The Author: Veselības centrs 4
The personal data controller is ''Health Center 4'', Ltd., Registration No. 40003188233, Address: Kr.Barona Street 117, Riga, LV-1012; Tel. 67847100; e-mail firstname.lastname@example.org; website: www.vc4.lv.
Your trust and privacy is important for Us!
- We implement appropriate measures to ensure that your personal data is secure at Our disposal and that processing of your personal data takes place in accordance with the effective data protection laws, Our internal policies, guidelines and procedures.
- We have appointed a data processing specialist, whose task is to supervise and ensure that We observe requirements, guidelines and procedures of the legal framework of data protection.
Why do We process your data?
- We process your data, so that you could receive the highest quality healthcare services according to your choice, necessity, referral, concluded contracts and requirements of regulatory enactments.
- We carry out video surveillance and process your personal data, when you visit Our regional centres or the central office, for your personal safety, safety of Our employees, customers and property. Video surveillance is done according to strict safety and privacy conditions, using modern technology and equipment.
- We want to inform you about various news and topicalities related to Our services. E-mail messages are sent only upon your free consent; if you want to receive news, you have to indicate it on Our website or by completing an application form. When receiving an e-mail message with news from Us, you will always receive a link with an option to opt out of receipt of news. Upon selecting this option, your e-mail address will be deleted from Our database and you will not receive this information anymore.
- We save and register all incoming and outgoing correspondence in order to ensure observing of Our legitimate interests and/or performance of contractual liabilities.
- If We process personal data for purposes you are not informed in this Policy, We will inform you separately on individual conditions of such data processing.
What data do We process?
- Categories of processed personal data depend on services provided to you.
- When you receive healthcare services, according to requirements of regulatory enactments We are obliged to process your identifying information and information that certifies the diagnosis, substantiates examinations and treatment methods, as well as precisely reflects the treatment results. In order to fulfil the healthcare services provision objective, We may process the broadest possible amount of personal data, which includes - name, surname, personal identity number, contact information, lifestyle, information on past diseases, information on received and receivable healthcare services (at which doctor, how often, what services are chosen) and other information, which the respective healthcare specialist will choose to find out and record in the medical documentation in the specific situation.
- When you visit Our regional centres or the central office, your video image and the time you attend Our premises may be processed. Video surveillance is not done in premises, where you may expect increased privacy, and informative stickers are provided in places, where video surveillance is done.
- When you contact Us, the communication content, as well as information about the communication tool may be saved, which can include, for example, e-mail address and phone number.
- We process the data on website use history, using online identifiers, as well as information left by you intentionally, for example, your assessment on the quality of Our provided services.
What is the legal basis for processing of your data?
- Data processing is carried out for the purpose of providing healthcare services. Data processing is necessary for Us to provide you with qualitative healthcare services, perform any contract concluded with you, fulfil Our legal obligations, and it also may be necessary for prevention or occupational medicine purposes, for assessment of ability to work of employee, and for ensuring management of medical diagnosis, healthcare or medical treatment, or healthcare systems and services. In certain cases We may process personal data to ensure compliance with Our and third party legitimate interests.
- Data processing through video surveillance is implemented with a purpose to prevent or detect criminal offences in relation to protection of personal and property protection, ensure the highest quality standards of customer service, protection of legal interests of persons and protection of vital interests of persons, including life and health.
- Data processing may be carried out to ensure compliance with Our and third party legitimate interests, for example, to investigate your complaints or obtain evidence in the case of possible complaints.
- Saving and recording of received and sent correspondence is carried out to conclude a contract with you or fulfil it, to perform Our legal obligations, as well as in the cases, when such processing is required for ensuring compliance with Our and third party legitimate interests.
- We carry out analysis of history of visits of Our website and social network accounts, if such processing is necessary for ensuring compliance with Our and third-party legitimate interests.
From where do We obtain personal data?
- We compile your personal data, which is provided by you to Us before receipt of service (also via phone), in the course of service provision or after receipt of service, when you visit Our branches or the central office (video surveillance) and Our website (applying for receipt of Our news), and also when your data is sent to Us by any other medical treatment institution or doctor on your behalf.
Whom do We transfer your personal data to?
- Law enforcement authorities, courts or other public and local government authorities, if such transfer arises from regulatory enactments and the respective authorities are eligible to receive the requested information, if such information has to be specifically requested.
- Third parties within the framework of concluded contract in order to perform any function required for performance of contract (for example, in the case of insurance contract, for implementation of legitimate interests of the data controller; other medical treatment institution, observing the preconditions specified in the Law on the Rights of Patients), or, if the customer service and provision of qualitative services to customer has to be improved, when attracting service providers.
- You as a data subject, pursuant to a clear and unambiguous request.
- Courts or other public institutions, for protection of Our legal interests.
- Recipients of your personal data may be employees authorised by the Data Controller, Data Processors, as well as law enforcement and supervisory institutions.
- We will issue personal data only to the extent required and sufficient, according to requirements of regulatory enactments and substantiated objective circumstances of the specific situation.
- We always try to process your personal data within the territory of the European Union and the European Economic Area (EU/EEA). Your personal data is not processed in any country outside EU/EEA, thus ensuring your selected service. Transfer and processing of personal data outside EU/EEA may be implemented, if it has legal basis, i.e., to fulfil any legal obligation, conclude or perform a contract, or pursuant to your consent, and if appropriate security measures are implemented.
How long do We store your personal data?
- All personal data obtained from you is stored for a period, while you use Our services, or until you revoke your consent, if your personal data is processed based on such consent. Longer period of storage of personal data is permissible to fulfil statutory requirements concerning the minimum term of storage of documents or information, or to protect Our legal interests.
- When this period has expired, We will securely delete your personal data or make it unavailable (archiving), or non-identifiable, so that this data cannot be linked to your person anymore.
- The period of storage of personal data may be substantiated by Our mutual contract, Our legitimate interests or applicable regulatory enactments, which We are obliged to observe.
- During the process of providing healthcare services, We observe special regulatory enactments, which set an obligation to retain certain data. If you want to receive detailed information, please contact Us.
How do We ensure protection of your data?
- We ensure, regularly revise and improve Our data protection measures to protect your personal data from unauthorised access, accidental loss, disclosure or destruction. To implement this, We use modern technology, technical and organisational requirements, incl. use of firewalls, intrusion detection software and data encryption.
- We carefully verify all service providers, who process your data in Our name or on Our behalf, and assess, whether data processors implement appropriate security measures to ensure, that processing of your data is implemented in accordance with Our delegation and requirements of regulatory enactments.
- In the case of any incident concerning security of your data, if it will cause sufficiently high risk for your rights and freedoms, We will notify you, if possible, or will publish the information on the website of the Data Controller, or notify you in any other possible manner.
- However, We recommend to observe general rules of secure use of computer and internet, as well as requirements for protection and storage of your private data (especially regarding identity documents), as We will not assume any liability for unauthorised access to your personal data and/or loss of data, if it has resulted from your fault or negligence.
What are your rights?
- We hold a view, that protection and observing of your rights is Our priority. We handle your data with utmost responsibility and We will always observe your rights and interests according to regulatory enactments.
- You are eligible to request a confirmation from Us, whether We process personal data linked to you, and in such cases request access to your personal data processed by Us, or to issue information on such personal data, if ensuring of direct access is not envisaged.
- If you hold a view, that information about you is outdated, wrong or incomplete, you may request Us to rectify the information.
- You are eligible to request deletion of your personal data or object to its processing, if you think, that the data is processed unlawfully or it is not necessary anymore in relation to the purposes it was obtained and/or processed.
- You are entitled to submit a complaint to the Data State Inspectorate, if you consider, that We have processed your data illegally.
- As far as We process your personal data on the basis of your consent, you are eligible to revoke your consent for processing of personal data at any time.
- You are eligible to object to processing of your personal data for direct marketing purposes at any time.
- You have the right to object to processing of personal data implemented by Us, based on our legitimate interests; however, We will continue processing of your data even in the case of your objections, if We will possess convincing motivated reasons for such continued processing of personal data. To implement the aforesaid rights, please submit a written application to Us or Our data protection specialist.
- In certain instances you are entitled to request Us to delete your personal data; however, it does not refer to cases, when the applicable laws require Us to retain such data. To implement the aforesaid rights, please submit a written application to Us or Our data protection specialist.
- In certain instances you are entitled to restrict processing of your persona data. Please, take into consideration that, if you request restricting of processing of your personal data, it may affect your possibilities to receive Our services. To implement the aforesaid rights, please submit a written application to Us or Our data protection specialist.
- Finally, you are eligible to receive or transfer your personal data to another data controller. These rights include only the data you have provided to Us, based on your consent or concluded contract, and if automated processing is implemented. To implement the aforesaid rights, please submit a written application to Us or Our data protection specialist.
Do you have any questions?