GK Neiroklīnika Privacy Policy
May 2020
GK Neiroklīnika respects and is committed to protecting your privacy in accordance with the data processing principles described below.
By entering information on our website, you agree to this privacy policy. Please check this policy regularly for updates.
These principles of personal data processing (hereinafter – the Principles) describe the procedure by which GK Neiroklīnika processes personal data.
These principles apply if the customer uses, has used or expressed a wish to use the services provided by GK Neiroklīnika or is otherwise related to the services provided by GK Neiroklīnika, including in relations with the customer, established before the entry into force of these principles.
- Definitions
Customer – any natural person who uses, has used or has expressed a wish to use any of the services provided by GK Neiroklīnika or is connected with them in any other way.
Personal data – any information directly or indirectly related to the Customer.
Processing – any activity related to the processing of personal data (including collection, recording, storage, modification, provision of access, executing queries, transfer, etc.).
GK Neiroklīnika is a legal entity whose legal address is in Latvia and which acts as the controller of Personal Data. - General terms and conditions
- These principles describe how GK Neiroklīnika processes Personal Data.
- Within the framework of applicable laws and regulations, GK Neiroklīnika ensures the confidentiality of Personal Data and has implemented appropriate technical and organisational measures to protect Personal Data from unauthorised access, unlawful Processing or disclosure, accidental loss, alteration, or destruction.
- Personal data categories
Personal data may be collected from the Customer, from the use of the customer services and from external sources, such as public and private registers or third parties. The categories of Personal Data that GK Neiroklīnika mainly, but not exclusively, collects and processes are:
identification data, for example, name, last name, personal identity number, date of birth;
contact information, for example, address, phone number, e-mail;
data which have been obtained and/or created in the performance of duties provided for in the regulatory enactments, for example, data resulting from requests for information received from investigative bodies, courts;
data obtained through communication – data obtained when GK Neiroklīnika communicates with the Customer by phone, e-mail, or through social media, by communicating with the Customer on websites and other GK Neiroklīnika channels;
service-related data: payment for services, use of GK Neiroklīnika services, consent to receive services, requests, complaints and gratitude, answers to questions.
- Purpose and legal grounds for personal data processing
GK Neiroklīnika primarily processes Personal Data for the following purposes.
- For general customer relationship management, customer service, service provision, and administration.
To serve the Customer and provide the service, to ensure the topicality and accuracy of the data, to check and supplement the data using external or internal sources based on the need to provide the service, or to provide medical service at the Customer’s request.
- To protect the interests of the Customer and GK Neiroklīnika.
To protect the interests of the Customer and/or GK Neiroklīnika and to follow the quality of services provided by GK Neiroklīnika, to provide evidence of services provided and other communications based on the Customer’s request, to provide medical services or prevent, limit, and investigate the unfair use of GK Neiroklīnika services or interrupting the services; for in-house training or service quality assurance.
To guarantee the safety of GK Neiroklīnika and/or the Customer, protect the life and health of the Customer and/or its representatives and other rights of GK Neiroklīnika and the Customer to protect the Customers, employees, visitors, and GK Neiroklīnika assets based on the legitimate interests of GK Neiroklīnika.
- To prevent the fraudulent use of services and to ensure the proper provision of services.
To authorise and control access to and the operation of digital channels, to prevent unauthorised access and their fraudulent use, to ensure the security of information based on the Customer’s request to take action before receiving the service, or to fulfil a legal obligation or control the access to and operation of GK Neiroklīnika digital services in the legitimate interests of the Clinic.
To improve technical systems, IT infrastructure, adapt service display on devices, and develop GK Neiroklīnika services, for example, by testing and improving technical systems and IT infrastructure based on GK Neiroklīnika legitimate interests to improve technical systems and IT infrastructure.
- Recipients of personal data
Personal data is transferred to other recipients, for example: - institutions – law enforcement institutions;
- third parties who maintain registers – Ārstu birojs, accounting;
- other persons who are related to the provision of GK Neiroklīnika services, including archiving, postal service providers, customer service providers, for whose services the Customer has applied: e-prescriptions, e-sick leave certificates.
- Geographical area of processing
- Personal data is processed in the European Union, the European Economic Area.
- Storage period and safety
- Personal data will only be processed for as long as necessary. The storage period may be based at the time of receipt of the services, the legitimate interests of GK Neiroklīnika, or the applicable regulatory enactments (Personal Data Protection Law, Law on Accounting, etc.).
GK Neiroklīnika takes all necessary measures to ensure that the Customer’s data is processed securely and in accordance with this Privacy Policy. All information provided by the Customer is stored on secure servers.
Measures are implemented to protect the Customer’s personal data from accidental loss and unauthorised access, use, modification, and disclosure. All information provided by the Customer is stored on secure servers with a firewall.
Upon the receipt of information about unauthorised access to Customer Information, possible procedures and security features will be used to prevent this.
- Cookies
Cookies are small files that are stored on a browser or hard drive on a Customer’s computer. The use of cookies allows us to improve the operation of the website, as well as provide a better and more personalised service. It allows us to assess the extent of the audience and their usage habits, to store information about the Customers’ wishes to customise the website according to the Customers’ individual interests, and to speed up the search.
Customer can set the browser to refuse cookies or receive an alert when cookies are sent. By refusing cookies, some sections of the site may be inaccessible.
By using the website, the Customer agrees to the use of cookies.
- Rights of the Customer as a data subject
The Customer (data subject) has the right to Process his/her data, which is classified as Personal Data in accordance with the applicable regulatory enactments. These rights are generally as follows: - to request the correction of his/her Personal Data if it is inaccurate, incomplete or incorrect;
- to object to the Processing of one’s Personal Data, if the use of Personal Data is based on the legitimate interests;
- to request the deletion of one’s Personal Data, for example, if the Personal Data is processed on the basis of consent and the Customer has withdrawn his/her consent. This right is not applicable if Personal Data, the deletion of which is requested, are processed on the basis of another legal basis, such as obligations arising from the relevant regulatory enactments;
- to restrict the Processing of one’s Personal Data in accordance with the applicable regulatory enactments, for example, during the time when GK Neiroklīnika evaluates whether the Customer has the right to delete his/her data;
- to receive information on whether GK Neiroklīnika processes one’s Personal Data and, if it does, also to access them;
- to receive his/her Personal Data provided and processed on the basis of written consent or in one of the most frequently used electronic formats and, if possible, transfer such data to another service provider (data portability);
- withdraw his/her consent to Personal Data processing;
- to submit complaints regarding the use of Personal Data to the Data State Inspectorate (www.dvi.gov.lv), if the Customer considers that the Processing of Personal Data violates its rights and interests in accordance with the applicable regulatory enactments.
- Contact information
- The Customer may contact GK Neiroklīnika regarding questions, withdrawal of consent, requests, exercise of data subjects’ rights and complaints about the use of Personal Data.
- Contact information of GK Neiroklīnika is available on the website of GK Neiroklīnika www.gkneiroklinika.lv.
- Contact details of the appointed data protection specialist: datuaizsardziba@gkneiroklinika.lv or Brīvības gatve 410, Riga, LV-1024, with a mark – GK Neiroklīnika “Data protection specialist”.
- Validity and amendment of principles
- These principles are available to the Customers at the reception of GK Neiroklīnika.
- GK Neiroklīnika is entitled to unilaterally amend these Principles at any time in accordance with the applicable laws and regulations, notifying the Customer of the respective amendments at GK Neiroklīnika, on the related websites, by post, or by e-mail no later than one month before the amendments enter into force.