Access
Privacy policy

PERSONAL DATA PROTECTION POLICY

Information on the controller LLC “ADENTA”, Reg. No. 40103181871,
address: Ganību dambis 4, Riga, LV – 1045
Phone: +371 67 339 300
E-mail: adenta@adenta.lv
Contact information for communication
on issues of personal data processing and protection
Data protection specialist – Kārlis Ķibermanis,
e-mail address: karlis@adenta.lv


This policy describes how LLC “ADENTA” (hereafter – the Clinic) performs the processing of personal data of its clients (patients), visitors of the website and other persons, whose data may end up with the Clinic within the framework of its commercial activities.

The objective of this Policy is to provide you with a general overview of personal data processing operations performed by the Clinic and reasons for the performance thereof; nevertheless, please be informed that other documents (for instance, service agreement and terms of cookie use) may provide additional information on the processing of personal data.

To provide the clients (patients) with the highest possible quality of dental services, including to remind them of the visits which the client has booked, or to alert them regarding changes in the visits that the client has booked, the Clinic needs to collect, process and use certain types of information about clients (patients) and persons related to them.

By this Personal Data Protection Policy, the Clinic is willing to underline its strong commitment to provide for the protection of personal data and points out that it will strive to ensure the protection and security of personal data processed in all communications and cooperation with the Clinic in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), the Law on the Rights of Patients and other applicable regulatory enactments in the field of personal data protection.

The Clinic can process personal data in paper or electronic format, over the phone, as well as by implementing video surveillance. The processing of personal data may be carried out by the employee of the Clinic or by any processor of the Clinic, with whom the Clinic has signed an agreement. When processing personal data of the clients (patients), the Clinic ensures compliance with the principles of personal data protection.

Principles of personal data processing

The Clinic:

  • processes personal data lawfully, in good faith and in a transparent manner for the data subject (including the client, patient);
  • processes personal data adequately, appropriately and only for the purposes required for achieving the processing goals;
  • processes personal data in such a manner that sufficient safety of personal data is provided, including protection against unauthorised or illegal processing, accidental loss, destruction or damage to information, by applying appropriate technical or organisational measures;
  • stores personal data for no longer than it is required for the purposes for which the relevant personal data are processed;
  • informs data subjects (clients, patients) of why it requires personal data and what the Clinic will do with the personal data;
  • only processes accurate personal data and, if necessary, updates them, or asks the person to do so;
  • collects personal data for specific, explicit and legitimate purposes only and does not continue the processing of such data in ways that are incompatible with these purposes. Unless required to do so according to its obligations, as provided by the regulatory enactments.

Personal data categories

The clinic processes the data of the clients (patients) and other physical persons and personal data of special categories.

Personal data is information that refers to an identified or identifiable natural person, such as a person’s name, surname, personal identity number, date of birth, contact information (to ensure effective communication), information that we ask the client to provide to receive the services, etc.

Specific categories of personal data are information that reveals racial or ethnic origin, political beliefs, religious or philosophical beliefs or trade union membership, and genetic data, biometric data for the unique identification of a natural person, health data or processing of data on the sexual activity or sexual orientation of the natural person.

Purpose of personal data processing

The processing of personal data is required for the Clinic to provide qualitative dental services. Including to remind the client of the visits which they have booked, or to alert the client regarding changes in the visits that they have booked, the Clinic needs to collect, process and use certain types of information about clients (patients) and persons related to them.
To provide services to the clients (patients) the Clinic needs to identify the client (patient), to obtain the client’s contact information, information about the client’s (patient’s) health, to implement accounting and financial accounting activities, to communicate with the client for the purpose of providing services, and in some cases to also ensure the recovery of delayed payments.

For the above provided purposes the Clinic processes at least the following data about the client (patient): patient’s name, surname, personal identity number or birth data, name, surname, personal identity number of the lawful representative of a minor patient, telephone number, e-mail address, address, patient’s insurance information, payments, settlements, information regarding which dentist the patient has booked a visit with, information about the patient’s illnesses required to provide dental services, treatment plans, health data (manipulation codes).

The Clinic only processes personal data when there is a legal basis to do so.

Legal grounds for personal data processing

Main legal grounds of personal data processing are:

  1. processing is required for the purpose of managing the treatment services;
  2. to provide the legal obligations of the Clinic, incl. the regulations of the Medical Treatment Law, the Law on the Rights of Patients, Cabinet of Ministers Regulation No. 265 of 4 April 2006 “Procedures for Keeping Medical Documents” and other regulations of the Cabinet of Ministers;
  3. to observe the legitimate interests of the Clinic (provision of dental services), which are required only and solely to provide a qualitative treatment process.
Additional legal grounds may be as follows:
  • processing is required for the performance of the agreement or for the performance of activities upon the request of the person prior to the signing of the agreement;
  • the person has given his or her consent to the processing of his or her personal data for one or more specific purposes;
  • processing is required to protect the vital interests of you or another natural person, i.e., life and health.

If the Clinic requires the person’s consent to the processing of his or her personal data, the Clinic will ask the person to provide it. If a person wishes to withdraw his/her consent, the person will be able to revoke it at any time by contacting the Clinic.

We inform you that, if a person does not provide the information required to complete the patient’s outpatient card, the Clinic will not be able to provide such person with dental services in the relevant quality and in full amount.

We inform you that, if a person does not agree to the processing of his or her personal data, the person shall have the right not to use the services of the Clinic.

Recipients of personal data

In order to provide the clients (patients) with qualitative dental services, personal data shall have to be transferred to other organisations, when it is necessary and acceptable or required by law. Personal data may be transferred to processors (natural or legal persons, public institutions, agencies or other entities, that process personal data on behalf of the Clinic), if it is required in order to provide the services of the Clinic in accordance with the services they provide and only to the extent necessary, such as to providers of information technology services.

The clinic may transfer personal data to third parties, but only when it is required to execute its statutory obligations or if it is permitted by the law regarding the field of personal data protection.

The recipients of the client’s (patient’s) personal data are the medical staff of the Clinic that is involved in the client’s (patient’s) treatment, dental technical laboratories, the National Health Service (E-health system), service providers that provide information technology services to the Clinic, insurance companies, the services of which the patient is using, and providers of outsourced services and suppliers of goods for the provision of the treatment process.

By observing the regulations of personal data protection, the Clinic may also transfer personal data to organisations or suppliers, service providers, that provide sufficient guarantees that appropriate technical and organisational measures will be implemented in such a way that the requirements of the personal data protection field are observed and the protection of the data subject (client, patient) is provided, as well as to those that are able to provide the obligations set forth by the regulatory enactments regarding the protection of personal data. These guarantees and terms shall be stipulated by the agreements signed with the organisations and third parties.

The clinic will not use the personal data received for sending commercial information, unless the person has provided specific consent to the Clinic to do so.

Sources of personal data or which sources the Clinic obtains personal data from

The Clinic obtains personal data in one of the following ways:

  1. from the data subject (client, patient) or his/her authorised person;
  2. by acquiring information about the person (client, patient) from the unified national electronic health information system (e-health);
  3. in relevant cases from video surveillance records.
Transfer of personal data to third countries

Personal data will be stored in the European Union and also in the US in electronic form, if the data processing company is certified, and is in the EU-US Privacy Shield, or if a company located outside the European Union or the European Economic Area is able to provide an adequate level of protection in accordance with the European Union law.

Storage of personal data and the rights of individuals

In order to ensure that the personal data are not stored for longer than required for the purposes for which the relevant personal data are processed, the Clinic has set deadlines for the storage of personal data, the compliance of which is monitored regularly.

When assessing the duration of the storage of personal data, the Clinic takes into account the requirements of the applicable regulatory enactments, the aspects of performance of contractual liabilities, the instructions of the data subject (client, patient) (for example, in the case of consent), as well as the legitimate interests of the Clinic. If your personal data is no longer required for the purposes specified, the Clinic will delete or destroy it.

The personal data of the client (patient) will be stored for 10 years after the last entry (in accordance with Cabinet of Ministers Regulation No. 265 of 4 April 2006 “Procedures for Keeping Medical Documents”).

The time period for which the Clinic will store personal data depends on the purpose for which they have been collected, as well as on the basis of the regulatory enactments, such as the Law on Accounting, the Archives Law, the Civil Law, the Commercial Law, etc.

Rights of the data subjects (incl. clients, patients)

  • Right to request information about what personal data the Clinic holds about you. The Clinic shall be obliged to respond within one month, unless the Clinic prolongs the provision of a response to three months, taking into account the complexity of the request and the number of requests.
  • Right to correct data. The person shall have the right to correct inaccurate or incomplete data. The clinic is obliged to provide a reply within one month. If the Clinic decides not to correct the data, the Clinic will provide the person with an explanation of why the Clinic will not correct them, and will provide the person with information about his or her right to file a complaint to the Data State Inspectorate.
  • Right to deletion (the right “to be forgotten”). A person shall have the right to ask for his or her personal data to be deleted or the processing of the data to be interrupted. The Clinic will not always be able to execute the person’s request, for example if the Clinic is obliged to keep the information in accordance with the obligations set forth by the regulatory enactments. If the Clinic decides not to delete the data, the Clinic will provide the person with an explanation of why the Clinic will not delete them, and will provide the person with information about his or her right to file a complaint to the Data State Inspectorate.
  • Right to the restriction of processing. In some cases, a person has the right to restrict the processing of his or her personal data, for example if the information is inaccurate. In the event of the restriction of the processing of personal data, the Clinic may retain relevant information about it in order to ensure compliance with these rights in the future. If the Clinic decides to lift such a restriction, the Clinic will notify the person about it.
  • Right to data portability. If the Clinic processes personal data in accordance with a person’s consent or on the basis of an agreement, and the data are stored in a structured, widely used and machine-readable format, the person shall have the right to ask the Clinic to transfer the personal data directly from one controller to another controller, if technically possible. This right does not apply to personal data processed to observe the legal obligations applicable to the Clinic.
  • Right to object. A person may object to the use of his/her personal data for profiling, direct marketing purposes or for scientific or historical research purposes or for statistical purposes, as well as to processing required to observe the legitimate interests of the controller or a third party. Upon the receipt of such request the Clinic will either discontinue the processing of personal data or will point to compelling grounds of legitimate processing to implement the processing of personal data or to raise, execute or defend the legitimate claims.

The Clinic does not use personal data for automated decision making.

For details of the above mentioned rights, see the General Data Protection Regulation (Articles 13 to 21).

In addition the patient has the rights provided by the Law of the Rights of the Patients. For example, the patient has the right to receive the information provided by the Law of the Rights of the Patients regarding the possibilities of receiving medical treatment services and their payment procedure, the name, surname, position, profession, speciality and qualification of the treating physicians and other medical practitioners involved in the health care process; information about his/her health state, treatment plan and treatment services provided to him/her, as well as other information as provided by the Law of the Rights of the Patients. The patient shall have the right to familiarise himself/herself with his/her medical records, to request and to receive extracts, duplicates and copies according to the price list approved by the medical treatment institution, except for as provided by the regulation of personal data protection.
The patient shall also be entitled to receive information on the use of the information contained in his/her medical records in accordance with the Law of the Rights of the Patients and the regulations regarding the personal data protection of natural persons. The patient may receive extracts, duplicates and copies within three working days from the date of submission of the relevant request.

Cookies

Cookies are files that websites store on the computers of the users to recognise the users and make it easier for them to use the site. Internet browsers may be configured to alert the visitor about the use of the cookies and to choose whether the visitor agrees to accept them. Opting out of the use of cookies will not prevent the visitor from using the Clinic’s website, but may limit the visitor’s options for using the website.

You may find information on the use of the cookies on the Clinic’s website separately, including before providing your consent to the use of the cookies.

Name of cookie Purpose of cookie Used data
_gat_UA-21192911-1 Google analytics Number
_gid Google analytics Encrypted value
_ga Google analytics Encrypted value
october_session CMS session ID Encrypted value
hasAgree Page cookie agree status Number

Video surveillance

The Clinic implements video surveillance for the following purposes: prevention or investigation of criminal activities involving the protection of property and vital interests of the persons, including life and health.
Before entering the video surveillance area the Clinic provides information about the implemented video surveillance. These video surveillance records can only be accessed by authorised persons to implement specific purposes for the processing of personal data, or to ensure that the system is operating, or to implement the maintenance of the system.

The legal grounds to implement video surveillance is the observance of the legitimate interests of the Clinic (prevention or investigation of criminal activities involving the protection of property and vital interests of the persons, including life and health).

The recipients or the categories of the recipients of personal data are authorised employees of the Clinic, the provider of security services of the Clinic, as well as the organisation that provides servicing of the video surveillance equipment.

Video surveillance records will be stored for no longer than one month.

Breaches, complaints and comments regarding personal data protection

If a person has questions about the protection of personal data or a person is not satisfied with the processing of his/her personal data, the person may contact the Clinic or the Clinic informs the person that the person has the right to file a complaint with the Data State Inspectorate.

Data Sate Inspectorate
11/13-11 Blaumaņa Street,
Riga, LV-1011
Phone: 67 22 31 31
Fax: 67 22 35 56
e-mail: info@dvi.gov.lv
www.dvi.gov.lv

Scroll

Go back