Data Controller

 

SIA “NEODENT”

Reg. No. 40103055469

Legal address: Aleksandra Čaka iela 135-26, Rīga, LV-1012

Website: www.neodent.lv

Phone: +371 67313048

Email: neodent@neodent.lv

 

 

Purpose of the Privacy Policy

 

The purpose of this Privacy Policy is to provide clients of the Controller and other individuals (data subjects) with information about the procedures for processing their personal data.

 

The Controller confirms that all personal data provided by the data subject to the Controller, as well as data obtained by the Controller itself, will be processed in accordance with the requirements of the European Union and Latvian data protection laws and regulations.

 

This Privacy Policy applies to any data subject whose personal data are processed by SIA “NEODENT” as the data controller.

 

 

Purpose and Legal Basis for Personal Data Processing

 

The processing of data for the purpose of providing healthcare services is carried out in accordance with Article 9(2)(a) and Article 9(2)(h) of the General Data Protection Regulation (GDPR).

 

Patients’ personal data are processed in compliance with the requirements set by legal acts, including Cabinet of Ministers regulations regarding the provision of medical services, the Medical Treatment Law, and the Patients’ Rights Law.

 

 

Categories and Processes of Personal Data Processing

 

When making an appointment with a specialist by phone, the following data are collected: name and phone number.

 

When making an appointment via the website, the following data are collected: name, surname, phone number, and email address.

 

When receiving healthcare services, the following data are collected and processed: name, surname, phone number, email address, and information about the patient’s health necessary for providing medical care.

 

 

Access to Patients’ Personal Data

 

Access to patients’ personal data may be granted to:

 

• The Controller’s doctors, nurses, administrator, marketing manager, and accountant to the extent necessary for fulfilling their professional duties.

• The patient’s authorized persons, only to the extent specified in the authorization and in the relevant cases.

• Persons specified in Article 10(5) of the Patients’ Rights Law, upon written request and with written authorization from the head of the medical institution.

• Data processors, in accordance with the services provided, respecting the obligations set out in the GDPR, including confidentiality requirements.

 

 

Data Retention Period

 

Data processed in accordance with legal requirements (such as patients’ medical records) are retained in line with the applicable legal acts regulating document retention periods.

 

Data processed based on the data subject’s consent are stored according to the purpose of processing, or until the consent is withdrawn, or until the data subject requests deletion.

 

Data processed based on the Controller’s legitimate interests are stored according to the purpose of processing and for the period prescribed by law during which the Controller may exercise its legal rights (e.g., to file objections or bring a claim in court).

 

 

Data Security

 

The Controller ensures that patients’ personal data are processed in compliance with the following principles:

 

• Lawful and fair processing of personal data;

• Data processing only for appropriate and clearly explained purposes;

• Data minimization (processing only the data necessary for the purpose);

• Data accuracy;

• Data storage no longer than necessary for the purposes of processing;

• Data security and confidentiality.

 

 

Patient Rights

 

As a data subject, the patient has the right to receive information about their personal data held in the Controller’s information systems and to request correction of inaccurate data, termination of their processing, or deletion if they are incomplete, outdated, unlawfully processed, or no longer necessary for the purpose for which they were collected.

 

Such a request must be submitted in writing and delivered to SIA “NEODENT”, Aleksandra Čaka iela 135-26, Rīga, LV-1012, or sent electronically, signed with a secure electronic signature, to neodent@neodent.lv.

A response to the request will be provided no later than within 30 days.

 

However, personal data that must be retained under applicable laws (e.g., accounting records, issued invoices, concluded contracts, etc.) can only be deleted in accordance with legal requirements.

 

Providing the information requested by the Controller is not mandatory, but it is a prerequisite for receiving healthcare services.

 

The Controller does not make automated decisions based on the personal data provided by the patient.

 

The patient has the right to report any violations of this Privacy Policy.

 

If the patient believes that the Controller has acted unlawfully, they have the right to file a complaint with the supervisory authority – the Data State Inspectorate of the Republic of Latvia, Blaumaņa iela 11/13, Rīga, LV-1011.

 

Patients’ personal data will not be transferred outside the European Union or the European Economic Area, nor to third countries or international organizations.

 

 

Right to Withdraw Consent

 

If the processing of the patient’s personal data is based on the data subject’s consent, the data subject has the right to withdraw this consent at any time.

 

Withdrawal of consent does not affect the lawfulness of data processing carried out before the withdrawal.

 

If the data subject withdraws consent, processing of their personal data may continue if it is based on another lawful ground.

 

 

Changes to the Privacy Policy

 

To improve the quality of data processing, the Controller may amend this Privacy Policy from time to time by posting the updated version on this website.

 

The Controller recommends that data subjects regularly visit this section of the website to stay informed about the latest updates.