Information on the controller | LLC “ADENTA”, Reg. No. 40103181871,
address: Ganību dambis 4, Riga, LV – 1045 Phone: +371 67 339 300 E-mail: adenta@adenta.lv |
Contact information for communication
on issues of personal data processing and protection |
Data protection specialist – Kārlis Ķibermanis,
e-mail address: karlis@adenta.lv |
This policy describes how LLC “ADENTA” (hereafter – the Clinic) performs the processing of personal data of its
clients (patients), visitors of the website and other persons, whose data may end up with the Clinic within the
framework of its commercial activities.
The objective of this Policy is to provide you with a general overview of personal data processing operations
performed by the Clinic and reasons for the performance thereof; nevertheless, please be informed that other
documents (for instance, service agreement and terms of cookie use) may provide additional information on the
processing of personal data.
To provide the clients (patients) with the highest possible quality of dental services, including to remind them
of the visits which the client has booked, or to alert them regarding changes in the visits that the client has
booked, the Clinic needs to collect, process and use certain types of information about clients (patients) and
persons related to them.
By this Personal Data Protection Policy, the Clinic is willing to underline its strong commitment to provide for
the protection of personal data and points out that it will strive to ensure the protection and security of personal
data processed in all communications and cooperation with the Clinic in accordance with Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data
Protection Regulation), the Law on the Rights of Patients and other applicable regulatory enactments in the field of
personal data protection.
The Clinic can process personal data in paper or electronic format, over the phone, as well as by implementing
video surveillance. The processing of personal data may be carried out by the employee of the Clinic or by any
processor of the Clinic, with whom the Clinic has signed an agreement. When processing personal data of the clients
(patients), the Clinic ensures compliance with the principles of personal data protection.
The Clinic:
The clinic processes the data of the clients (patients) and other physical persons and personal data of special
categories.
Personal data is information that refers to an identified or identifiable natural person, such as a person’s
name, surname, personal identity number, date of birth, contact information (to ensure effective communication),
information that we ask the client to provide to receive the services, etc.
Specific categories of personal data are information that reveals racial or ethnic origin, political beliefs,
religious or philosophical beliefs or trade union membership, and genetic data, biometric data for the unique
identification of a natural person, health data or processing of data on the sexual activity or sexual orientation
of the natural person.
The processing of personal data is required for the Clinic to provide qualitative dental services. Including to
remind the client of the visits which they have booked, or to alert the client regarding changes in the visits that
they have booked, the Clinic needs to collect, process and use certain types of information about clients (patients)
and persons related to them.
To provide services to the clients (patients) the Clinic needs to identify the client (patient), to obtain the
client’s contact information, information about the client’s (patient’s) health, to implement accounting and
financial accounting activities, to communicate with the client for the purpose of providing services, and in some
cases to also ensure the recovery of delayed payments.
For the above provided purposes the Clinic processes at least the following data about the client (patient):
patient’s name, surname, personal identity number or birth data, name, surname, personal identity number of the
lawful representative of a minor patient, telephone number, e-mail address, address, patient’s insurance
information, payments, settlements, information regarding which dentist the patient has booked a visit with,
information about the patient’s illnesses required to provide dental services, treatment plans, health data
(manipulation codes).
The Clinic only processes personal data when there is a legal basis to do so.
Main legal grounds of personal data processing are:
If the Clinic requires the person’s consent to the processing of his or her personal data, the Clinic will ask the
person to provide it. If a person wishes to withdraw his/her consent, the person will be able to revoke it at any
time by contacting the Clinic.
We inform you that, if a person does not provide the information required to complete the patient’s outpatient
card, the Clinic will not be able to provide such person with dental services in the relevant quality and in full
amount.
We inform you that, if a person does not agree to the processing of his or her personal data, the person shall
have the right not to use the services of the Clinic.
In order to provide the clients (patients) with qualitative dental services, personal data shall have to be
transferred to other organisations, when it is necessary and acceptable or required by law. Personal data may be
transferred to processors (natural or legal persons, public institutions, agencies or other entities, that process
personal data on behalf of the Clinic), if it is required in order to provide the services of the Clinic in
accordance with the services they provide and only to the extent necessary, such as to providers of information
technology services.
The clinic may transfer personal data to third parties, but only when it is required to execute its statutory
obligations or if it is permitted by the law regarding the field of personal data protection.
The recipients of the client’s (patient’s) personal data are the medical staff of the Clinic that is involved in
the client’s (patient’s) treatment, dental technical laboratories, the National Health Service (E-health system),
service providers that provide information technology services to the Clinic, insurance companies, the services of
which the patient is using, and providers of outsourced services and suppliers of goods for the provision of the
treatment process.
By observing the regulations of personal data protection, the Clinic may also transfer personal data to
organisations or suppliers, service providers, that provide sufficient guarantees that appropriate technical and
organisational measures will be implemented in such a way that the requirements of the personal data protection
field are observed and the protection of the data subject (client, patient) is provided, as well as to those that
are able to provide the obligations set forth by the regulatory enactments regarding the protection of personal
data. These guarantees and terms shall be stipulated by the agreements signed with the organisations and third
parties.
The clinic will not use the personal data received for sending commercial information, unless the person has
provided specific consent to the Clinic to do so.
The Clinic obtains personal data in one of the following ways:
Personal data will be stored in the European Union and also in the US in electronic form, if the data processing company is certified, and is in the EU-US Privacy Shield, or if a company located outside the European Union or the European Economic Area is able to provide an adequate level of protection in accordance with the European Union law.
In order to ensure that the personal data are not stored for longer than required for the purposes for which the
relevant personal data are processed, the Clinic has set deadlines for the storage of personal data, the compliance
of which is monitored regularly.
When assessing the duration of the storage of personal data, the Clinic takes into account the requirements of
the applicable regulatory enactments, the aspects of performance of contractual liabilities, the instructions of the
data subject (client, patient) (for example, in the case of consent), as well as the legitimate interests of the
Clinic. If your personal data is no longer required for the purposes specified, the Clinic will delete or destroy
it.
The personal data of the client (patient) will be stored for 10 years after the last entry (in accordance with
Cabinet of Ministers Regulation No. 265 of 4 April 2006 “Procedures for Keeping Medical Documents”).
The time period for which the Clinic will store personal data depends on the purpose for which they have been collected, as well as on the basis of the regulatory enactments, such as the Law on Accounting, the Archives Law, the Civil Law, the Commercial Law, etc.
The Clinic does not use personal data for automated decision making.
For details of the above mentioned rights, see the General Data Protection Regulation (Articles 13 to 21).
In addition the patient has the rights provided by the Law of the Rights of the Patients. For example, the patient
has the right to receive the information provided by the Law of the Rights of the Patients regarding the
possibilities of receiving medical treatment services and their payment procedure, the name, surname, position,
profession, speciality and qualification of the treating physicians and other medical practitioners involved in the
health care process; information about his/her health state, treatment plan and treatment services provided to
him/her, as well as other information as provided by the Law of the Rights of the Patients. The patient shall have
the right to familiarise himself/herself with his/her medical records, to request and to receive extracts,
duplicates and copies according to the price list approved by the medical treatment institution, except for as
provided by the regulation of personal data protection.
The patient shall also be entitled to receive information on the use of the information contained in his/her
medical records in accordance with the Law of the Rights of the Patients and the regulations regarding the personal
data protection of natural persons. The patient may receive extracts, duplicates and copies within three working
days from the date of submission of the relevant request.
Cookies are files that websites store on the computers of the users to recognise the users and make it easier for them to use the site. Internet browsers may be configured to alert the visitor about the use of the cookies and to choose whether the visitor agrees to accept them. Opting out of the use of cookies will not prevent the visitor from using the Clinic’s website, but may limit the visitor’s options for using the website.
You may find information on the use of the cookies on the Clinic’s website separately, including before providing your consent to the use of the cookies.
Name of cookie | Purpose of cookie | Used data |
---|---|---|
_gat_UA-21192911-1 | Google analytics | Number |
_gid | Google analytics | Encrypted value |
_ga | Google analytics | Encrypted value |
october_session | CMS session ID | Encrypted value |
hasAgree | Page cookie agree status | Number |
The Clinic implements video surveillance for the following purposes: prevention or investigation of criminal
activities involving the protection of property and vital interests of the persons, including life and health.
Before entering the video surveillance area the Clinic provides information about the implemented video
surveillance. These video surveillance records can only be accessed by authorised persons to implement specific
purposes for the processing of personal data, or to ensure that the system is operating, or to implement the
maintenance of the system.
The legal grounds to implement video surveillance is the observance of the legitimate interests of the Clinic
(prevention or investigation of criminal activities involving the protection of property and vital interests of the
persons, including life and health).
The recipients or the categories of the recipients of personal data are authorised employees of the Clinic, the
provider of security services of the Clinic, as well as the organisation that provides servicing of the video
surveillance equipment.
Video surveillance records will be stored for no longer than one month.
If a person has questions about the protection of personal data or a person is not satisfied with the processing of his/her personal data, the person may contact the Clinic or the Clinic informs the person that the person has the right to file a complaint with the Data State Inspectorate.
Data Sate Inspectorate
11/13-11 Blaumaņa Street,
Riga, LV-1011
Phone: 67 22 31 31
Fax: 67 22 35 56
e-mail: info@dvi.gov.lv
www.dvi.gov.lv