The purpose of the privacy policy of SIA Jūlijas Katkevičas zobārstniecība is to provide you (the data subject) with information about the legal and factual circumstances of the processing of your personal data, namely, information about the purpose, scope, and protection of personal data processing, as well as other information about the processing of your personal data. Please read the Policy carefully and if you have any additional questions, feel free to contact us using the contact information provided in this Policy.
Please note that the Policy may be amended, supplemented, or updated, and we will inform you by posting this information on our website.
We respect your privacy; therefore, the security of your personal data is our priority. We use appropriate organizational and technical measures to ensure the continuous security of your personal data and compliance with data protection regulations, as well as our internal rules.
We comply with the requirements of data protection regulations and in each data processing process, we ensure to collect only the information necessary to achieve the purposes set out in this Policy.
This Policy applies to:
- Natural persons receiving dental services (including potential, former, and current ones), as well as third parties processing personal data in connection with the provision of dental services;
- Dental employees;
- Employees of various service providers providing services to dentistry;
- Correspondents with dentistry;
- Visitors to the websites and social media profiles managed by dentistry.
I. Controller and its contact information
The controller of personal data processing is SIA Jūlijas Katkevičas zobārstniecība (hereinafter – Dentistry), address: Slokas iela 65b, Riga, LV-1007. Legal address: Liepājas iela 2 – 36, Riga, LV-1002, phone: +371 26557021, email: .
II. Purposes of personal data processing
2.1. The purposes of personal data processing are:
2.1.1. for the provision and administration of dental services:
- Patient identification;
- Appointment scheduling with Dentistry specialists;
- Patient medical documentation in accordance with regulatory requirements;
- Reminders to patients about scheduled visits to Dentistry specialists;
- Performing medical examinations;
- Providing medical consultations and procedures;
- Evaluating the health status of patients or other individuals;
- Administration of payments;
- Debt collection from debtors;
- Handling patient complaints and quality control;
- Promoting patient loyalty, measuring satisfaction;
- Preparing, concluding, and executing contracts with patients.
2.1.2. providing information to public administration institutions and law enforcement agencies in cases and to the extent specified by external regulatory acts;
2.1.3. ensuring the safety and protection of patients, Dentistry employees, and property.
2.1.4. personnel management, including personnel selection; conclusion and execution of employment contracts; time tracking; payroll calculation and payment; compliance with accounting requirements (preparation of relevant justifying documents, business trip arrangements); provision of social benefits to employees (involvement of cooperation partners to provide insurance to employees); recording and controlling the performance of work duties.
2.1.5. compliance with regulatory requirements in the provision of dental services;
2.1.6. implementing the legitimate interests of Dentistry and its clients: improving services, developing new services;
2.1.7. maintaining and improving website functionality.
2.2. The data processing purposes mentioned in point 2.1 of the Privacy Policy are indicative, and personal data may also be processed for purposes not specifically mentioned but closely related to the above and necessary for compliance with regulatory requirements.
III. Legal basis for personal data processing
3.1. Dentistry processes your personal data based on the following legal grounds:
3.1.1. for preventive or occupational medicine purposes, medical diagnosis, treatment purposes (Article 9(2)(h) of the Regulation);
3.1.2. with the consent of the data subject (patient) (Article 9(2)(a) of the Regulation, Section 10(2) of the Patient Rights Law);
3.1.3. for compliance with legal obligations – to fulfill the obligations imposed on Dentistry by external regulatory acts or the rights of the data subject specified in external regulatory acts (Article 9(2)(b) of the Regulation, Section 10 of the Patient Rights Law);
3.1.4. in cases where processing is necessary for the establishment, exercise, or defense of legal claims (Article 9(2)(f) of the Regulation);
3.1.5. in cases where processing is necessary to ensure the legitimate interests of Dentistry (organizing an efficient process for providing dental services, ensuring an effective process for scheduling and canceling patient appointments, receiving payment for provided services);
3.1.6. in cases where processing is necessary for the performance of a contract with the data subject (employee, patient) or for taking steps at the request of the data subject prior to entering into a contract (Article 6(1)(b) of the Regulation);
3.1.7. in cases where processing is necessary to protect the vital interests of the data subject (patient, employee) or another natural person (Article 6(1)(d) of the Regulation);
3.1.8. for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes (Article 6(1)(e) and Article 9(2)(j) of the Regulation).
IV. Scope of processed personal data
4.1. The categories of personal data processed by Dentistry depend on the purposes and type of data processing:
4.1.1. When receiving dental services, in accordance with regulatory requirements, Dentistry must process the data subject’s identifying information and information that confirms the diagnosis, justifies examinations and treatment methods, and accurately reflects the treatment results. In this case, to achieve the service provision goal, Dentistry may process the widest possible scope of personal data, including name, surname, personal identification number, contact information, information about past illnesses, information about received and ongoing dental services, and other information that the respective Dentistry specialist chooses to ascertain and record in the medical documentation.
4.1.2. When communicating in writing with Dentistry, the content and time of the communication, as well as information about the used communication tool (email address, phone number, etc.), may be retained;
4.1.3. Dentistry analyzes website visit history using online identifiers, as well as intentionally provided information by the data subject (e.g., feedback on provided services, website visit experience, movement, information about the desire to register for any of the services provided by Dentistry, etc.), to conduct market research and opinion analysis. Information about the legal and factual circumstances of cookie use is available in the Cookie Policy, found below.
Dentistry, in implementing data processing purposes, may store and process the following types of your personal data:
Categories of Personal Data | Examples |
---|---|
Identification data | Name, surname, personal identification number, date of birth, data of identity document. |
Contact information | Declared residence address, phone, email addresses, etc. |
Patient data |
- Identifying information;
- Information that confirms the diagnosis, justifies examinations and treatment methods, and accurately reflects treatment results. In this case, to achieve the goal of providing dental services, Dentistry may process the widest possible scope of personal data, including name, surname, personal identification number, contact information, health insurance data, any kind of health data directly or indirectly related to the provision of dental services, including but not limited to information about dental health status, oral hygiene, general health status, prescribed and used medications, performed procedures and manipulations, any side effects of medications, allergies, diseases experienced during a lifetime. | | Employee data | Name, surname, position, information about the specialist’s education, achievements, work contributions in the respective specialty, reports, correspondence, etc. | | Employment and career history, health information | (mandatory health check-up data), training, ethics violations, etc. | | Financial data | Bank account number, invoices, salary or remuneration amount, other payment data for used dental services. | | Management function data | Applications, contracts, orders, etc. | | Information system audit records | Successful or unsuccessful login attempts to the information system, changes made by users, etc. | | Access data to information systems | Usernames and passwords assigned to the data subject | | Photos and images | Employee photos, images from public events, etc. |
4.2. In the context of providing services, Dentistry may obtain additional information from the Data Subject and from other third parties, which primarily covers but is not limited to referral information, information about previous treatment cases, information obtained within the specific treatment episode.
4.3. The specific amount of information depends on the nature of the service provided and the applicable regulatory requirements governing the conditions for providing the service.
4.4. Dentistry recognizes that in providing its services, it processes health data, which is considered a special category of personal data within the context of the Regulation.
V. Categories of recipients of personal data
5.1. Categories of recipients of personal data: the data subject, Dentistry and its authorized employees and processors, state and municipal institutions in cases specified by regulatory acts, law enforcement and supervisory authorities, courts.
5.2. Your data may be transferred to your relatives only with your authorization and consent.
5.3. To ensure the rights of Dentistry, the safety of employees, third parties, and property, data may also be transferred to other competent institutions or law enforcement agencies, but only if necessary in accordance with applicable regulatory acts and in the manner specified therein.
5.4. Dentistry’s involved data processors may process your personal data only according to our instructions and may not use them for other purposes or transfer them to other persons without our consent. Such persons may include database software maintainers, database administration service providers, data center maintenance and cloud computing service providers. In each case, we provide processors with only the necessary amount of data for the specific task or service provision. Additionally, they must ensure the protection of your data in accordance with applicable regulatory requirements and our written agreement, which, among other things, stipulates the irreversible deletion of your data after the task is completed or cooperation ends.
VI. Transfer of personal data to third countries or international organizations and automated decision-making
6.1. Dentistry does not intend to transfer personal data to third countries or international organizations.
6.2. Automated decision-making is not performed in Dentistry.
VII. Rights of the data subject
7.1. You have the right to receive our confirmation of whether we process your personal data, as well as the right to access your personal data that we process, information about the purposes of data processing, the categories of processed data, the categories of data recipients, the period of data processing, the sources of data acquisition, as well as their meaning and consequences.
7.1.1. Most of this information is provided to you in this Policy.
7.1.2. If the information provided in this Policy is not sufficient for you, you can always contact us using the contact information provided in point 1.1 of this Policy.
7.2. If the data we hold has changed or you see that the information we process about you is inaccurate or incorrect, you have the right to request to change, correct, or update this information.
7.3. In cases where we process your data based on your consent, you have the right to withdraw your consent at any time, and the data processing based on your consent will be stopped. Such processing will not be stopped if it is required by law or by an order of a competent authority or if, given the nature of the processing, it is not possible.
7.4. In any situation, we may retain your given consent and proof of it for a longer period if necessary to protect our rights in connection with claims or disputes against us.
7.5. If you believe that we process your data in violation of data protection regulatory requirements, we encourage you to contact us directly.
7.6. If you are not satisfied with our response and justification or if you believe we are not taking necessary actions, you have the right to submit a complaint to the supervisory authority, which in the Republic of Latvia is the Data State Inspectorate (www.dvi.gov.lv; Blaumaņa iela 11/13-15, Riga, LV-1011).
7.7. You have the right to object to the processing of personal data if personal data is processed based on our legitimate interests.
7.8. Under the appropriate conditions specified in data protection regulatory acts, for example, if personal data is processed unlawfully, the legal basis for data processing no longer exists, you have the right to request that we delete your personal data. If you wish to exercise these rights, please submit a written request to us.
7.9. In case the personal data we process is used for other purposes mentioned in this Policy, and the legal basis for their processing is not consent, we may retain the relevant information to ensure other purposes are achieved.
7.10. Under the appropriate conditions specified in data protection regulatory acts, for example, if personal data is processed unlawfully, you dispute the accuracy of the data, you submit objections to the data processing based on our legitimate interests, you have the right to restrict your data processing.
7.11. You have the right to request the portability of the data you have provided to us in electronic form. Upon receiving your request for data portability, we will ensure the realization of your rights by providing the data in a widely used and machine-readable format or by sending the requested data electronically to the addressee of your choice, according to the information specified in your request.
7.12. To protect all personal data subjects from unauthorized disclosure, when we receive your request to provide data or exercise other rights, we will need to verify your identity. For this purpose, we may ask you to present an identity document, and if the request concerns your legally represented person – a birth certificate, authorization, or other representation-confirming document, except when the situation allows fulfilling your request without such verification. If you do not confirm your identity and/or representation, we will reject your submitted request.
7.13. Upon confirming that you are eligible to fulfill your request, we undertake to provide you with information about the progress of your request within one month from receiving your request and completing the verification procedure.
7.14. If your request is submitted electronically, we will also provide the response to you electronically, except in cases where it is not possible, for example, due to the large volume of information or if you request a different method.
7.15. If we are forced to reject your request due to the circumstances specified in regulatory acts, we will inform you in writing about the refusal, justifying it accordingly.
7.16. If the response is sent by mail, it is addressed to the data subject (the person whose personal data is requested) in a registered letter. If the response is provided electronically, it is signed with a secure electronic signature (if the application has been submitted with a secure electronic signature).
7.17. The data subject (patient) has the right to receive one free copy of their personal data processed in Dentistry. The receipt and/or use of the provided information may be limited to prevent adverse effects on the rights and freedoms of other persons (including Dentistry employees).
VIII. Personal data security
8.1. We use various security technologies and procedures to protect your personal information from unauthorized access, use, or disclosure. Personal data is available only to those persons who need it for their job duties and only to the necessary extent. All persons with access to health and genetic data have signed confidentiality agreements, and these persons are informed about personal data protection rules and regularly trained.
8.2. Our selected service providers are carefully chosen, and we require them to use appropriate measures to protect the confidentiality of your data and ensure the security of your personal information. However, if information is transmitted over the internet or mobile communications, its security cannot be fully guaranteed, so you must independently assess the risks associated with information confidentiality and assume them if you decide to provide us with any information in the specified ways.
IX. Personal data storage
9.1. Dentistry stores personal data according to its document classification for no longer than necessary to achieve the respective purpose of personal data processing.
9.2. When choosing criteria for personal data storage, Dentistry considers the following circumstances:
9.2.1. whether the personal data storage period is specified or derived from the laws and regulations of the Republic of Latvia and the European Union;
9.2.2. the period for which the respective personal data needs to be stored to ensure the realization and protection of the legitimate interests of Dentistry or a third party;
9.2.3. until the consent given by the data subject for personal data processing is withdrawn and there is no other legal basis for data processing, for example, to fulfill obligations binding on Dentistry;
9.2.4. Dentistry needs to protect the vital interests of the data subject or another natural person, including life and health.
9.3. In providing dental services, Dentistry complies with specific regulatory acts that determine its obligation to retain certain data. If you wish to receive detailed information, please contact Dentistry using the contact information provided above.
9.4. The record of incoming and outgoing communications (emails, postal letters) to ensure the legitimate interests of Dentistry will be retained for a period not exceeding five years unless the respective communication reflects potentially unlawful behavior or behavior that may help Dentistry or third parties ensure their legal interests. In this case, the respective document may be retained until the legal interest is ensured.
9.5. After the storage period, personal data will be irreversibly deleted unless there is an obligation to retain them according to regulatory acts.
9.6. Longer storage of the specifically indicated personal data in this Policy may be carried out only if:
- it is necessary to protect our rights in connection with claims, complaints, or demands;
- there are reasonable suspicions of unlawful activities requiring investigation;
- your data is needed for proper handling of a dispute or complaint.
X. Necessity of providing personal data
The obtained personal data is used to provide the respective services and to realize the activities of Dentistry to the necessary extent, according to regulatory requirements. If personal data is not provided, Dentistry has no legal basis to provide the respective service to the data subject.
XI. Changes to the privacy policy
11.1. Dentistry reserves the right to make changes to its Privacy Policy if certain circumstances change that affect the regulation of personal data processing. Dentistry recommends visiting this section regularly to find the latest information.
11.2. Dentistry retains previous versions of the Privacy Policy, which are available on the Dentistry website.