DATA PRIVACY POLICY OF "GRIBALSKY IK"
Goal of the Privacy Policy is to provide information about how and why “Gribalsky IK” collects , processes and use your personal data. It elaborates the purpose, legal basis, processing volume, protection and processing term to a natural person, who is data subject.
- Controller and contact details
1.1 The Personal Data Processing is Gribalsky IK, uniform registration No.42102040182, registered address: Miesnieku 14-21 Riga LV-1050
1.2 Contact information for inquiries regarding personal data processing: +371 25757143 , e-mail: [email protected]
1.3 Contact information of assigned a Personal to inform and consult Gribalsky IK staff in matters related to personal data processing and inform about potential data protection violations: +371, 25757143, e-mail: [email protected]
- General terms and conditions
2.1 The purpose of the “Gribalsky IK” Privacy Policy is to provide a natural person with information on the purpose of personal data processing, legal basis, processing volume, Data Subject’s rights, protection and processing time during data acquisition and when processing personal data of the Data Subject.
2.2 Privacy policy is applied to personal data protection regarding:
2.2.1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of Persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as – Regulation);
2.2.2. Personal Data Processing Law of the Republic of Latvia;
2.3. This Privacy Policy applies to ensuring privacy and personal data protection for:
2.3.1. Natural persons – for customers of “Dr. Gribalsky” dental practice (including potential, former and existing customers);
2.3.2 For visitors of website of “Dr.Gribalsky’s practice” which own by “Gribalsky IK”
2.3.3 Persons whose data are processed in the social media in relation to marketing activities of Gribalsky IK ; Dr. Gribalsky’s Practice. (henceforth – Patients).
2.4 The Privacy Policy applies to data processing collected regardless on the form and/or media used for data sourcing from the Patient (on-site, website, hard copy or by phone).
2.5 “Gribalsky IK” may establish additional regulations for certain types of data processing, of which Persons are informed of at the time of providing the relevant data.
- Purposes of personal data processing
3.1 “Gribalsky IK” processes personal data in accordance with applicable external and internal laws and regulations, including for the following purposes:
3.1.1 To provide healthcare services:
- to identify patient;
- to schedule patient’s visit;
- to prepare patient’s medical record according to statutory requirements;
- to send remainders to patients about the scheduled visit at the specialist;
- to perform medical exams;
- to receive doctor’s consultations and medical manipulations;
- to evaluate health condition of patients or other natural persons;
- to identify capacity for work;
- to administer settlements;
3.1.2 to recover debts;
3.1.3 to examine patient objections and control quality;
3.1.4 to promote patient loyalty, to measure satisfaction;
3.1.5 to prepare and sign the informed consent with patients;
3.1.6 to maintain website and improve its functions;
3.1.7 to plan business and perform analytics;
3.1.8 to provide information to state administration and operative subjects in cases and to an extent laid down in laws and regulations;
3.1.9 to ensure safety and property protection of “Gribalsky IK”, and to evaluate staff service quality;
3.1.10 to enter information in the National Uniform Medical Information System (E-veselība).
- Legal basis of personal data processing
4.1 “Gribalsky IK” processes personal data of patients on the following legal bases:
4.1.1 for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or treatment (Article 9(2)(h) of the Regulation);
4.1.2 the processing shall take place in line with a consent from the data subject (patient) (Article 10(2)(a), Article 10(2) of the Latvian Republic’s Law On the Rights of Patients ;
4.1.3 to comply with laws and regulations – to comply with obligations stated in the laws and regulations binding on “Gribalsky IK” (Article 9(2)(b) of the Regulation, Article 10 of the Latvian Republic’s Law On the Rights of Patients);
4.1.4 processing is needed to exercise or defend the legal interests of “Gribalsky IK” in courts (Article 9(2)(f) of the Regulation);
4.1.5 processing is necessary to ensure legitimate interests of “Gribalsky IK” (to organize efficient provision of healthcare services, to ensure efficient scheduling and cancelling of visits, to receive a payment for provided healthcare services, to promote “Gribalsky IK” in mass media and social networks).
4.1.6 processing is necessary to perform contracts with data subjects (patients) or to take measures at the request of data subject before entering into the contract (Article 6(1)(b) of the Regulation);
4.1.7 processing is necessary to protect vital interests of data subject (patient) or other natural person (Article 6(1)(d) of the Regulation).
- Personal data processing
5.1. Obtaining personal data from Persons depends on the content of the transaction.
5.2. Personal data may be obtained in the following ways:
5.2.1. Clear and unambiguous consent of the Person has been obtained;
5.2.2. Information provided to the Gribalsky IK by the Person themselves (or by an authorized person), to wit by, by contacting or cooperating with Gribalsky IK, such as concluding contract, requesting information or applying for a specific issue or request, by visiting Gribalsky IK, communicating through information channels, including social networks,
5.2.3. When visiting the Gribalsky IK website, cookies may be used, about which information is provided during the visit to the website;
5.2.4. From information systems auditing records (access time, activities performed, etc. in the information system).
5.3. Gribalsky IK stores and processes personal data as long as at least one of the following criteria exists:
5.3.1 As long as the obligations arising from the informed Consent signed by “Gribalsky IK” and the Patient are being performed or the Patient is receiving healthcare service;
5.3.2 As long as “Gribalsky IK” has a statutory obligation to store the data;
5.3.3 As long as the Patient’s request/application is being reviewed and/or performed;
5.3.4 As long as the Patient’s consent for processing of relevant personal data is in force, unless there are other legal grounds for data processing.
5.3.5 As long as Gribalsky IK or the Person may exercise their legitimate interests in accordance with the procedures laid down in external regulatory enactments (for example, to submit objections or to bring / lead an action before the court);
5.4 Upon expiry of circumstances under Clause 5.3, the Patient’s personal data are deleted. Auditing records are stored for one year since their recording.
5.5 Gribalsky IK processes Patient data with modern technologies, considering existing privacy risks and organizational, financial and technical resources available to “Gribalsky IK”.
5.6 Gribalsky IK may take automated decisions regarding the Patient. Patient is privately notified about such acts of Gribalsky IK according to laws and regulations.
5.7 Automated decision-making, which causes legal consequences to the Patient (for example, transfer to collection companies for debt recovery), may take place during performance of the informed consent between Gribalsky IK and the Patient or on the basis of obvious consent of the Patient.
- Personal data protection
6.1. Gribalsky IK protects Patient data with modern technologies, considering existing privacy risks and organisational, financial and technical resources available to “Gribalsky IK”.
- Transfer / disclosure of personal data
7.1. Gribalsky IK” does not disclose personal data to third parties, except:
7.1.1 In line with a written consent from the Patient;
7.1.2 To persons stipulated in laws and regulations (including institutions) at a reasonable request from them in accordance with the procedure and to the scope stated in such laws and regulations;
7.2. Gribalsky IK does not disclose other personal data (which are not patient data) to third parties, except:
7.2.1 In line with a clear consent from the Patient;
7.2.2 To persons stipulated in laws and regulations at a reasonable request from them in accordance with procedure and to the scope stated in such laws and regulations;
7.2.3 To protect legal interests of Gribalsky IK, for example, by bringing an action in the court or other public institutions against the person who has infringed the legal interests of Gribalsky IK, and transferring the debts of natural persons for collecting.
- Transfer of personal data
8.1 Gribalsky IK transfers Personal data to third parties, ensuring that third parties retain personal data confidentiality and provide sufficient protection.
8.2 Gribalsky IK is entitled to transfer Personal data to subcontractors of Gribalsky IK, which allows performing its functions.
8.3 In case under Clause 8.2, the subcontractors of Gribalsky IK receiving and processing personal data, are deemed to be data processors for the purpose of the Regulation, they are bound under a written contract where Gribalsky IK demands data recipients to use the received information solely for the purposes they have been transferred, and according to the applicable laws and regulations in data processing and data regulation field.
- Access to personal data by third country subjects
9.1 Gribalsky IK does not transfer personal data to third countries (countries located outside the European Union and European Economic Area).
10. Access to personal data and other rights of the Patient
10.1 The Patient is entitled to receive statutory information regarding his or her data processing.
10.2 The Patient is statutory entitled to request from Gribalsky IK an access to his or her personal data, and also request from Gribalsky IK to supplement, edit or delete them, or to restrict their editing regarding the Patient, or rights to object to processing as well as rights to data portability. These rights are exercisable insofar as the data processing does not exceed the scope of obligations of Gribalsky IK, imposed on it under applicable laws and regulations.
10.3 The Patient may submit a request on exercise of his or her rights:
10.3.1 In a written form when present in person at Gribalsky IK, Dr. Gribalsky’s practice by presenting an ID document;
10.3.2 Electronically by signing the letter with a safe digital signature and sending it to e-mail: [email protected]
10.3.3 By sending a written letter to Gribalsky IK;
10.3.4 By phone or sending an e-mail letter to “Gribalsky IK” to e-mail address: [email protected]
10.3.5 At a request that the patient has coordinated his communication with “Gribalsky IK” regarding the patient data via that particular e-mail address or phone number. Such consent must be written in person on-site (by presenting ID document) or signed with safe digital signature;
10.4 When receiving a request from the Patient on exercise of his or her rights, Gribalsky IK verifies Patient’s identity, evaluates the request and performs it according to laws and regulations.
10.5 Gribalsky IK provides a response to the Patient to an extent possible, taking into account the type of provision of answer specified by the Patient.
10.6 If the answer is sent in a registered mail, it is addressed to data subject (person whose personal data are requested). If the answer is sent electronically, it is signed with a safe digital signature (if the submitted application was signed with the safe digital signature).
10.7 “Gribalsky IK” ensures meeting of data processing and protection requirements under the laws and regulations and in case of objections from the Patient takes reasonable steps to solve the objection. However, failing to do so entitles the Patient to the supervision authority – State Data Inspectorate.
10.8 The Patient is entitled to receive one copy of his or her personal data processed by Gribalsky IK free of charge.
10.9 Receiving and/or use of information stated in Clause 10.8 hereunder may be restricted with an aim to prevent adverse effects on rights and freedoms of other persons (including employees of Gribalsky IK).
10.10 Gribalsky IK undertakes to ensure accuracy of Personal data and relies on its Patients, suppliers and other third parties delivering Personal data, making sure the completeness and accuracy of Persona data is in place.
11. Patient’s consent to data processing and right to withdraw it
11.1 The Patient gives a consent to personal data (which are deemed to be patient data for the purpose of the Law on Patient Rights) processing, legal basis of which is the consent, in person while at Gribalsky IK Dr. Gribalsky’s Practice or by sending an e-mail signed with a safe digital signature.
11.2 The Patient provides consent for personal data (which are deemed to be patient data for the purpose of the Law on Patient Rights) processing, legal basis of which is the consent (for example, for sending commercial information) in person while at “Gribalsky IK” Dr. Gribalsky’s Practice, by sending an e-mail signed with a safe digital signature, as well as by phone or in a regular e-mail, if “Gribalsky IK” and Patient have agreed on use of relevant e-mail address and/or phone number for mutual communication.
11.3 The Patient is entitled to withdraw the given consent for data processing in the same way it was given, and in this case any further data processing based on previously given consent for this particular purpose will not be made.
11.4 Withdrawal of the consent does not affect data processing which were performed while the Patient’s consent was in force.
11.5 By withdrawing the consent, data processing may not be discontinued if such processing is based on other legal basis (for example, according to external laws and regulations or the Informed Consent signed between “Gribalsky IK” and Patient).
12. Commercial information
12.1 Communication containing commercial information about services of Gribalsky IK complies with the external laws and regulations or Patient consent.
12.2 The Patient may provide a written consent to receive commercial information during an on-site visit, at the website of “Gribalsky IK” and mobile apps.
12.3 Patient’s consent to receive commercial communications is valid until revoked. The Patient may refuse from further reception of commercial information at any time in one of the following ways:
12.3.1 By sending an e-mail to address [email protected];
12.3.2 By calling to +371 25757143
12.3.3 During on-site visit to “Gribalsky IK” Dr. Gribalsky’s Practice;
12.4 “Gribalsky IK” discontinues sending of commercial information as soon as the Patient’s request is processed. Consent processing time may depend on technological possibilities, potentially up to three days.
12.5 When expressing his or her opinion in surveys and leaving the contact information (e-mail, phone), the Patient agrees that “Gribalsky IK” may contact him or her via the provided contact information in relation to feedback provided by the Patient.
13. Visiting the website and processing of cookies
13.1 Website of “Gribalsky IK” Dr. Gribalsky’s practice may use cookies.
13.2 Cookies are files placed by the websites in user’s computers to recognize the user and make the website experience simpler. Internet browsers can be configured to warn the visitor about the use of cookies and to allow choosing if the visitor wants to accept them. If the user does not accept cookies, he or she will still be able to use the site, however user experience may be restricted.
13.3 Website of “Gribalsky IK” Dr. Gribalsky’s practice may contain links to third parties’ websites, which have their terms of use and personal data protection, and “Gribalsky IK” is not responsible for it.
14. Other terms and condition
14.1 “Gribalsky IK” is entitled to supplement the Privacy Policy, making it available to Patients, placing it on the website of “Gribalsky IK” Dr. Gribalsky’s practice