The controller of personal data processing is SIA SmartOmica Clinic, registration number 40203263591, legal address: Riga, Tērbatas street 36 - 4, LV-1011 (hereinafter – the Clinic).
In particular cases, the Clinic can obtain Personal data from the person's treating physician or other medical institution.
Personal data is any information relating to the identified or identifiable natural person, including, but not only, name, surname, contact details, health data, etc. (hereinafter – the Personal data).
Data processing policy is applicable to Personal data processing, irrespective of how and/or where the Person provides personal data (in person, in writing, by phone or e-mail, visiting the website of the Clinic, etc.).
The Clinic carries out Personal data processing and ensures personal data protection in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), (hereinafter – the Regulation), the Personal Data Protection Law, the Law on the Rights of Patients and other current laws and regulations governing protection of personal data.
The Clinic can obtain and process the following Personal data: name, surname; personal identity number (and/or date of birth); contact information: phone number, e-mail, address of place of residence; citizenship; weight; height; information on the health state, diagnoses, results of previous examinations and other data, necessary for personal data processing purposes.
The Clinic carries out Personal data processing for the following purposes:
1) For the provision of medical services, including:
2) For the provision of the information to the national regulatory authorities in accordance with the procedures specified in regulatory enactments;
3) For the ensurance of protection of property and safety and of the Clinic’s visitors, patients and employees through video surveillance;
4) For the conclusion of agreements and fulfilment of obligations arising therefrom;
5) For the conduction of scientific and research work in the field of disease research;
6) For the maintenance of the Clinic's website and the improvement of its performance.
Data processing with the aim to ensure the provision of medical services is carried out in accordance with Section 6, paragraph 1, subparagraphs b) and c) and Section 9, paragraph 2, subparagraph h) of the Regulation. Personal data processing can be carried out to ensure the legitimate interests of the Controller and the third parties (for instance, in order to investigate cases, when complains are received regarding the quality of the provided medical services, to carry out ex-post control, improve the provision of medical services, administer the provided services, as well as to ensure evidence against possible claims, complaints, etc.), on the basis of Section 6, paragraph 1, sub-paragraph f) of the Regulation.
Data processing with the aim to provide information to the national regulatory authorities is carried out in accordance with Section 6, paragraph 1, subparagraph c) and Section 9, paragraph 2, subparagraph h) of the Regulation, providing information to the institutions in accordance with the procedures and to the extent specified in the regulatory enactments.
Concluding civil-law contracts, the Clinic conducts Personal data processing, on the basis of Section 6, paragraph 1, subparagraph b) of the Regulation, with the aim to process data, which is necessary for the fulfilment of the contract.
Data processing, which is related to scientific and research work, is carried out on the basis of Section 9, paragraph 2, subparagraph a) of the Regulation – if the Data subject has provided consent for processing of such data.
The clinic stores and processes personal data, while at least one of the following criteria exists:
The Clinic shall permanently delete the Personal data upon the expiration of the time-limit or purpose of personal data storage. The Clinic is entitled to determine a new purpose of personal data processing, if it follows from the requirements of regulatory enactments or is reasonably necessary for the protection of the legal interests of the Clinic.
The clinic does not disclose the personal data or any other information about the data subject, which is obtained during the provision of services or during the term of the agreement, to third parties, except if the data must be disclosed to the relevant third party:
In order to ensure the legitimate interests of the Clinic, the Clinic is entitled to engage personal data processors for the processing of personal data. The Clinic shall take the necessary measures to ensure that such processors, when processing personal data, implement appropriate technical and organizational measures to comply with the requirements of the Regulation and to ensure the protection of the Data subject's rights.
In accordance with the procedures specified in regulatory enactments, the person has the right to receive information from the Clinic regarding the Personal data processed by the Clinic, the purpose for which it is used and processed, the terms of storage and the recipients of this Personal data.
The person, submitting an appropriate notice, has the right to request the Clinic to correct without undue delay inaccurate or supplement incomplete Personal data.
The person may submit a request for the exercise of his/her rights in writing in person at the legal address of the Clinic, presenting an identity document, sending a hand-signed application to the legal address of the Clinic or by e-mail, signing the document with a secure electronic signature.
The Person is entitled to request the deletion of his/her Personal data if the Person considers that the Personal data has been processed unlawfully, or are no longer necessary for the original purposes, for which they were collected and/or processed, or the Person has withdrawn his/her consent, on the basis of which the processing was performed.
The Person may object to the processing of his/her Personal data by the Clinic on the basis of the Clinic's legitimate interests. The Clinic terminates Personal data processing, unless the Clinic indicates compelling legitimate reasons that are more important than the interests, rights and freedoms of the Data subject, or to raise, implement or defend legal claims.
The person has the right to receive data about himself/herself from the Clinic in order to store it or provide an opportunity for re-use of the data by transferring it to another data controller or processor.
The Person has the right to withdraw his/her consent to the Personal data processing in the same way as it was provided at any time, or by sending a relevant notice to the e-mail address: firstname.lastname@example.org, by post to the legal address of the Clinic, or submitting in person at the Clinic. Upon receipt of the withdrawal, the Clinic undertakes not to conduct further processing of Personal data based on the prior consent of the Person. Withdrawal of the consent does not affect the processing of Personal data carried out during the period of validity of the Person's consent.
If the Person has reasonable doubts or suspicions that the processing of his/her Personal data is not performed in compliance with the requirements of the Regulation, as well as other regulatory enactments, and the rights of the Person have been violated, he/she has the right to address the Data State Inspectorate, submitting a substantiated complaint.