Privacy policy

PERSONAL DATA PROCESSING NOTICE FOR CLIENTS, BUSINESS PARTNERS, AND OTHER RELATED PERSONS

1. General Overview of Our Personal Data Processing Activities

This notice describes how we process the personal data of our clients, their representatives/contact persons, business partners, website visitors, and other individuals whose data may come into our possession in the course of our activities.

This is the current version of the notice. We reserve the right to make changes and update this notice as necessary.

The purpose of this notice is to provide you with a general overview of our personal data processing activities and purposes. However, please note that additional information may also be provided in other documents (e.g., service agreements, cooperation agreements, cookie policy).

Please be informed that the data processing rules described in this notice apply only to the processing of personal data of natural persons.

We recognize that personal data is valuable to you and we process such data in compliance with confidentiality requirements and with care for the security of your personal data under our control.

2. For What Purposes Do We Process Your Personal Data and What is the Legal Basis for Processing?

We will process your personal data only for specific, legitimate purposes, including:

a) Initiating and providing services, and fulfilling obligations set forth in contracts (including cooperation agreements)

This includes identifying you, scheduling medical appointments, communicating with you (e.g., reminders or changes to scheduled visits), providing healthcare services, issuing prescriptions, calculating fees, ensuring payment processes, and contacting you regarding service provision or contract performance (including sending invoices). In some cases, we may also need to ensure debt collection for unpaid services.

Data categories processed may include: identity data, contact details, payment information.

Legal bases:

• Contract performance (GDPR Article 6(1)(b))
• Legal obligation (Article 6(1)(c))
• Consent (Article 6(1)(a)) — e.g., for reminders about regular check-ups
• Legitimate interest (Article 6(1)(f)) — e.g., communication or identification
• Healthcare services management (Article 9(2)(h))

b) Compliance with legal requirements

We must comply with the requirements of the Medical Treatment Law, Patients’ Rights Law, relevant Cabinet regulations, the Accounting Law, the Archives Law, and others concerning medical service provision, data retention, and document processing.

Data categories: identity data, contact details, payment information.

Legal bases:

• Legal obligation (Article 6(1)(c))
• Healthcare services management (Article 9(2)(h))

c) Marketing and training activities

This includes sending notifications about training, inviting you to events, and publishing materials related to our events.

Data categories: identity data, contact details, event images or participation records.

Legal bases:

• Consent (Article 6(1)(a))
• Contract performance (Article 6(1)(b))
• Legitimate interest (Article 6(1)(f))

d) Ensuring security, property protection, and legitimate interests

This includes video surveillance of our premises, working with data processors, disclosing data to courts or state authorities if required, conducting clinical research, and exercising legal rights.

Data categories: identity data, images, location data.

Legal bases:

• Legitimate interest (Article 6(1)(f))
• Consent (Article 6(1)(a)) — e.g., participation in research
• Scientific research purposes (Article 9(2)(j), Article 89(1)(2), Patient Rights Law §§10–11)

e) Ensuring proper service delivery

We may process data through technical systems (e.g., cookies), IT infrastructure maintenance, and organizational tools.

Legal basis:

• Legitimate interest (Article 6(1)(f))

f) Conclusion and execution of cooperation agreements

To enter into and fulfill agreements (e.g., for goods or services), we must process business partner data such as identity, contact info, and billing details, including data of their employees or representatives.

Legal bases:

• Contract performance/pre-contractual steps (Article 6(1)(b))
• Legal obligation (Article 6(1)(c)) — e.g., accounting requirements
• Legitimate interest (Article 6(1)(f))

3. Who May Access Your Personal Data?

Access to your personal data is granted only as necessary and in accordance with applicable laws:

• Our employees or authorized persons
• Data processors based on service contracts
• Public authorities when legally required
• Third parties, only when legally justified

4. Which Data Processors Do We Work With?

We take steps to ensure your personal data is securely processed and transferred to trusted data processors, including:

• IT service providers
• Document destruction service providers
• Data protection service providers
• Auditors, financial, and legal consultants
• Others involved in service delivery
• Data processors may change, and this document will be updated accordingly.

5. Are Your Personal Data Transferred Outside the EU/EEA?

We mainly process data within the EU/EEA. If needed, we may transfer data outside the EU/EEA only under safeguards:

• To countries with an adequacy decision by the European Commission
• Based on Standard Contractual Clauses
• To U.S. organizations certified under the EU-U.S. Data Privacy Framework
• To the UK, which is recognized as a safe third country

6. How Long Do We Store Your Data?

We retain personal data as long as necessary for the processing purposes or legal obligations:

• Data related to contract performance: until completion and as required by law
• Accounting data: at least 5 years (Accounting Law)
• Dental records: 10 years after the last entry
• Dermatology/cosmetology records: 40 years after the last entry or 15 years after patient’s death
• Claims-related data: according to statutory limitation periods (e.g., 10 years under Civil Law, 3 years under Commercial Law)
• CCTV footage: up to one month

7. Your Rights as a Data Subject

Updating your personal data: Please notify us of any changes to your personal information.

Access and correction: You have the right to access, correct, delete, or restrict processing of your data, object to processing, and request data portability in accordance with GDPR.

How to exercise your rights:

• Submit a request in person (with ID)
• Mail a request to: Ganību dambis 4, Rīga, LV-1045
• Email a signed request to: datuaizsardziba@adenta.lv
• We may ask for additional identification to protect your data.

Withdrawal of consent: If processing is based on consent, you may withdraw it at any time. This won’t affect processing based on other legal grounds.

Right to object: You may object to processing based on legitimate interest or for marketing purposes.

8. How to File a Complaint?

If you have concerns about how we process your data, we encourage you to contact us first. If unresolved, you have the right to file a complaint with the Data State Inspectorate (Datu valsts inspekcija).

9. Why Must You Provide Personal Data?

We process your personal data to fulfill our contractual, legal, or legitimate obligations. Failure to provide required data may hinder service provision. When data is optional, we will indicate it.

10. How Do We Obtain Your Personal Data?

We may collect your personal data:

• Directly from you during contract negotiations
• If another party identifies you as a contact person
• Via submitted applications, emails, or phone calls
• Through cookies on our website
• From public or third-party sources (e.g., for authority checks)
• From video surveillance systems

11. Are Your Personal Data Subject to Automated Decision – Making?

We do not use your personal data for automated decision-making.

12. Cookies

Cookies are files that websites store on the computers of the users to recognise the users and make it easier for them to use the site. Internet browsers may be configured to alert the visitor about the use of the cookies and to choose whether the visitor agrees to accept them. Opting out of the use of cookies will not prevent the visitor from using the Clinic’s website, but may limit the visitor’s options for using the website.

You may find information on the use of the cookies on the Clinic’s website separately, including before providing your consent to the use of the cookies.

Name of cookie