notice, the controller of your personal data is DocAid OÜ with registry code 16830005.
2.2 In case of personal data protection related inquiries please contact us by writing to info@docaid.ai.
3. Categories and Sources of Personal Data
3.1 Personal data is any information that can be used to directly or indirectly uniquely identify you as a private individual. We may obtain and process the following categories of personal data:
3.1.1 For providing a demo and/or concluding and managing contractual relationship with you or the legal entity you work for or represent, we may process the following personal data: name, (corporate) e-mail address, (corporate) phone number, (corporate) bank account details, legal entity’s information (legal entity’s name, registry code, address, VAT number), your job title (“Main Data”);
3.1.2 If you are a natural person with a Client Account, we may process the following personal data: name, (corporate) address, (corporate) e-mail address (“Account Data”);
3.1.3 For the purpose of creating and maintaining secure access to the Service, we may process personal data necessary for authentication, such as password hashes, authentication tokens, multi-factor authentication data, login timestamps and other technical identifiers (“Authentication Data”);
3.1.4 If you communicate with us through e-mail, Website or other communication channels, we may process the following personal data: name, (corporate) e-mail address, (corporate) phone number, date, time, legal entity’s information (legal entity’s name, registry code), your job title, contents of your message, (“Communication Data”);
3.1.5 When you visit the App and/or the Website, our servers may automatically log the following standard data provided by your web browser or device, which may include your personal data: your device’s Internet Protocol (IP) address, your browser type and version, the webpages you visit on our Website and the time spent on each page, the time and date of your visit, your device’s system activity and hardware settings (“Log Data”);
3.1.6 We may also collect the following data, which may include your personal data, about the device you’re using to access our App and/or Website: device type, operating system, unique device identifiers, device settings, browser type, hardware model, Internet service provider and/or mobile carrier, system configuration information and geo-location data (“Device Data”);
3.1.7 We use cookies to understand how you use the Website. Cookies are small text files placed on your computer or mobile device when you visit the Website, and they may collect your personal data. Please refer to our Cookie Notice for more information.
3.2 We may obtain your personal data directly from you, including when you visit the Website or App, from the legal entity you represent or work for or other resources (e.g., from country specific commercial registrars).
3.3 If you do not provide the required information, we may not be able to provide our Service, contact you or fill any other purposes provided in Section 4 of this Notice.
4. Legal Bases and Purposes of Processing Personal Data
4.1 The legal basis for processing your personal data depends on the objective and context in which we collect personal data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal basis for processing:
| Processing purpose | Legal basis | Personal data category used for the processing purpose |
|---|---|---|
| Handling pre-contractual negotiations and communications and concluding the contract |
For legal persons: Our legitimate interest in taking and implementing pre-contractual measures, handling negotiations and communications, and concluding and performing the contract with the legal entity you represent or work for For natural persons: Performance of a contract. The processing is necessary for the performance of a contract to which the data subject is party, or in order to take steps at the request of the data subject prior to entering into a contract |
Main Data, Account Data, Communication Data |
| Performing the contract and managing contractual relationship, including responding to the enquiries in relation to the Service |
For legal persons: Our legitimate interest in performing the contract concluded between the legal entity you represent or work for and us For natural persons: Performance of a contract |
|
| Responding to your enquiries and requests, including but not limited to providing information about our Service | Our legitimate interest in responding to enquiries and requests, providing information about our services, and establishing or maintaining business relationships | |
| Providing a demo | Our legitimate interest in promoting our services, informing potential clients, and establishing business relationships, including providing product demos to prospective clients (both natural and legal persons) and their representatives | Main Data, Communication Data |
| Providing information about our Service’s updates, including information about new features and other news | Our legitimate interest in providing information about the Service’s updates | Main Data |
| Managing user authentication and access to the Service |
For user accounts related to natural person clients, the legal basis for processing Authentication Data “performance of a contract” as the processing is necessary to provide access to and use of the Service under the contract with the client For user accounts related to legal person clients (e.g. business clients and their representatives), and for end-user accounts created by clients for their own users, the legal basis for processing authentication data is legitimate interest. Our legitimate interest consists in ensuring the security and integrity of the Service, protecting accounts from unauthorized access, and maintaining reliable authentication mechanisms |
Authentication Data |
| Making available the basic functions of the App and the Website and administering it, including gathering information about navigation | Our legitimate interest in providing the App and the Website and understanding the use patterns to be able to improve the App and the Website and enhance the user experience | Log Data, Device Data |
| Diagnosing and repairing problems with the App and the Website | Our legitimate interest in (i) providing data security and preventing fraudulent actions related to the App and the Website; (ii) ensuring the functioning of the App and the Website | |
| Analysing use of the App and the Website | Our legitimate interest in (i) analysing the use of the App and the Website to understand the suitability to the user; (ii) improving, upgrading and enhancing the operation of the App and the Website; (iii) developing new features and functionalities | |
| Storing information containing personal data in our backup systems | Our legitimate interest in ensuring the continuity and security of data processing operations | All data categories |
| Complying with legal or regulatory obligations or requests | Performance of legal obligations | |
| Establishing, exercising, or defending legal claims, whether in court proceedings or in an administrative or out-of-court procedure in relation to our, our clients’ or employees’ rights | Our legitimate interest in managing legal claims, facilitating effective establishment, exercise, or defence of legal claims | |
| Arranging the sale, merger or other restructuring of the company and providing information for conducting legal or other audit and the data exchange thereof | Our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful sale, merger or other restructuring of the company |
5. Recipients of Personal Data and Data Transfers
5.1 We may disclose your personal data to separate controllers, who themselves determine the purposes of the processing of personal data or processors, who process your personal data on our behalf. These data recipients belong to the following categories:
| Category | Purpose and legal basis of disclosure |
|---|---|
| Public sector authorities, supervisory and law enforcement authorities |
To fulfil our statutory obligation, a court order, to establish, exercise or defend our legal rights or in other cases where this is necessary to prevent and deter unlawful acts. For example: Estonian Police and Border Guard Board, Estonian Data Protection Inspectorate. The legal basis is performance of our legal obligations or our legitimate interest in facilitating effective establishment, exercise, or defence of legal claims. |
| Professional advisors |
To ensure our proper economic activity and to establish, exercise or defend our legal rights. For example: auditors, legal advisors. The legal basis is our legitimate interest in seeking legal advice and managing legal claims, facilitating effective establishment, exercise, or defence of legal claims. |
| Service providers, contractors |
To help us in providing the Service, including the App and the Website. For example: IT-service providers (cloud service provider, AI service providers). The legal basis is our legitimate interest in providing the App and the Website and ensuring our proper economic activity. |
| Our legal successors and/or potential acquirers of the company |
If necessary and required for successful transfer of our business or for the purposes of merger and/or acquisition, the personal data may be disclosed to the specified acquirers or legal successors and their representatives and/or financial and legal advisors. The legal basis is our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful sale, merger or other restructuring of the company. |
5.2 For service providers located outside the European Union or the European Economic Area (“EU/EEA”), we use safeguards (e.g., standard contractual clauses approved by the European Commission) to ensure that a level of protection of personal data comparable to that applicable in the EU/EEA is applied to your personal data. Upon your request we will make available further information on the safeguards applied.
6. Personal Data Retention Period
6.1 We retain your personal data as long as reasonably necessary to attain the objectives stated in Section 4 of this Notice, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the personal data, we take into account the need to resolve disputes and enforce the contract between us or anonymize your personal data and retain this anonymized information indefinitely.
6.2 Following the retention period or if we no longer need the respective personal data for the purposes specified in Section 4 of the Notice, we delete the respective personal data within a reasonable time, unless the retention of personal data is required to perform duties or fulfil requirements arising from the legislation or to protect against ongoing or threatened disputes.
7. Your Rights as a Data Subject
7.1 You may, at any time, exercise the following rights with respect to our processing of your personal data:
7.1.1 Right to access: you have the right to request access, including receive a copy, of your personal data. This includes the right to be informed on whether we process your personal data, what personal data categories are being processed by us, and the purpose of the data processing;
7.1.2 Right to rectification: you have the right to request that we correct any of your personal data if you believe that we are processing inaccurate or incomplete personal data;
7.1.3 Right to object: you are entitled to object to a certain processing of your personal data, for example when we process your personal data based on our legitimate interest or for direct marketing purposes;
7.1.4 Right to restriction: you have the right to request that we restrict the processing of your personal data, for example if you wish to dispute the accuracy of certain personal data we are processing or if we no longer need the personal data for the purposes of the processing, but you require the personal data to establish, exercise or defend legal claims;
7.1.5 Right to erasure: you have the right to request that we erase your personal data for example if the personal data is no longer necessary for the purposes for which it was collected or if the processing is unlawful;
7.1.6 Right to data portability: you have the right to receive your personal data in a structured, commonly used and machine-readable format if the processing is carried out by automated means and is based on your consent or a mutual contractual relationship. Moreover, you may request that the personal data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;
7.1.7 Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time. The withdrawal of your consent does not affect the lawfulness of the processing of personal data prior to the withdrawal;
7.1.8 Right to contact the supervisory authority: if you are not satisfied with our response to your request in relation to your personal data processing or you believe we are processing your personal data not in accordance with the legislation, you can submit your claim to the data protection authority, e.g., in Estonia to the Estonian Data Protection Inspectorate (in Estonian: Andmekaitse Inspektsioon) at info@aki.ee or www.aki.ee.
7.2 To exercise the above rights, please contact us as specified in Section 2 of this Notice. Please note that you should supply us with adequate information for us to respond to your requests concerning the rights. Prior answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request.
8. Links to Other Websites
Our Website may link to external sites that are not operated by us. Therefore, this Notice does not apply to data processing conducted by such third parties. Please be aware that we have no control over the content and policies of those sites and cannot accept responsibility or liability for their respective privacy practices. To find out more about how such third parties process your personal data, please refer to the respective privacy notices on the other websites you visit.
9. Changes to This Notice
This Notice may be amended or modified from time to time to reflect the changes in the way we process personal data, and in such case, the most recent version of the Notice will be published on this webpage. Please check back periodically, and especially before you provide any new personal data.
Version: October 2025