Personal Data Processing Policy
1. Controller
SIA Dentarium registration No. 40103202355 having its legal address at 3 Nitaures street, Riga, LV-1013, Latvia, email: info@dentarium.lv (hereinafter – We or Controller),
in accordance with provisions of Article 13 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation),
informs you about personal data processing within processes related with our core business operations (incl. internal processes, like personnel recruiting), as well as during the performance of contractual obligations and keeping patients’ health records collected during the exercise of the professional duties.
2. Purpose of data processing
We process all information our counterpart is included and/or attached to requested documents, forms, applications (such as name, surname, contact information, patient records, skills etc.);
Personal data will be processed for the purpose of provision of legal interests, as long as personal data explicitly related to corporation issues between counteragents within performance of contracts, as long as it required by our business processes (for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or treatment or management of health). Controller confirms legal course of the relevant processes, and keeps the right to use collected data as a legal and proportional remedy in case of disputes that might arise between counterparts during cooperation, performance of contracts.
No automated decisions could be made related with your personal data processing, collected during contract performance and/or execution of our core business processes.
3. Legal basis of data processing
After receipt of explicit consent from personal data subject, the legal interest arises for the Controller to process the personal data (contained in forms, applications, etc.) and evaluate the information provided therein, as well as to organize all relevant processes on a legal base of the relevant proceeding. Article 6(1), Article 7 and Article 9(2i) of the Regulation form a legal basis of such data processing.
If you have unambiguously permitted to contact with certain persons in order to receive required information, Article 7(a)(b) of the Regulation (your consent) will serve as a legal basis for such data processing.
You have the right at any time to withdraw your consent, however, starting as of the moment, when Controller have contacted with the relevant persons and have received the feedback or any other their support, we process the received information, on the basis of Article 7(a)(b)(f) of the Regulation.
4. Who could get an access to personal data
Processing of your personal data will be performed by authorized employees of the Controller, according to their scope of work and work duties, taking into consideration the requirements determined by personal data protection rules, Article 9(2i) of the Regulation and other regulatory acts, as well as personal data processing requirements regulated by Controller internal regulatory acts.
In case of complaints or accusations related with relevant business processes and/or contract performance, upon request data may be determined to law enforcement or supervisory authorities, court, as well as to providers of legal services presenting Controller interests. There is no plan to deliver personal data abroad of the European Union and European Economic Area countries, without permission of personal data subject.
5. How long do we store personal data
Information acquired within the framework of our business processes and/or during treatment performance, will be used on need to know basis and securely stored in full or in part for whole period of cooperation from the moment information disclosure arise, or till legal and binding contractual relationship between parties remains in full force and effect.
6. Rights of the data subject
We recognize the rights that are granted to EU residents under the GDPR and will take appropriate action to ensure that those rights are actioned upon request. It is possible to receive information about general issues in relation to personal data processing by e-mail: info@dentarium.lv or by request via regular post (mailing address): 3 Nitaures street, Riga, LV-1013, Latvia.
You have the right to request limitation of data processing or to retort the processing of your data, as well as the right for data portability and data modification. You have the right to request erasure of data. However, your request to erase data may be rejected, if in the relevant situation the Controller has powerful legal reasons for processing, being more important than your rights to erasure of data. Data subject has the right to turn to supervisory authority (Data State Inspectorate, Blaumaņa str. 11/13, Riga, LV-1011, Latvia) with a complaint regarding the action of the Controller, if you consider that it violates your rights as a data subject.
7. General Conditions
The Controller may modify, amend this policy without prior notice. The Controller will inform about changes by placing the relevant information on its website. If the relevant changes will affect processing of specific person personal data directly, the Controller reserve the right to send the relevant information to e-mail address of involved person, if contact information will be available for Controller.