Privacy Policy

The controller of personal data processing is SIA SmartOmica Clinic, registration number 40203263591, legal address: Riga, Tērbatas street 36 - 4, LV-1011 (hereinafter – the Clinic).

Contact details for communication about personal data processing issues

Data protection specialist — Sofja Batalova
Phone: +371 25955855
E-mail address: dpo@smartomica.clinic

‍The aim of this privacy policy is to provide to the data subject, natural person – a client, visitor, employee, etc. of the clinic – with the information on the aim of natural person's data processing, legal basis, scope of the processing, data protection, data processing duration and data subject rights at the time when personal data is obtained and during data processing. The privacy policy applies to a natural person (hereinafter – the Person or the Data subject), with whom the Clinic concludes any type of agreement or which receives, have received or plans to receive the services provided by the Clinic, including, the legal representative of this person or the authorized person, who visits the Clinic, contacts the Clinic, including, via electronic communications, visits the website of the Clinic: www.smartomica.clinic 

In particular cases, the Clinic can obtain Personal data from the person's treating physician or other medical institution.

Personal data is any information relating to the identified or identifiable natural person, including, but not only, name, surname, contact details, health data, etc. (hereinafter – the Personal data).

Data processing policy is applicable to Personal data processing, irrespective of how and/or where the Person provides personal data (in person, in writing, by phone or e-mail, visiting the website of the Clinic, etc.).

The Clinic carries out Personal data processing and ensures personal data protection in accordance with Regulation (EU) No. 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation), (hereinafter – the Regulation), the Personal Data Protection Law, the Law on the Rights of Patients and other current laws and regulations governing protection of personal data.

What personal data is processed

The Clinic can obtain and process the following Personal data: name, surname; personal identity number (and/or date of birth); contact information: phone number, e-mail, address of place of residence; citizenship; weight; height; information on the health state, diagnoses, results of previous examinations and other data, necessary for personal data processing purposes.

Purpose of data processing

The Clinic carries out Personal data processing for the following purposes:

1) For the provision of medical services, including:

• for identification of the patient; 
• for making an appointment with the Clinic's specialists and for organization of the patients flow;
• for the preparation of the patient's medical documents in accordance with the requirements specified in regulatory enactments;
• for the preparation and conclusion of agreements with patients;
• for the provision of medical treatment and medical consultations;
• for administration of settlements;
• for the assessment of patients' objections and claims;
• for the processing and storage of incoming and outgoing correspondence (e-mails, postal letters, etc.);

2) For the provision of the information to the national regulatory authorities in accordance with the procedures specified in regulatory enactments;
3) For the ensurance of protection of property and safety and of the Clinic’s visitors, patients and employees through video surveillance;
4) For the conclusion of agreements and fulfilment of obligations arising therefrom;
5) For the conduction of scientific and research work in the field of disease research;
6) For the maintenance of the Clinic's website and the improvement of its performance.

Legal basis for data processing

Data processing with the aim to ensure the provision of medical services is carried out in accordance with Section 6, paragraph 1, subparagraphs b) and c) and Section 9, paragraph 2, subparagraph h) of the Regulation. Personal data processing can be carried out to ensure the legitimate interests of the Controller and the third parties (for instance, in order to investigate cases, when complains are received regarding the quality of the provided medical services, to carry out ex-post control, improve the provision of medical services, administer the provided services, as well as to ensure evidence against possible claims, complaints, etc.), on the basis of Section 6, paragraph 1, sub-paragraph f) of the Regulation.

Data processing with the aim to provide information to the national regulatory authorities is carried out in accordance with Section 6, paragraph 1, subparagraph c) and Section 9, paragraph 2, subparagraph h) of the Regulation, providing information to the institutions in accordance with the procedures and to the extent specified in the regulatory enactments.

Concluding civil-law contracts, the Clinic conducts Personal data processing, on the basis of Section 6, paragraph 1, subparagraph b) of the Regulation, with the aim to process data, which is necessary for the fulfilment of the contract.

Data processing, which is related to scientific and research work, is carried out on the basis of Section 9, paragraph 2, subparagraph a) of the Regulation – if the Data subject has provided consent for processing of such data.

In order to ensure the analysis of the website visits maintained by the Controller and obtain anonymous overview of the user activity, Google Analytics tool is used, allowing to analyse the efficiency of the website and the user activity. The tool uses cookies sent by the web server to a web browser that stores information on the Data subject's computer, phone or other device, from which the site is accessed. For more information about cookies visit: www.aboutcookies.org. The obtained data protection is ensured in accordance with the Terms of Service of Google Analytics available at: google.com/analytics/terms/us.html. The Data subject may choose to delete cookies already saved on his device and to prevent the browser from storing them.

Personal data storage period

The clinic stores and processes personal data, while at least one of the following criteria exists:

• The regulatory enactments binding on the Clinic provide for the obligation to store the specific data;
• until the obligations arising from the agreement concluded between the Clinic and the patient are fully fulfilled, or until the patient is provided with medical treatment;
• as long as the Person's consent to the relevant processing of Personal data is valid, unless there is another legal basis for the processing of data;
• while Personal data is necessary to achieve a specific purpose of Data processing.

The Clinic shall permanently delete the Personal data upon the expiration of the time-limit or purpose of personal data storage. The Clinic is entitled to determine a new purpose of personal data processing, if it follows from the requirements of regulatory enactments or is reasonably necessary for the protection of the legal interests of the Clinic.

Recipients of personal data

The clinic does not disclose the personal data or any other information about the data subject, which is obtained during the provision of services or during the term of the agreement, to third parties, except if the data must be disclosed to the relevant third party:

• within the framework of the concluded agreement, in order to perform a function necessary for the fulfilment of the agreement or entrusted by law;
• in accordance with clearly and unambiguously expressed consent of the Data subject;
• to the persons provided for in the external regulatory enactments upon their appropriate and substantiated request, in accordance with the procedures and to the extent specified in these regulatory enactments;
• in cases specified in the external regulatory enactments, for the protection of the legitimate interests of the Clinic.

In order to ensure the legitimate interests of the Clinic, the Clinic is entitled to engage personal data processors for the processing of personal data. The Clinic shall take the necessary measures to ensure that such processors, when processing personal data, implement appropriate technical and organizational measures to comply with the requirements of the Regulation and to ensure the protection of the Data subject's rights.

Data subject's rights

In accordance with the procedures specified in regulatory enactments, the person has the right to receive information from the Clinic regarding the Personal data processed by the Clinic, the purpose for which it is used and processed, the terms of storage and the recipients of this Personal data.

The person, submitting an appropriate notice, has the right to request the Clinic to correct without undue delay inaccurate or supplement incomplete Personal data.

The person may submit a request for the exercise of his/her rights in writing in person at the legal address of the Clinic, presenting an identity document, sending a hand-signed application to the legal address of the Clinic or by e-mail, signing the document with a secure electronic signature.

The Person is entitled to request the deletion of his/her Personal data if the Person considers that the Personal data has been processed unlawfully, or are no longer necessary for the original purposes, for which they were collected and/or processed, or the Person has withdrawn his/her consent, on the basis of which the processing was performed.

The Person may object to the processing of his/her Personal data by the Clinic on the basis of the Clinic's legitimate interests. The Clinic terminates Personal data processing, unless the Clinic indicates compelling legitimate reasons that are more important than the interests, rights and freedoms of the Data subject, or to raise, implement or defend legal claims.

The person has the right to receive data about himself/herself from the Clinic in order to store it or provide an opportunity for re-use of the data by transferring it to another data controller or processor.

The Person has the right to withdraw his/her consent to the Personal data processing in the same way as it was provided at any time, or by sending a relevant notice to the e-mail address: dpo@smartomica.clinic, by post to the legal address of the Clinic, or submitting in person at the Clinic. Upon receipt of the withdrawal, the Clinic undertakes not to conduct further processing of Personal data based on the prior consent of the Person. Withdrawal of the consent does not affect the processing of Personal data carried out during the period of validity of the Person's consent.

If the Person has reasonable doubts or suspicions that the processing of his/her Personal data is not performed in compliance with the requirements of the Regulation, as well as other regulatory enactments, and the rights of the Person have been violated, he/she has the right to address the Data State Inspectorate, submitting a substantiated complaint.

Other provisions

The Clinic has the right to make additions and amendments to the Privacy policy or to develop a new policy, if certain circumstances, which affect the regulation of personal data processing, change. The Clinic publishes the current version of the Privacy policy on its website and makes it available at the Clinic's reception, as well as informs the persons, whose data is processed, about changes in the Privacy policy.