General Dentistry
Laser dentistry
Classical dentistry
Dental surgery
Endodontics
Orthodontics
Periodontology
Pediatric dentistry
Aesthetic dentistry
Teeth whitening
Dental prosthetics
Dental Implants
Dental Veneers
Intraoral cosmetology
Dental hygiene
Dental consultations
Digital dental radiographyDATA PROTECTION POLICY
I. INFORMATION AND CONTACT DETAILS OF THE CONTROLLER
1. The personal data processing controller is the limited liability company “ERA ESTHETIC”, hereinafter referred to as the Clinic, single registration number: 40103798731, legal address: 20-12 Krišjāņa Valdemāra Street, Riga, LV-1010..
2. The contact details for matters relating to the processing of personal data are:
2.1.Correspondence: Jeruzalemes iela 2/4, Rīga, LV-1010
2.3.by e-mail: info@eradental.lv
II. GENERAL INFORMATION
3. The purpose of the Data Protection Policy is to provide the natural person, hereinafter referred to as the Data Subject, with information on the purpose, legal basis, scope, protection and duration of the processing of personal data at the time of collection and processing of the Data Subject’s personal data..
4. The Data Protection Policy shall apply to ensure the privacy and protection of personal data relating to:
4.1.natural persons – visitors to the Clinic (including potential, former and current visitors), including those who are subject to video surveillance;
4.2. Visitors of the Clinic’s website, hereinafter referred to as the persons referred to in Clauses 4.1 and 4.2 – the Client.
5. The Data Protection Policy applies to the processing of data regardless of the form or medium in which the client provides personal data (in person, on the Clinic’s website, on paper or by telephone).
6. The Clinic shall take care of the privacy and personal data protection of its clients, shall respect the rights of its clients to the lawfulness of personal data processing in accordance with the applicable legislation – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, hereinafter – the Regulation, the Law on Processing of Personal Data, the Law on Patients’ Rights and other applicable laws and regulations in force in the Republic of Latvia in the area of privacy and data processing.
7. In its activities, the Clinic:
7.1. Shall protect the personal data of the Data Subject by implementing administrative, technical and physical security measures as far as they are proportionate to the possible risks;
7.2. Shall inform the Data Subject of the personal data necessary to receive services and explain how this data will be used;
7.3. Shall transfer data to third parties in accordance with applicable laws and regulations;
7.4. Shall regularly train and inform its employees on personal data protection issues to reduce the likelihood of incidents;
7.5. Shall implement internal control procedures to minimize the likelihood and impact of security incidents.
III. PURPOSES AND LEGAL BASIS FOR PROCESSING PERSONAL DATA
8. The Clinic processes personal data for the following purposes:
8.1.provision and administration of health and aesthetic care services:
8.1.1. for identification of the Client;
8.1.2. for making an appointment with the Clinic’s specialists;
8.1.3. for the execution of the Client’s medical documentation in accordance with the requirements set forth in regulatory enactments;
8.1.4. reminding Clients of their scheduled appointment with the Clinic’s specialists;
8.1.5. for consultations and medical manipulations by doctors and other specialists;
8.1.6. to assess the health status of Clients;
8.1.7. the administration of settlements;
8.1.8. the recovery of debts from debtors;
8.1.9. handling and quality control of Client objections and complaints;
8.1.10. Client loyalty, satisfaction measurement;
8.1.11. for the maintenance and improvement of the websites;
8.1.12. to ensure the safety of Clients, Clinic staff and the protection of property;
9. The Clinic processes the Client’s personal data on the following legal basis:
9.1. with the consent of the Data Subject (Client), Section 10 (2) of the Patients’ Rights Law);
9.2. to comply with regulatory enactments – to comply with the obligations imposed on the Clinic by external regulatory enactments or the rights of the data subject imposed by external regulatory enactments (Article 9(2)(b) of the Regulation, Article 10 of the Patients’ Rights Act);
9.3. where processing is necessary for the exercise or defense of the legitimate interests of the Clinic before a court (Article 9, second paragraph, point (f) of the Regulation);
9.4. in cases where processing is necessary for the purposes of the legitimate interests of the Clinic (to organize an efficient process for the provision of health and aesthetic care services, to ensure an efficient process for the booking and cancellation of Client appointments, to receive payment for the services provided);
9.5. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes (Article 6(1)(e) and Article 9(2)(j)).
IV. AMOUNT OF INFORMATION TO BE COLLECTED
10. In its basic activities, the Clinic shall primarily obtain from the Data Subject the basic information necessary for the unambiguous identification of the person concerned for the provision of services and communication:
10.1. Name
10.2. Last name
10.3. Personal code (ID number)
10.4. Address
10.5. Phone number and/or e-mail address
11. In the course of the provision of services, the Clinic may obtain additional information from the Data Subject, primarily including, but not limited to, information about health status (medical history), health complaints, previous medical treatment, information obtained in the context of a particular episode of service.
12. The specific amount of information depends on the nature of the service to be provided and the applicable laws and regulations governing the conditions under which the service is provided.
13. The Clinic is aware that in providing its services it processes health data which are considered to be special categories of personal data in the context of the Regulation.
V. PROCESSING AND PROTECTION OF PERSONAL DATA
14. The Clinic shall process the Client’s data using modern technologies, taking into account the existing privacy risks and the organizational, financial and technical resources available to the Clinic.
15. The Clinic shall continuously improve and supplement the technical solutions at its disposal, taking into account current trends in the field and the opportunities offered, based on the risks identified.
16. The Clinic, as a processor, shall keep a register of all categories of Client data processing activities carried out, including the information specified in Article 30(2) of the Regulation.
17. The Client gives the Clinic general consent to the use of other processors as necessary for the performance of the Service for technical activities, including, but not limited to, system operation and enhancement (programming services), authentication and payment functions (credit institutions or other merchants), data storage (data centers), communication channels (internet service providers, etc.) or other at the discretion of the Clinic. The Clinic shall ensure that the processors it engages observe no less stringent personal data protection measures than those set out in this Data Protection Policy.
VI. CONDITIONS FOR USE AND RELEASE OF DATA
18. The personal data and information held by the Clinic and obtained during the provision of services shall be used for the purposes of the Clinic’s activities and as far as it is necessary for the provision of the best possible quality of service.
19. The Clinic shall implement measures to minimize the processing of personal data relating to its employees in its day-to-day work, ensuring that employees have access only to client data that they need for the performance of their duties.
20. The Clinic shall ensure that its employees who are authorized to process data are under a legally binding obligation not to disclose personal data obtained to third parties, including after termination of their employment relationship with the Clinic, and shall ensure that employees are informed about natural persons’ data protection issues.
21. The Clinic shall ensure that personal data in its possession is only provided to the Data Subject. Data shall only be provided to third parties, including persons related to the Data Subject, if the Data Subject’s written consent has been obtained or if there is a case under the laws and regulations where such provision of data is permitted.
22. The Clinic shall not carry out a data transfer if it cannot verify the identity of the Data Subject or suspects that the identity presented by the Data Subject does not correspond to his or her true identity.
23. In cases where the data transfer is carried out by means of e-mail, the Clinic shall ensure that such action is carried out only after the Data Subject’s consent has been obtained by indicating the e-mail address to which they wish to receive the message in writing or orally (by the employee recording it in the electronic information system).
24. When transferring data via email or other online data exchange solutions, including self-service information system platforms, the Clinic shall implement measures to protect the data concerned by applying data access protection or encryption methods.
VII. DURATION OF STORAGE OF PERSONAL DATA
25. The Clinic shall store and process the Clients’ personal data for as long as at least one of the following criteria exists:
25.1. while the obligations arising from the contract concluded between the Clinic and the Client are being fulfilled or the Client is provided with health and/or aesthetic care services;
25.2. as long as the Clinic is obliged to keep the relevant data in accordance with the regulatory enactments;
25.3. pending full consideration and/or fulfilment of the Client’s request/submission;
25.4. as long as the Client’s consent to the processing of personal data is valid, unless there is another lawful basis for the processing;
25.5. Personal data (video recordings) obtained through video surveillance shall be stored for a maximum period of 30 days from the date on which they were taken.
25.6. Upon the occurrence of conditions which determine that the further storage of Client Data is no longer necessary, the Client’s Personal Data shall be deleted.
VIII. ACCESS TO PERSONAL DATA AND OTHER CLIENT RIGHTS
26. The Clinic shall ensure the Client’s right to receive the information required by the regulatory enactments in relation to the processing of their data.
27. Clients, in accordance with the regulatory enactments, also have the right to request the Clinic access to their personal data, as well as to request the Clinic to supplement, rectify or delete them, or to restrict processing in relation to the Client, or the right to object to processing, as well as the right to data portability. These rights shall be exercised insofar as the processing of the data does not result from the Clinic’s obligations imposed on it by applicable laws and regulations.
28. The Client may submit a request for the exercise of their rights:
28.1. in writing in person at the Clinic, upon presentation of an identity document;
28.2. by electronic mail, signed with a secure electronic signature and sent to the e-mail address info@eraesthetic.lv.
28.3. by sending a letter to the Clinic by post;
28.4. by sending an e-mail to the Clinic that is not signed with a secure electronic signature, provided that the Client has agreed with the Clinic to communicate using the specific e-mail address.
29. Upon receipt of the Client’s request to exercise its rights, the Clinic shall verify the identity of the Client, assess the request and execute it in accordance with the regulatory enactments.
30. The Clinic shall reply to the Client as soon as possible, considering the method of receipt of the reply indicated by the Client.
31. If the reply is sent by post, it shall be addressed to the Data Subject (the person whose personal data have been requested) by registered letter. If the reply is given by electronic means, it shall be signed with a secure electronic signature (if the application has been submitted with a secure electronic signature).
32. The Clinic shall ensure compliance with the data processing and data protection requirements in accordance with the laws and regulations and, in the event of an objection by the Client, shall take reasonable steps to resolve the objection. However, if this fails, the Client shall have the right to apply to the supervisory authority – the State Data Inspectorate.
33. The Client has the right to receive one copy of their personal data processed at the Clinic free of charge.
IX. CLIENT’S CONSENT TO DATA PROCESSING AND RIGHT OF WITHDRAWAL
34. The client shall give consent to the processing of personal data based on consent in writing in person at the Clinic.
35. The Client shall have the right to withdraw the consent given for the processing of the data at any time in the same manner in which it was given, in which case no further processing of the data based on the consent previously given for the specific purpose will be carried out.
36. Withdrawal of consent shall not affect the processing of data carried out at the time when the Client’s consent was valid.
37. Withdrawal of consent may not interrupt the processing of data carried out on the basis of other legal grounds (for example, in accordance with external laws and regulations or a contract concluded between the Clinic and the Client).
X. WEBSITE VISITS AND COOKIE PROCESSING
38. The Clinic’s website may use cookies.
39. Cookies are files that websites place on users’ computers in order to recognize the user and facilitate their use of the website. Internet browsers can be configured to alert the visitor to the use of cookies and allow the visitor to choose whether to accept them. Not accepting cookies will not prevent the visitor from using the Clinic’s website, but it may limit the visitor’s use of the website.
40. The Clinic’s website may contain links to third party websites, which have their own terms of use and personal data protection, for which the Clinic is not responsible..
XI. CHANGES TO THE PRIVACY POLICY
41. The Clinic reserves the right to make changes to its Data Protection Policy if certain circumstances change that affect the regulation of the processing of personal data. The Clinic recommends that Clients visit this section regularly for up-to-date information.
42. The Clinic shall keep the previous versions of the Data Protection Policy and make them available on the Clinic’s website.
