Privātuma politika
Pēdējoreiz atjaunināts: 3 July 2026
This Privacy Policy describes how Medical Management OÜ
("we", "us", "Baltic Lasers") processes personal data of users of
the Baltic Lasers client portal at
customer.baltic-lasers.eu. We act as a data controller
under the EU General Data Protection Regulation (Regulation (EU)
2016/679, "GDPR") and the Estonian Personal Data Protection Act.
1. Data controller
Medical Management OÜ
Legal address: Raua tn 32-37, 10120 Tallinn, Harjumaa, Estonia
Registry code: 12273223
VAT number: EE101798101
E-mail: sales@baltic-lasers.eu
Phone: +372 5559 2055
For privacy-related questions please use the e-mail above with "Privacy" in the subject line.
2. Categories of data we process
Depending on which features of the portal you use, we may process the following categories of personal data. Most fields originate from our customer-relationship management system, and only the items listed under "Account data" live exclusively inside the portal database.
- Identification & contact data — first and last name, date of birth, e-mail address(es) with their type (personal / work), phone number(s) with their type, preferred languages of communication, postal addresses, and the e-mail newsletters you have opted into.
- Account data — the e-mail used as your portal login, a one-way password hash (bcrypt), per-user permission flags (which features you can use), your role (Owner / Salon Admin / User / system Administrator), session cookies, e-mail-change verification tokens, and password-reset tokens.
- Company data — the salon, clinic or other organisation linked to your contact, including legal name, registration number, VAT number, country, addresses and telephone / e-mail records. When you submit a request to create a new company, we additionally store the value you typed in the form and, if you press "Verify & autofill", the registered legal name and address returned by the European Commission's VIES service.
- Device data — the medical or aesthetic devices linked to your contact or your company, including brand and model, serial number, warranty start, owner / rental flag, handpieces, location, and on-file producer for matching to manufacturer documentation libraries.
- Service-request data — every service request you file: the request type, message, contact phone / e-mail / address you supplied, the device the request relates to, and any files you attached (photos, videos, PDFs). Request files are forwarded to our CRM together with the request itself and retained there.
- Shop & order data (where applicable) — the contents of your cart, the billing identity selected at checkout (a company snapshot or "Personal order"), the shipping method, parcel-machine code or courier address, contact phone and e-mail, totals, payment method and order status. Order records are kept inside the portal so you can re-open them.
- Help-centre engagement — when you ask a question via the Help / FAQ "Ask a question" form, we store the question text together with a snapshot of your name, login e-mail, phone number and CRM ID at the time of submission so the administrator can reply. We additionally keep anonymous, per-article counts of "Was this helpful? Yes / No" votes and page views; those tallies are not linked to your account.
- Team-management data — when an Owner or Salon Admin invites a colleague through the Team card, we store the invitee's e-mail, the inviter's identity, the chosen role and proposed permissions, and the invite token until the invitation is accepted, expired or superseded.
- Audit, security & usage data — the IP address tied to a password-reset or invite-acceptance request (used for rate-limiting), the timestamps of your submissions, the timestamps of administrative reviews, and a server-side audit log that records which administrator or owner made each privileged change to portal data (e.g. permission flips, role changes, registration approvals, FAQ edits). The audit log is visible only to system administrators.
- Support-chat data — messages you send through the portal's chat widget, any files you attach, and a chat session token that keeps the conversation attached to your browser. Conversations are relayed to our service team through our CRM provider's messaging service and are retained for up to 24 months after the last message.
- Feedback reports — if you use the Feedback button, we store your note, the page you were on, browser and viewport details, recent script errors from that page, an optional screenshot you explicitly attach, and — if you are signed in — your account identity. Guests can send feedback too; those reports carry no identity.
- Public locator listing — where your device sales contract includes the public-locator clause and the device's locator switch is on, we publish on the public customer map: the salon / spot name, country, the device's installation address, the device brand and model, and the public contact fields you chose to fill in (website, Instagram, public e-mail, public phone). You can switch the listing off per device at any time in Equipment → Edit.
- Pageview statistics (only if you accept analytics in the cookie banner) — the page path, a coarse device class, a salted one-way hash of your IP address and, for signed-in users, a pseudonymous account identifier used to count unique visitors. No third-party analytics service is involved.
- Electronic signing data (only when you sign a Baltic Lasers service report) — your typed name, the handwritten signature image you draw on screen, your explicit consent to a simple electronic signature, and the resulting certificate token embedded in the signed PDF. See section 5 below for retention rules specific to signing.
3. Purposes and legal bases
- Operating the portal, authenticating you and showing data about devices and companies serviced by Baltic Lasers — performance of our agreement with you or with the company that authorised your access (Art. 6(1)(b) GDPR), and our legitimate interest (Art. 6(1)(f)) in providing a customer-self-service tool.
- Processing service requests, change requests, company requests and orders — performance of a contract (Art. 6(1)(b)).
- Sending newsletters and marketing materials — only on the basis of your consent (Art. 6(1)(a)), which you can revoke at any time from your dashboard or by replying to any newsletter.
- Logging administrative actions, rate-limiting login and reset attempts, and detecting abuse — our legitimate interest in keeping the portal secure (Art. 6(1)(f)).
- Complying with accounting, tax, warranty and other statutory obligations — legal obligation (Art. 6(1)(c)).
4. Recipients and processors
We share personal data with carefully selected service providers who process it on our behalf under data-processing agreements:
- Our customer-relationship management (CRM) provider — stores contact, company, device, service-request and order records, and relays support-chat conversations to our service team. Most personal data the portal works with is held in that system rather than on the portal itself. We can name the provider on request.
- Microsoft 365 / SharePoint Online (Microsoft Corporation) — manufacturer documentation, device materials and brand libraries available to portal users with the matching permission. Accessed via the Microsoft Graph API.
- Our hosting provider — runs the portal application, the underlying database files and the file-upload directories on infrastructure located in the European Union.
- Our outgoing-mail provider — relays transactional e-mail (registration approvals, password resets, e-mail-change verification, team invites, change-request decisions, FAQ-question replies). Used for delivery only; we do not authorise the provider to use your address for any other purpose.
- European Commission VIES service — when a portal user clicks "Verify VAT" on a company-edit or company-request form, the VAT number is sent to VIES (ec.europa.eu) and the response (registered legal name and address, validity flag, lookup timestamp) is cached on our side for 24 hours to avoid duplicate calls.
- Omniva (AS Eesti Post) — when you choose a parcel-machine delivery at checkout, the list of available machines is fetched from Omniva for the chosen country.
- EveryPay (when card / bank-link payment is enabled) — order totals and the order ID are sent to EveryPay for payment processing. Card numbers are entered on EveryPay's page directly and never reach our servers.
- No script CDNs — all JavaScript and CSS the portal uses (including the map library and image-conversion helpers) is self-hosted from this site. Your browser does not load code from any third-party CDN.
- GitHub, Inc. — encrypted infrastructure backups: a nightly snapshot of the portal's data directory is stored as a private build artefact for up to 90 days for disaster recovery. GitHub processes this under standard contractual clauses / the EU-US Data Privacy Framework (see "International transfers").
- Fonts — typefaces are self-hosted
from this site (served from
/assets/fonts/). Your browser does not contact Google Fonts or any third-party font CDN. - DPD (DPD Eesti AS, when DPD parcel-locker delivery is enabled) — the recipient's name and phone number are sent to register a parcel-locker shipment for your order.
- SmartAccounts (when proforma invoicing is enabled) — the billing name, registry / VAT number and billing address are sent so a proforma invoice can be issued.
- Sentry (Functional Software, Inc. — EU region) — receives application error reports for monitoring and debugging: technical error details, the request path, your user ID and IP address. Personal-data fields such as name, e-mail, phone and address are stripped before sending; payment and credential data are never sent.
- OpenStreetMap / Nominatim (OpenStreetMap Foundation, EU) — used only for the public customer-locator map: installation addresses are geocoded to map coordinates (no names are sent), and the map's background tiles load from OpenStreetMap when you open the locator.
- Telegram — an optional internal channel for staff operational alerts (e.g. “a new order was placed”). These alerts carry no customer personal data — only a generic notice; full details remain in our e-mail channel and inside the portal.
We do not sell or rent personal data, and we do not run any third-party tracking, advertising or analytics scripts. We keep first-party, server-side pageview statistics (page, coarse device class, a salted one-way hash of your IP and, for signed-in users, a pseudonymous account identifier) only if you accept analytics in the cookie banner — decline and none is collected.
5. International transfers
Data may be transferred outside the European Economic Area only where the processor provides appropriate safeguards (Standard Contractual Clauses approved by the European Commission, or equivalent). Several of our processors operate multi-region cloud services and provide EU-data-boundary commitments together with standard contractual clauses that we rely on.
6. Retention
- Your portal account is retained for as long as you are an authorised contact of one of our customers. You may delete it yourself at any time from Edit profile → Danger zone → Delete my account; we then remove your portal login row immediately. The matching contact in our CRM is not deleted by that action — see "Your rights" below to request CRM-level deletion as well.
- Service requests and orders are retained until their parent contract / device record is closed and then kept for a further seven (7) years to satisfy accounting and warranty obligations.
- Single-use tokens (password-reset tokens, e-mail-change tokens, team invites) expire automatically (30 minutes for password resets, 60 minutes for e-mail change, 30 days for team invites). Reset tokens are stored only as a one-way hash, and used or expired tokens are purged by our retention housekeeping once they are no longer valid.
- Support-chat conversations are deleted 24 months after the last message, together with attached files.
- Sales and materials inquiries are kept for 12 months; the technical IP address stored with a sales inquiry is removed after 30 days.
- Questions submitted via the Help / FAQ form are kept for 12 months (published FAQ articles themselves are content, not personal data).
- Company-creation requests are removed 30 days after they are approved or rejected.
- Feedback reports (including screenshots) are deleted after 6 months.
- Delivery and parcel-tracking records are kept for 24 months.
- Audit-log entries are kept for fourteen (14) days.
- Rate-limit counters are deleted automatically within 15 minutes of the last attempt.
- FAQ help engagement (anonymous Yes / No counts and view counters) is kept for the lifetime of the article and is never tied to a user record.
- Electronic-signature artefacts — once a signed PDF has been delivered to its destination, the raw handwritten-signature image and the working envelope are removed. Only the final PDF (which embeds the signatures and certificate page) is retained, in line with the agreement under which it was signed.
7. Your rights
Under the GDPR you have the right to:
- access your personal data and receive a copy;
- request correction of inaccurate data — most profile and company fields can be corrected directly from your profile and company pages, subject to administrator review;
- request erasure of data that is no longer necessary. Self-serve account deletion removes the portal-side record only; to also remove the underlying CRM contact, please e-mail us;
- restrict or object to certain processing activities;
- ask us for a copy of the personal data we hold about you (handled on request — e-mail us);
- withdraw consent for newsletters at any time, directly from the dashboard's subscription toggles or by replying to any newsletter;
- lodge a complaint with the Estonian Data Protection Inspectorate (aki.ee).
To exercise any of these rights, please write to sales@baltic-lasers.eu from the e-mail address registered with your account. We respond within one month.
8. Cookies and local storage
The portal uses a small number of strictly-necessary technical cookies and browser-storage entries:
PHPSESSID— first-party session cookie that keeps you signed in. Cleared when you log out or close the browser. Set withHttpOnly,SameSite=Laxand (over HTTPS) theSecureflag.- An anti-CSRF token stored inside the same session.
localStorage— your saved Grid / List view preference for the shop.bls_chat_token— links your support-chat conversation to your browser so the thread survives page changes. Set only when you start a chat (submitting the chat contact form or sending your first message), never on mere browsing. 90 days,HttpOnly,SameSite=Lax,Secureover HTTPS.bls_announce_hide— session cookie remembering that you closed the announcement bar; disappears when the browser closes.sessionStorage— short-lived flags that prevent the same FAQ page-view counter or the same Y/N vote from being registered twice in the same browser tab.bl_lang— remembers your chosen interface language (1 year).bls_consent— remembers whether you accepted or declined analytics in the cookie banner (1 year), so we do not ask again.
The portal does not use third-party tracking or advertising cookies, and does not embed any third-party social-media widgets that would set cookies. First-party pageview analytics runs only with your consent (see the cookie banner) and sets no tracking cookie of its own.
9. Security
We protect your data with TLS in transit, hashed passwords at rest (bcrypt / argon2), role-based access control, per-permission feature gates, server-side validation of every modification, IP- and email-based rate limiting on authentication endpoints, file-type and file-size enforcement on uploads, an HTML whitelist sanitiser on rich-text content, and a server-side audit log of administrative actions. Suspected security incidents can be reported to us by e-mail; we acknowledge reports within 72 hours.
10. Children
The portal is a B2B tool for authorised employees of our customers. It is not directed at children under 16, and we do not knowingly collect personal data from minors.
11. Changes to this policy
We may update this policy as the service evolves. Material changes will be announced on the login page, on the dashboard after sign-in, and by e-mail to active account holders.