Privatumo politika

Paskutinį kartą atnaujinta: May 2026

This Privacy Policy describes how Medical Management OÜ ("we", "us", "Baltic Lasers") processes personal data of users of the Baltic Lasers client portal at balticlasers.sheer.ee. We act as a data controller under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the Estonian Personal Data Protection Act.

1. Data controller

Medical Management OÜ
Legal address: Raua tn 32-37, 10120 Tallinn, Harjumaa, Estonia
Registry code: 12273223
VAT number: EE101798101
E-mail: sales@baltic-lasers.eu
Phone: +372 5559 2055

For privacy-related questions please use the e-mail above with "Privacy" in the subject line.

2. Categories of data we process

Depending on which features of the portal you use, we may process the following categories of personal data. Most fields originate from our customer-relationship management system, and only the items listed under "Account data" live exclusively inside the portal database.

• Identification & contact data — first and last name, date of birth, e-mail address(es) with their type (personal / work), phone number(s) with their type, preferred languages of communication, postal addresses, and the e-mail newsletters you have opted into.
• Account data — the e-mail used as your portal login, a one-way password hash (bcrypt), per-user permission flags (which features you can use), your role (Owner / Salon Admin / User / system Administrator), session cookies, e-mail-change verification tokens, password-reset tokens, and a small set of UI flags that record which onboarding steps you have completed (whether you have visited the help centre, the shop, the service-request form, etc.) so the dashboard checklist hides itself.
• Company data — the salon, clinic or other organisation linked to your contact, including legal name, registration number, VAT number, country, addresses and telephone / e-mail records. When you submit a request to create a new company, we additionally store the value you typed in the form and, if you press "Verify & autofill", the registered legal name and address returned by the European Commission's VIES service.
• Device data — the medical or aesthetic devices linked to your contact or your company, including brand and model, serial number, warranty start, owner / rental flag, handpieces, location, and on-file producer for matching to manufacturer documentation libraries.
• Service-request data — every service request you file: the request type, message, contact phone / e-mail / address you supplied, the device the request relates to, and any files you attached (photos, videos, PDFs). Request files are forwarded to our CRM together with the request itself and retained there.
• Shop & order data (where applicable) — the contents of your cart, the billing identity selected at checkout (a company snapshot or "Personal order"), the shipping method, parcel-machine code or courier address, contact phone and e-mail, totals, payment method and order status. Order records are kept inside the portal so you can re-open them.
• Help-centre engagement — when you ask a question via the Help / FAQ "Ask a question" form, we store the question text together with a snapshot of your name, login e-mail, phone number and CRM ID at the time of submission so the administrator can reply. We additionally keep anonymous, per-article counts of "Was this helpful? Yes / No" votes and page views; those tallies are not linked to your account.
• Team-management data — when an Owner or Salon Admin invites a colleague through the Team card, we store the invitee's e-mail, the inviter's identity, the chosen role and proposed permissions, and the invite token until the invitation is accepted, expired or superseded.
• Audit, security & usage data — the IP address tied to a password-reset or invite-acceptance request (used for rate-limiting), the timestamps of your submissions, the timestamps of administrative reviews, and a server-side audit log that records which administrator or owner made each privileged change to portal data (e.g. permission flips, role changes, registration approvals, FAQ edits). The audit log is visible only to system administrators.
• Electronic signing data (only when you sign a Baltic Lasers service report) — your typed name, the handwritten signature image you draw on screen, your explicit consent to a simple electronic signature, and the resulting certificate token embedded in the signed PDF. See section 5 below for retention rules specific to signing.

3. Purposes and legal bases

• Operating the portal, authenticating you and showing data about devices and companies serviced by Baltic Lasers — performance of our agreement with you or with the company that authorised your access (Art. 6(1)(b) GDPR), and our legitimate interest (Art. 6(1)(f)) in providing a customer-self-service tool.
• Processing service requests, change requests, company requests and orders — performance of a contract (Art. 6(1)(b)).
• Sending newsletters and marketing materials — only on the basis of your consent (Art. 6(1)(a)), which you can revoke at any time from your dashboard or by replying to any newsletter.
• Logging administrative actions, rate-limiting login and reset attempts, and detecting abuse — our legitimate interest in keeping the portal secure (Art. 6(1)(f)).
• Complying with accounting, tax, warranty and other statutory obligations — legal obligation (Art. 6(1)(c)).

4. Recipients and processors

We share personal data with carefully selected service providers who process it on our behalf under data-processing agreements:

• Our customer-relationship management (CRM) provider — stores contact, company, device, service-request and order records. Most personal data the portal works with is held in that system rather than on the portal itself. We can name the provider on request.
• Microsoft 365 / SharePoint Online (Microsoft Corporation) — manufacturer documentation, device materials and brand libraries available to portal users with the matching permission. Accessed via the Microsoft Graph API.
• Our hosting provider — runs the portal application, the underlying database files and the file-upload directories on infrastructure located in the European Union.
• Our outgoing-mail provider — relays transactional e-mail (registration approvals, password resets, e-mail-change verification, team invites, change-request decisions, FAQ-question replies). Used for delivery only; we do not authorise the provider to use your address for any other purpose.
• European Commission VIES service — when a portal user clicks "Verify VAT" on a company-edit or company-request form, the VAT number is sent to VIES (ec.europa.eu) and the response (registered legal name and address, validity flag, lookup timestamp) is cached on our side for 24 hours to avoid duplicate calls.
• Omniva (AS Eesti Post) — when you choose a parcel-machine delivery at checkout, the list of available machines is fetched from Omniva for the chosen country.
• EveryPay (when card / bank-link payment is enabled) — order totals and the order ID are sent to EveryPay for payment processing. Card numbers are entered on EveryPay's page directly and never reach our servers.
• jsDelivr (Volentio JSD Limited) — a content delivery network used by the portal's administrator pages to load the rich-text editor for FAQ articles. Regular portal users do not load any third-party scripts from CDNs.
• Google Fonts — the portal references typeface files from Google's font CDN. Your browser sends an HTTP request to Google when the page loads; this is unavoidable for the visual styling we rely on.

We do not sell or rent personal data, and we do not run third-party tracking, advertising or analytics scripts on the portal pages used by signed-in clients.

5. International transfers

Data may be transferred outside the European Economic Area only where the processor provides appropriate safeguards (Standard Contractual Clauses approved by the European Commission, or equivalent). Several of our processors operate multi-region cloud services and provide EU-data-boundary commitments together with standard contractual clauses that we rely on.

6. Retention

• Your portal account is retained for as long as you are an authorised contact of one of our customers. You may delete it yourself at any time from Edit profile → Danger zone → Delete my account; we then remove your portal login row immediately. The matching contact in our CRM is not deleted by that action — see "Your rights" below to request CRM-level deletion as well.
• Service requests and orders are retained until their parent contract / device record is closed and then kept for a further seven (7) years to satisfy accounting and warranty obligations.
• Single-use tokens (password-reset tokens, e-mail-change tokens, team invites) expire automatically (30 minutes for password resets, 60 minutes for e-mail change, 30 days for team invites). Used or expired tokens are kept in the audit trail for security review for six (6) months.
• Audit-log entries are kept for two (2) years.
• Rate-limit counters are deleted automatically within 15 minutes of the last attempt.
• FAQ help engagement (anonymous Yes / No counts and view counters) is kept for the lifetime of the article and is never tied to a user record.
• Electronic-signature artefacts — once a signed PDF has been delivered to its destination, the raw handwritten-signature image and the working envelope are removed. Only the final PDF (which embeds the signatures and certificate page) is retained, in line with the agreement under which it was signed.

7. Your rights

Under the GDPR you have the right to:

• access your personal data and receive a copy;
• request correction of inaccurate data — most profile and company fields can be corrected directly from your profile and company pages, subject to administrator review;
• request erasure of data that is no longer necessary. Self-serve account deletion removes the portal-side record only; to also remove the underlying CRM contact, please e-mail us;
• restrict or object to certain processing activities;
• receive your data in a portable, machine-readable format;
• withdraw consent for newsletters at any time, directly from the dashboard's subscription toggles or by replying to any newsletter;
• lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).

To exercise any of these rights, please write to sales@baltic-lasers.eu from the e-mail address registered with your account. We respond within one month.

8. Cookies and local storage

The portal uses a small number of strictly-necessary technical cookies and browser-storage entries:

• PHPSESSID — first-party session cookie that keeps you signed in. Cleared when you log out or close the browser. Set with HttpOnly, SameSite=Lax and (over HTTPS) the Secure flag.
• An anti-CSRF token stored inside the same session.
• localStorage — your dismissal of the welcome tour and your saved Grid / List view preference for the shop.
• sessionStorage — short-lived flags that prevent the same FAQ page-view counter or the same Y/N vote from being registered twice in the same browser tab.

The portal does not use third-party tracking, advertising or analytics cookies, and does not embed any third-party social-media widgets that would set cookies.

9. Security

We protect your data with TLS in transit, hashed passwords at rest (bcrypt / argon2), role-based access control, per-permission feature gates, server-side validation of every modification, IP- and email-based rate limiting on authentication endpoints, file-type and file-size enforcement on uploads, an HTML whitelist sanitiser on rich-text content, and a server-side audit log of administrative actions. Suspected security incidents can be reported to us by e-mail; we acknowledge reports within 72 hours.

10. Children

The portal is a B2B tool for authorised employees of our customers. It is not directed at children under 16, and we do not knowingly collect personal data from minors.

11. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced on the login page, on the dashboard after sign-in, and by e-mail to active account holders.