Ltd. (SIA) „Latvijas Amerikas acu centrs”
Chairman of the Board
2018.25.05. Order No.VR-2018-31
1.1. The purpose of Pirvacy Policy (hereinafter - Policy) of Ltd. „Latvijas Amerikas acu centrs” (hereinafter - Data Controller) is to inform clients, patients, staff and cooperation partners about the events executed by Data Controller regarding physical persons that can directly or indirectly identify (hereinafter - Data Subject) personal data protection. The Policy describes what type of personal data are collected, processed, forwarded and stored from the Data Subject; the purpose of collecting, processing, forwarding and storing data, to whom the data is forwarded and why, types and terms of keeping data, rights of Data Subject.
1.2. The Policy is applicable to physical persons’ data collected in any form and environment (personally in premises and territory of the Data Collector, verbally, over the phone, in paper, electronically via e-mail, on social media profiles managed by Data Controller etc.).
1.3. Data Collector has the rights to amend the Policy on his own discretion. The Policy is available in the home page of the Data Collector – www.laac.lv and it is valid since the date of coming in to power.
2. Data Collector
2.1. Data Collector of the personal data is Ltd. „Latvijas Amerikas acu centrs”, Augusta Deglava street 12a, Riga, including also Skolas street 5, Riga, Republikas street 5, Liepāja and doctors’ practices of cooperation partners of LAAC.
3. Applicable legislation
3.1. Regulation (EU) No. 2016/679 of European Parliament and Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter - Regulation).
3.2. Law on data protection of physical persons.
3.3. Law on patients’ rights.
3.4. Law on treatment.
3.5. Other legislation in power in the Republic of Latvia that regulate the protection and privacy of physical persons.
4. Personal data that is collected, processed and stored
4.1. The Data Collector undertakes to collect, process and store only the personal data that is necessary for direct provision of health care services to clients and patients of Data Collector. To protect the interests of Data Subject, Data Collector ensures an honest and lawful processing of personal data only for the purpose of services and within its scope.
4.2. A precise set of data to be collected, processed and stored depends on the type of health care service that is provided. The collected, processed and stored data can include the following information:
4.2.1. Identification data - name, surname, birth date, personal identity number, age and sex of the client or patient;
4.2.2. Contact information - legal and actual place of residence, phone number, e-mail address;
4.2.3. Medical history, medicine being used and used before, body weight, height;
4.2.4. Information that justifies the diagnosis as well as results of diagnostics and treatment;
4.2.5. Video of Data Subject, if the Data Subject is in Data Collector’s premises or territory with surveillance. Data Collector guarantees that surveillance isn’t carried out in territories where the privacy of Data Subject must be maintained;
4.2.6. Content of a telephone conversation, the caller’s number and time, if Data Subject calls the numbers indicated by Data Collector;
4.2.7. When contacting Data Collector by electronic means (e-mail, social media, contact form on Data Collector’s home page www.laac.lv) the name and/or surname, em-mail address, phone number, content of communication, and time indicated in Data Subject’s electronic communication device can be saved;
5. Purpose and legal basis for collecting, processing and storing personal data
5.1. Personal data is collected, processed and stored with the purpose of providing a comprehensive, high quality and as much operative health care service provision as possible to the clients and patients of Data Collector, based on Article 6(1)(b) and (c) of Regulation and Article 9(2)(h) of Regulation.
5.2. Contact information of Data Subject is processed with with the purpose of contacting the Data Subject or providing information only in the interests of him/her, relating to health care services that th Data Subject has applied to, based on Article 6(1)(a) and (c) of Regulation and Article 9(2)(h) of Regulation.
5.3. The video is collected, processed and stored with the purpose of solving criminal offenses against the property of Data Collector and/or Data Subject, based on Article 6(1)(d) and (f) of Regulation.
5.4. Telephone conversation content and electrical communication content is collected, processed and stored with the purpose of improving the quality of services provided by Data Collector and to resolve any claims or disagreements, by ensuring the legitimate interests of Data Subject and Data Collector on the basis of Article 6(1)(f) of Regulation.
5.5. Personal data that is collected when a person visits the homepage of Data Collector, are collected, processed and stored with the purpose of improving the content quality of the homepage and to adjust it to user needs and providing an operative communication, based on Article 6(1)(f) of Regulation.
6. Term of storing personal data
6.1. Personal data is stored in accordance with the order state in the laws and regulations of the Republic of Latvia, including in the Law of Archiving, the concluded contract, or legitimate interests of the Data Collector.
6.2. Video surveillance videos are stored for 90 days, content of telephone calls - 3 years, content of electronic communication - 3 years, if these data aren’t necessary for defending the legal rights of Data Collector or Data Subject for a longer period of time.
7. Safety of storing personal data
7.1. Data Collector ensures the safety of data storing, using protection instruments in devices and programs that store the personal data, as well as carries out organizational measures, for example, limited access to card catalog and archive, the server room.
7.2. In case the safety of Data Subject’s personal data is compromised, Data Collector informs Data Subject about it within 72 hours.
8. Access to personal data
8.1. The personal data of Data Subject can be accessed only by those persons, that require it for providing health care services and supporting processes, gaining statistics required by laws and regulations, for updating and maintaining data, as well as executing other work obligations under the supervision of Data Collector.
8.2. Data Collector undertakes not to forward personal data to third parties, except for cases where the Data Subject has given consent to forwarding the data or it’s necessary for protection of legitimate interests, as well as for insurance companies and National Health Service for executing contractual and legal obligations.
9. Rights of Data Subject
9.1. Rights to access their personal data and receive them in a written or electronic format.
9.2. Rights to request information about when, where, how and why the data was collected, processed and stored.
9.3. Rights to request correction of their personal data if they are wrong, incomplete or have changed.
9.4. Rights to request to delete their personal data.
9.5. Rights to object against the processing of their personal data if Data Subject considers that the data are processed unlawfully and not for the stated purpose.
9.6. Rights to recall their consent to processing personal data.
9.7. Rights to submit claims about using personal data to Data State Inspectorate, if the Data Subject considers that the processing of data violates their rights and interests in accordance with applicable laws and regulations.
Member of the Board Kristīne Ozoliņa-Kaļetova
Member of the Board Una Brūna