Ovumia Tallinna`s Privacy Policy

Ovumia Tallinn (Nova Vita) data processing conditions

Effective as of 29 September 2025

Previous data processing terms and conditions can be found here

1.Introduction and application of the terms and conditions

1.1 Personal data is any information about an identified or identifiable natural person, i.e. a data subject. Personal data includes, for example, a person’s name, address, contact details, etc. Personal data also includes special categories of personal data, which include, among other things, person’s health data. The processing of personal data includes any operation performed on personal data.

1.2 These personal data processing terms and conditions (hereinafter: Terms and Conditions) apply in all cases where Ovumia Tallinn (Nova Vita) (hereinafter: the Clinic) processes the personal data of natural persons (hereinafter: Data Subjects) as a controller in connection with the provision of healthcare services to patients (hereinafter: Patients) and the provision of any other services to other Data Subjects. These Terms and Conditions also apply in situations where a Data Subject applies for a job at the Clinic or the Clinic is actively seeking new employees.

1.3 These Terms and Conditions describe the principles and rules on the basis of which the Clinic processes the personal data of Data Subjects (including Patients). The protection of personal data is a priority for the Clinic. The Clinic asks all Data Subjects to carefully read these Terms and Conditions and to contact us if they have any questions (see contact details at2 ).

1.4 The processing of personal data at the Clinic is carried out in accordance with the requirements of the legislation in force in the Republic of Estonia and the provisions of the European Union’s General Data Protection Regulation (EU) 2016/679 (hereinafter: GDPR), as well as in accordance with the Clinic’s data processing rules, which have been established on the basis of legislation. The Clinic also bases its processing on the provisions of the Health Services Organisation Act (hereinafter: HSOA) and the Artificial Insemination and Embryo Protection Act (hereinafter: AIEPA).

1.5 The definitions used in these Terms and Conditions (e.g. controller, personal data, processing, etc.) have the meanings set out in the GDPR and other relevant legislation.

1.6 The Terms and Conditions are valid from the above date. The Clinic has the right to unilaterally amend the Terms and Conditions. Data subjects will be notified of any changes to the Terms and Conditions by e-mail or by uploading the new Terms and Conditions to the website. In any case, the Clinic recommends that Data Subjects visit this page from time to time and familiarise themselves with any changes to the Terms and Conditions.

1.7 If the Terms and Conditions are available in several languages, the Estonian version shall prevail in case of discrepancies.

2. Data controller

2.1 The controller of personal data in the cases specified in the Terms and Conditions is Ovumia Tallinn, i.e. the Clinic, whose registered name is Aktsiaselts Nova Vita Kliinik, registration code 10285009, and address A. H. Tammsaare tee 47, 11316, Tallinn. The Clinic’s website can be found at https://ovumia.ee/ (hereinafter: Website).

2.2 Questions regarding the processing of personal data should be addressed to the Clinic’s data protection specialist at the following e-mail address privacy@novavita.ee.

3. Purposes, categories, legal bases and retention periods for the processing of personal data

3.1 The Clinic processes personal data only for specific purposes and in accordance with applicable legislation. The following provides an overview of the purposes for which personal data is processed, i.e. the reasons why the Clinic processes personal data. For each purpose, we describe whose personal data is processed, what personal data is processed, and what the legal basis for processing is in accordance with applicable legislation.

3.2 Performing activities prior to the provision of healthcare services or other services offered by the Clinic

Processing for this purpose includes activities aimed at planning the provision of healthcare services, such as registering for appointments, preparing for appointments, and communicating in the context of preparing healthcare or other services, including transmission of information, etc.

Within the scope of this purpose, the Clinic primarily processes the personal data of Patients, but in certain cases also the personal data of the Patient’s family members or other close persons, provided by the Patient.

As a general rule, the following personal data is processed: Patient’s name, date of birth, personal identification code, permanent address, telephone number and e-mail address, citizenship; reason why the Patient wishes to attend an appointment and the type of healthcare service requested; the Patient’s gender and identity-related data; data related to booking an appointment; other data that the Patient may disclose; and information about health insurance. The Patient’s health data is also processed. If the receptionist communicates with the Patient (or another Data Subject) by telephone, the call may be recorded. In addition, in certain cases, the personal data of the Patient’s spouse or partner (name, contact details) and the personal data of the Patient’s family members (the Patient is asked whether there are any hereditary health problems in the family, but the names of such persons are not specified) – and this data is processed only to the extent that the Patient discloses it themselves, and the Clinic does not view the family member’s data from the Health Portal without the family member’s consent.

In addition, depending on the specific healthcare service provided, the following personal data is also processed:

Information about family and occupation: such as the name and personal identification code of the partner, the Patient’s occupation, marital status, length of relationship, number of children and, if necessary, the fact of living abroad.
Health data: such as the health data of the Patient and their family members (including the occurrence of diseases and developmental disorders in the family).
Lifestyle and habits data: such as daily habits, lifestyle, reason for donating (for donors) and hobbies.
Education data, i.e. level of education (but only in the case of donors).
Physical characteristics: such as hair, eye and skin colour, height, weight, general appearance and social and ethnic background.

The legal basis for the processing of personal data, insofar as the Clinic processes personal data for the purpose of performing activities prior to the provision of healthcare services, is section 4¹ subsection 1 point 2 of the HSOA. If the Patient visits the Clinic to receive a service other than healthcare, the basis for the processing of personal data is the Patient’s request pursuant to Article 6(1)(b) of the GDPR.

3.3 Provision of healthcare services or other services and performance of necessary activities

Processing for this purpose includes activities such as diagnosing and treating the Patient, communication in the context of providing healthcare services, follow-up care and monitoring, and related tasks.

For this purpose, the Clinic processes the following personal data of the following Data Subjects:

Personal data of Patients and their family members – the same personal data as described above under the previous purpose (see section 2 – “performing activities prior to the provision of healthcare services or other services offered by the Clinic”).
Personal data of the person paying for healthcare services – the name and payment details of the relevant person.

If the Clinic processes personal data for the purpose of providing healthcare services and performing necessary procedures, the legal basis for the processing of personal data is section 4¹ subsection 1 point 1 of the HSOA. If the Clinic provides the Patient with a service that is not a healthcare service, the legal basis for processing is the contract concluded between the Clinic and the Patient in accordance with Article 6(1)(b) of the GDPR. If a person other than the Patient pays for the service, the Clinic will process their personal data on the basis of the Clinic’s legitimate interest (Article 6(1)(f) of the GDPR). The Clinic’s legitimate interest is to receive payment for the service provided and thereby process the payer’s personal data.

3.4 Quality management of healthcare services, including handling of compliance issues and documentation of patient safety incidents

Processing for this purpose includes activities such as retrospective investigation and analysis of the services provided, handling Patient complaints and documenting Patient safety incidents in accordance with the law. The Clinic’s complaints procedure can be found here (https://ovumia.ee/patsiendi-tagasiside/kaebuste-esitamise-kord/).

For the respective purpose, the Clinic processes the following data:

The Patient’s personal and health data (depending on the case or complaint) and, in the case of a complaint, the personal data contained in the complaint.
Personal data of the Patient’s representative, if the complaint is submitted by a representative – the representative’s name, basis for representation and contact details.
Clinic employee data, such as the name of the person involved in providing the healthcare service and data related to the provision of the service.

The legal basis for processing is to ensure the quality of healthcare services and to document patient safety incidents pursuant to section 4¹ subsection 1 point 3 of the HSOA and Article 9(2)(f) of the GDPR.

3.5 Fulfilment of the Clinic’s obligations under the law

Processing for this purpose includes activities that the Clinic is required to perform in accordance with applicable law.

For the respective purpose, the Clinic processes the following data:

Any personal data of any Data Subject in accordance with the obligation set out in the legislation.
In order to fulfil the obligations set out in the AIEPA, the Clinic processes, for example, the following personal data: the Patient’s consent to the relevant procedure (e.g. artificial insemination); data related to the documentation obligation; health data in accordance with the requirements of the AIEPA; consultation and consent reports and relevant personal data; the Patient’s first and last name, personal identification code, residential address, contact details (telephone/fax number, e-mail address), marital status, blood type and Rhesus factor, indication for artificial insemination, accompanying diagnoses, previous pregnancies (terminated by abortion, childbirth), medical history; data on previous sperm analyses of the spouse or donor who donated sperm for the Patient’s artificial insemination.
In order to fulfil the obligations set out in the HSOA, the Clinic processes, for example, the following personal data: the Patient’s consent to the relevant procedure; data related to the documentation obligation; health data in accordance with the requirements of the HSOA; the Patient’s personal data entered in the health card.
In order to fulfil its obligations under the Accounting Act, the Clinic processes personal data stored in accounting documents (e.g. payment data).

If the Clinic’s obligation is related to the provision of healthcare services, the legal basis is section 4¹ subsection 1 point 1 of the HSOA and the relevant provision of the legal act requiring the fulfilment of the specific obligation, including the provisions of AIEPA. If the Clinic’s obligation is to document a patient safety incident, the relevant legal basis is section 4¹ subsection 1 point 3 of the HSOA. If health data is not processed, the legal basis is Article 6(1)(c) of the GDPR.

3.6 Exercising the Clinic’s rights

For this purpose, processing includes actions that consist of exercising and protecting the Clinic’s rights. The specific actions are determined on a case-by-case basis in accordance with the legal rights exercised by the Clinic. Such rights may also include the filing of legal claims, which may involve the processing of personal data.

For this purpose, the Clinic processes any personal data of any Data Subject in accordance with the legal rights exercised by the Clinic.

If the Clinic processes special categories of personal data (e.g. health data) for the purpose of establishing, exercising or defending legal claims, the legal basis is Article 9(2)(f) of the GDPR. Other personal data is processed by the Clinic on the basis of Article 6(1)(f) of the GDPR, i.e. on the basis of legitimate interest. The Clinic’s legitimate interest is to protect and exercise its rights at its own discretion.

3.7 Compilation of statistics or scientific research

In general, data is anonymised before being processed for statistical or research purposes, which means that it no longer qualifies as personal data and the requirements for processing personal data (including the GDPR) do not apply to it. However, in rare cases, personalised data may be processed for statistical or scientific purposes.

In situations where personal data is processed, the personal data consist of the Patient’s health data.

When personal data is processed, the legal basis is the Patient’s prior explicit consent in accordance with Article 9(2)(a) of the GDPR. If the Data Subject has not given their consent, their personal data will not be processed for the respective purpose.

3.8 Advertising the Clinic

In certain cases, the Clinic may also process personal data for the purpose of advertising the Clinic (e.g. for the creation and publication of advertising materials, including photos, on the Website and social media).

In such cases, the following personal data of the Data Subject may be processed: name, position, location, type of services purchased, photo and other personal data that may be included in the advertisement.

Personal data will only be processed for the purpose of advertising the Clinic in situations where the Data Subject’s prior consent has been obtained (in accordance with Article 6(1)(a) of the GDPR, or explicit consent for the processing of health data in accordance with Article 9(2)(a) of the GDPR). If the Data Subject has not given their consent, their personal data will not be processed for the respective purpose.

3.9 Finding job applicants and assessing their suitability for the position

Processing for this purpose includes activities necessary for finding job applicants for the Clinic (e.g. searching for suitable candidates through relevant service providers) and assessing the suitability of applicants for the job (e.g. communicating with applicants).

For this purpose, the Clinic may process, among other things, the following personal data of job applicants or candidates: name, occupation, e-mail, telephone number, address, CV, education, work experience, skills, qualifications and other data found in public sources.

If a person applies for a job at the Clinic themselves, the legal basis for the processing of personal data is Article 6(1)(b) of the GDPR, i.e. taking steps prior to entering into a contract at the request of the candidate. If the Clinic itself is actively seeking new potential employees, the legal basis for processing is the Clinic’s legitimate interest (Article 6(1)(f) of the GDPR) – the Clinic’s legitimate interest is to find new employees. If the candidate is not hired, but the Clinic wishes to retain their data for longer than one year after the end of the recruitment process, the data will only be retained with the consent of the candidate (Article 6(1)(a) of the GDPR).

3.10 Enabling the functioning of the Website

Processing for this purpose includes the collection and processing of data using essential cookies.

For this purpose, the Clinic may process data related to the functioning of the Website, e.g. data on the consent and language preferences of Website visitors. Additional information about cookies is provided below in section 8 of the Terms and Conditions.

The legal basis for the processing of personal data is the provision of the Website as a service and the performance of the relevant contract in accordance with Article 6(1)(b) of the GDPR.

3.11 Creating website visit statistics and analysing usage

For this purpose, processing includes the collection and processing of data using relevant cookies to create Website visit statistics and analyse its use.

Personal data that may be processed for this purpose is collected using analytical cookies and relates to the use and visitation of the Website, i.e. it is data about the use of the Website (e.g. actions on the page). Additional information about cookies is provided below in section 8 of the Terms and Conditions.

The legal basis for the processing of personal data is the consent of the Website visitor in accordance with Article 6(1)(a) of the GDPR. The Website visitor has the right to withdraw their consent at any time.

3.12 Display of personalised advertisements

The Clinic may process certain personal data in order to display the Clinic’s advertisements on other websites to persons who have visited the Website after they have visited the Clinic’s Website. Processing for this purpose involves the collection and processing of data using relevant cookies.

The personal data that may be processed for this purpose is collected using marketing cookies and relates to the history of visits to websites, i.e. it is data about the use of the Clinic’s Website (e.g. actions on the page) and the history of visits to other websites. For the sake of clarity, we note that the Clinic never processes health data for this purpose. Additional information about cookies is provided below in section 8 of the Terms and Conditions.

3.13 Displaying content and features from other websites and platforms

The Clinic may process personal data in order to display content (e.g. videos) from other websites and platforms on its Website or to enable various functions.

In such cases, the personal data processed shall include data that the Website visitor makes available or transmits while visiting the Website, or data collected by cookies regarding the Website visitor’s use of the Website.

4. Sources and disclosure of personal data

4.1 The Clinic may obtain the Patient’s personal data either directly from the Patient or from third-party sources. Such third-party sources may include, in particular, the health information system, other healthcare providers, the Health Insurance Fund, the Prescription Centre, the Image Bank or other health-related information technology environments, insurance providers, or, in certain cases, the Patient’s representative or relative. The Clinic obtains the personal data of job applicants both from the job applicants themselves and from public third-party sources (e.g. the internet). The Clinic obtains the data of Website visitors primarily through the Website. The Clinic may also obtain the personal data of other Data Subjects either from the Data Subject themselves or from a third party.

4.2 The submission of various personal data related to the provision of healthcare services to the Clinic is mandatory, as the Clinic is obliged to comply with the procedures for the provision, documentation and quality management of healthcare services set out in legislation, which require the collection and processing of certain personal data. If the required data is not submitted, the Clinic cannot provide healthcare services to the Patient. Similarly, if a job applicant decides not to disclose their data, they cannot apply for the job. Where the Clinic has not made the submission of personal data mandatory, the submission of such data is voluntary and failure to submit it will not result in any adverse consequences for the Data Subject.

5. Retention of personal data

5.1 The Clinic only keeps personal data for as long as it’s needed to achieve the purpose of processing the personal data or as required by applicable law.

5.2 When storing health data, the Clinic follows the following principles:

The logs of the information system used by the Clinic are stored for 5 years.
Documents created from 15 March 2019 are stored as follows: pursuant to section 4² subsections 4 and 5 of the HSOA, data certifying the provision of health care services is stored for 30 years after the confirmation of data concerning the services provided to the Patient. Contrary to the aforementioned period, the following data certifying the provision of healthcare services shall be retained for the following periods: (i) data from a student’s health card for five years after graduation or leaving school, as well as data from an ambulance card and a referral letter and the response to the referral letter for five years after the data has been confirmed; (ii) data from a death certificate and a cause of death notification for ten years after the data has been confirmed; (iii) tissue samples containing health data taken for the purpose of performing a post-mortem examination shall be retained for as long as necessary for the provision of health care services, but for no longer than 30 years after the data has been confirmed; (iv) autopsy report data for 30 years after the data has been confirmed; (v) data from blood cards, transfusion reports and post-transfusion reaction reports for 30 years after the death of the person.
Health records created before 15 March 2019 will be retained for at least 110 years from the Patient’s date of birth, and referral letter (health document) data will be retained for 5 years after the data has been confirmed. Other documents created before 15 March 2019 shall be retained as follows: (i) pregnancy records for at least 110 years from the date of birth of the Patient; (ii) medical history records for at least 30 years after their completion; (iii) nursing records for at least 30 years after their completion; (iv) anaesthesia records for at least 15 years; (v) tissue samples containing health data taken for the purpose of performing a post-mortem examination shall be stored in accordance with the need to provide health care services, but for no longer than 30 years from the date of confirmation of the data.

5.3 In addition, the following rules apply to the storage of personal data:

Recordings of telephone calls shall be stored for 2 months.
If personal data is processed for the purposes set out in section 7 (statistical or research purposes), personal data shall be stored until the Data Subject withdraws their consent or for a maximum of 7 years.
If personal data is processed for the purposes set out in section 9 (finding job candidates and assessing their suitability for the position), personal data will be stored as follows: personal data will be deleted one year after the end of the recruitment process if no employment contract or other similar contract is concluded with the candidate; alternatively, if the candidate gives their consent to the longer storage of data, personal data will be stored until the consent is withdrawn, but in any case for no longer than 3 years.
In accordance with the Accounting Act, accounting documents are retained for 7 years from the end of the relevant financial year.
The rules set out in section 2 apply to the storage of cookies.

6.Transfer of personal data to third parties

6.1 The Clinic will only transfer personal data to third parties if such a right or obligation is provided for by law or if the transfer of personal data to third parties is necessary for the provision of services to the Patient or for the performance of the Clinic’s daily tasks.

6.2 The Clinic may transfer personal data to third parties in the following cases, who generally act as authorised processors on behalf of the Clinic:

The Clinic transfers personal data (including health data) to medical software service providers that the Clinic uses in its daily activities to provide healthcare services to Patients, such as Connected OÜ (Estonian company), which manages the eKliinik system; Trafore Oy (Finnish company), which manages the Babe system; Medisoft AS (Estonian company), which manages the LIISA system. For the above reason, the Clinic also makes personal data (including health data) available to its IT systems and server service provider, Datafox OÜ (Estonian company).
The Clinic transfers personal data (including health data) to service providers who provide laboratory services to the Clinic and thereby analyse the sample material taken from the Patient by the Clinic and forward the results to the Clinic. This is necessary for the Clinic to provide healthcare services to the Patient. Such service providers include SYNLAB Eesti OÜ (Estonian company), Igenomix UK Ltd (UK company), GENNET, s.r.o (Czech company) and SIA Ivf Riga (Latvian company).
The Clinic may also make personal data available to Microsoft Ireland Operations, Ltd (an Irish company) to a certain extent, as the Clinic uses Microsoft programmes such as Microsoft Office on its computers.
Access to telephone call recordings is provided by Telia (Telia Eesti AS, Estonian company), which provides the recording service.
The clinic makes accounting documents containing personal data available to its accounting service provider, eLMEK Accounting OÜ (Estonian company).
The Clinic may also make candidates’ data available to CV Keskus OÜ (Estonian company). In certain cases, CV Keskus is also considered a separate controller.
The Clinic may also disclose Website-related data to the following third parties: (i) marketing service provider (Folcan Oy, Finnish company); (ii) analytical and marketing cookie service provider (Google LCC, Irish company); (iii) chat service provider. In certain cases, Google is also considered a separate controller.

6.3 All authorised third-party processors to whom the Clinic transfers personal data ensure the protection of personal data in accordance with the legislation regulating the protection of personal data, including the GDPR. They also ensure the confidentiality of the data. As a general rule, the Clinic never transfers personal data outside the European Economic Area, except in one case where personal data is transferred to the United Kingdom (see above), which ensures the protection of personal data at least to the same extent as in the European Union.

6.4 The Clinic may also transfer personal data to third parties who, as a general rule, process personal data as independent controllers, as explained below:

When providing healthcare services to the Patient, the Clinic transfers personal data to the health information system, which is a central national database, in accordance with applicable law through which healthcare providers can exchange data with each other and view health data sent by other healthcare providers about the Patient. The joint controllers of the health information system are the Ministry of Social Affairs and the Health Insurance Fund (formerly known as the Health Insurance Board), which may also process data for the purposes of paying treatment costs and for other purposes specified in legislation. When data is sent to the health information system, it is also forwarded to the Estonian Health Image Bank Foundation, which, as an authorised processor of the health information system, manages, processes and archives medical imaging data. The administrator of the health information system and, therefore, the authorised processor is TEHIK, i.e. the Centre for Health and Welfare Information Systems.
The Clinic also transmits personal data to the Prescription Centre, which is controlled by the Health Insurance Fund. The Prescription Centre is a database established for the purpose of issuing and processing prescriptions and medical device cards and providing medication and medical device reimbursements to insured persons under the conditions set out in the Health Insurance Act. The purpose of the centre is to protect the health of persons using prescription medicines, to monitor the correctness and justification of the dispensing of medicines, and to enable the state to compile statistics on medicines.
The Clinic may also transfer health data to other healthcare providers, such as Ovumia Oy (a Finnish company).
The Clinic may also make personal data available to the relevant insurance provider – for example, the Clinic has entered into a liability insurance agreement with PZU (AB “Lietuvos draudimas” Estonian branch), to whom the Patient’s health data and other relevant personal data may be transferred in the event of an insurance claim.
If the Patient has health insurance, the Clinic may forward personal data to the relevant insurer with whom the Patient has concluded an insurance contract.
The Clinic may also make personal data available to a certain extent to a service provider who grants the Patient a loan to pay for the services provided by the Clinic, e.g. Medicredit OÜ (Estonian company).
If the Patient (or other relevant Data Subject) is in debt for services provided by the Clinic, the Clinic has the right to disclose personal data (including name, telephone number, address, e-mail address and invoices issued in the name of the Data Subject on which the debt is based, together with the information contained in the invoices and information related to the processing of the invoices to date) to contractual debt collection service providers handling the Clinic’s debt claims, as well as to courts, bailiffs and other persons/institutions authorised to process personal data in accordance with legislation when processing debt claims.
Personal data may also be disclosed to other institutions or persons if the Clinic is required to do so in accordance with applicable law (e.g. the police).

6.5 The list of service providers and cooperation partners mentioned in this chapter is illustrative and may not remain unchanged over time. The Clinic is not obliged to amend the Terms and Conditions each time a service provider or cooperation partner is replaced.

7. Rights in relation to the processing of personal data

7.1 The Data Subject (including the Patient) has the right to contact the Clinic at any time by writing to the e-mail address privacy@novavita.ee or by contacting the Clinic’s reception desk in order to:

request access to personal data concerning the Data Subject, i.e. to view the personal data that the Clinic has processed and collected about the Data Subject;
request the correction of personal data;
request the deletion of personal data;
restrict the processing of personal data;
object to the processing of personal data;
request the transfer of personal data;
request that no decision based on automated processing be made about the Data Subject;
if the processing is based on consent, to withdraw consent; and
to lodge a complaint regarding the processing of personal data.

7.2 Please note that the above mentioned rights are not absolute and their exercise is limited by the provisions of the GDPR and other legislation, as well as the rights of the Clinic. For example, the Clinic cannot delete data if legislation requires such data to be retained. Therefore, in accordance with applicable law, the Clinic has the right to refuse to comply with the Data Subject’s request or to comply with it to a limited extent, in which case the Clinic will explain this to the Data Subject.

7.3 The Data Subject’s request must be digitally signed or, if the request is submitted to the Clinic in person, the Data Subject must allow their identity to be verified with an identity document. If the data is disclosed by e-mail, it will only be done in an encrypted manner. For security reasons, data will not be disclosed by telephone.

7.4 The Data Subject also has the right to lodge a complaint with the Data Protection Inspectorate (Tatari 39, 10134 Tallinn; e-mail address info@aki.ee).

8. Cookies

8.1 The Clinic’s Website uses cookies. Cookies are small text files that are stored in the user’s web browser or device when visiting the Website. Cookies can be so-called first-party cookies, which are directly related to the Clinic’s Website, but also third-party cookies, which are managed by third-party service providers.

8.2 The Clinic uses the following cookies:

(a) Essential cookies – cookies that are used for the functioning of the Website. For this purpose, Borlabs (stored for 60 days) and WPML cookies (stored for 1 day) are used.

(b) Statistics cookies – cookies that generate statistics about visits to the Website and enable analysis of visits to the Website (e.g. how many users visit the Website, how the Website is used, how users arrive at the Website, etc.). For this purpose, the Clinic uses Google Analytics cookies (_ga and other cookies, stored for up to 2 years) and Google Tag Manager.

(c) Marketing cookies – cookies used to display personalised advertisements to Website visitors, which collect information about visits to the Clinic’s Website and other websites and thereby display, for example, the Clinic’s advertisements on other websites. For this purpose, we use, for example, Google Analytics cookies (_ga and other cookies, stored for up to 2 years), Google AdSense cookies (_gvl_au, stored for up to 90 days) and Facebook (Meta) cookies (_fbp, stored for 3 months).

(d) Third-party cookies – cookies used to display third-party content and functions on the Website. For example, they are used to display YouTube videos. YouTube cookies are stored as follows: ENID 13 months, consent 2 years, AEC 6 months, NID 6 months.

8.3 Website visitors have the right to refuse the use of cookies by not giving their consent or withdrawing their consent, or by selecting the appropriate settings in their web browser and deleting cookies already stored on their device. Cookies can be disabled by following the instructions in the “help” or “support” function of your web browser. More information on how cookies work and how to disable them can also be found at www.allaboutcookies.org.