DATA PRIVACY POLICY
SIA “Pallas Clinic”
I. CONTROLLER INFORMATION AND CONTACT DETAILS
The controller of the processing of personal data is SIA “Pallas Clinic”, registration No. 42103111641, registered address: Jaunzemu Street 4-1, Mārupe, LV-2167, Latvia.
Contact regarding personal data processing:
By mail: Jaunzemu Street 4-1, Mārupe, LV-2167, Latvia
By e-mail: [email protected]
Via the contact form available on the Clinic’s website.
The same contact details apply for reporting possible personal data breaches.
II. GENERAL INFORMATION
This Privacy Policy explains how the Clinic collects, processes, stores and protects personal data.
The policy applies to:
• Clinic patients (past, present and potential)
• visitors to the Clinic premises
• visitors to the Clinic’s website.
Personal data may be collected in person, via the website, in written form, electronically or by telephone.
The Clinic processes personal data in accordance with:
• Regulation (EU) 2016/679 (GDPR)
• Latvian Patients’ Rights Law
• Personal Data Processing Law
• other applicable laws governing healthcare data.
The Clinic implements administrative, technical and physical security measures to protect personal data.
III. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
Personal data is processed for the following purposes:
• providing healthcare services
• patient identification and registration
• medical documentation
• consultations and diagnostics
• appointment reminders
• payment administration
• quality control and patient satisfaction evaluation
• responding to complaints
• cooperation with laboratories and healthcare partners
• compliance with legal obligations.
Legal bases for processing include:
• Article 6(1)(b) GDPR – contract performance
• Article 6(1)(c) GDPR – legal obligation
• Article 6(1)(f) GDPR – legitimate interests
• Article 9(2)(a) GDPR – patient consent
• Article 9(2)(h) GDPR – provision of healthcare.
The Clinic processes health data, which is a special category of personal data under Article 9 GDPR.
IV. TYPES OF PERSONAL DATA PROCESSED
The Clinic may process:
• name and surname
• personal identification number
• address
• telephone number
• e-mail address
• passport or ID details.
Additional data may include:
• medical history
• laboratory results
• diagnostic findings
• referral documentation
• treatment information.
The amount of processed data depends on the nature of healthcare services provided.
V. PROCESSING AND PROTECTION OF PERSONAL DATA
The Clinic processes personal data using modern technological solutions and appropriate security measures.
Technical and organizational safeguards are continuously updated in accordance with industry standards.
VI. USE AND DISCLOSURE OF PERSONAL DATA
Personal data may be used:
• for healthcare services
• for administration and billing
• for cooperation with laboratories or medical partners.
Employees only access data necessary for their duties.
Personal data may be transferred to:
• partner laboratories
• diagnostic centres
• healthcare institutions involved in treatment.
The Clinic ensures confidentiality obligations for all partners.
VI.A INTERNATIONAL PATIENT DATA PROCESSING
The Clinic provides services to international patients and may transfer personal and medical data internationally where necessary.
Such data may be transferred to partner laboratories, diagnostic centres, and medical institutions involved in the patient’s treatment.
Transfers outside the EU or EEA occur only where appropriate safeguards exist under GDPR, including patient consent or standard contractual clauses.
VII. RETENTION OF PERSONAL DATA
Personal data is stored:
• while healthcare services are provided
• as long as required by law
• as long as necessary for handling requests or complaints
• while patient consent remains valid.
Data is deleted or anonymized when retention is no longer necessary.
VII.A MEDICAL DATA CONFIDENTIALITY
Health-related data is treated as strictly confidential.
Medical data is processed only for purposes directly related to healthcare services.
Access is limited to authorized medical professionals and employees.
The Clinic implements measures to protect medical data from unauthorized access or disclosure.
VIII. DATA SUBJECT RIGHTS
Patients have the right to:
• access their personal data
• request correction or deletion
• restrict processing
• object to processing
• request data portability.
Complaints may be submitted to the Data State Inspectorate of Latvia.
IX. CONSENT AND WITHDRAWAL
Where processing is based on consent, the patient may withdraw consent at any time.
Withdrawal does not affect processing carried out before consent withdrawal.
X. WEBSITE AND COOKIES
The Clinic’s website may use cookies to improve user experience.
Visitors may disable cookies in their browser settings.
Third-party websites linked from the Clinic website may have separate privacy policies.
XI. PRIVACY POLICY CHANGES
The Clinic may update this Privacy Policy if changes occur in legislation or data processing practices.
The latest version will always be available on the Clinic website.
DATA PRIVACY POLICY
SIA “Pallas Clinic”
I. CONTROLLER INFORMATION AND CONTACT DETAILS
The controller of the processing of personal data is SIA “Pallas Clinic”, registration No. 42103111641, registered address: Jaunzemu Street 4-1, Mārupe, LV-2167, Latvia.
Contact regarding personal data processing:
By mail: Jaunzemu Street 4-1, Mārupe, LV-2167, Latvia
By e-mail: [email protected]
Via the contact form available on the Clinic’s website.
The same contact details apply for reporting possible personal data breaches.
II. GENERAL INFORMATION
This Privacy Policy explains how the Clinic collects, processes, stores and protects personal data.
The policy applies to:
• Clinic patients (past, present and potential)
• visitors to the Clinic premises
• visitors to the Clinic’s website.
Personal data may be collected in person, via the website, in written form, electronically or by telephone.
The Clinic processes personal data in accordance with:
• Regulation (EU) 2016/679 (GDPR)
• Latvian Patients’ Rights Law
• Personal Data Processing Law
• other applicable laws governing healthcare data.
The Clinic implements administrative, technical and physical security measures to protect personal data.
III. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
Personal data is processed for the following purposes:
• providing healthcare services
• patient identification and registration
• medical documentation
• consultations and diagnostics
• appointment reminders
• payment administration
• quality control and patient satisfaction evaluation
• responding to complaints
• cooperation with laboratories and healthcare partners
• compliance with legal obligations.
Legal bases for processing include:
• Article 6(1)(b) GDPR – contract performance
• Article 6(1)(c) GDPR – legal obligation
• Article 6(1)(f) GDPR – legitimate interests
• Article 9(2)(a) GDPR – patient consent
• Article 9(2)(h) GDPR – provision of healthcare.
The Clinic processes health data, which is a special category of personal data under Article 9 GDPR.
IV. TYPES OF PERSONAL DATA PROCESSED
The Clinic may process:
• name and surname
• personal identification number
• address
• telephone number
• e-mail address
• passport or ID details.
Additional data may include:
• medical history
• laboratory results
• diagnostic findings
• referral documentation
• treatment information.
The amount of processed data depends on the nature of healthcare services provided.
V. PROCESSING AND PROTECTION OF PERSONAL DATA
The Clinic processes personal data using modern technological solutions and appropriate security measures.
Technical and organizational safeguards are continuously updated in accordance with industry standards.
VI. USE AND DISCLOSURE OF PERSONAL DATA
Personal data may be used:
• for healthcare services
• for administration and billing
• for cooperation with laboratories or medical partners.
Employees only access data necessary for their duties.
Personal data may be transferred to:
• partner laboratories
• diagnostic centres
• healthcare institutions involved in treatment.
The Clinic ensures confidentiality obligations for all partners.
VI.A INTERNATIONAL PATIENT DATA PROCESSING
The Clinic provides services to international patients and may transfer personal and medical data internationally where necessary.
Such data may be transferred to partner laboratories, diagnostic centres, and medical institutions involved in the patient’s treatment.
Transfers outside the EU or EEA occur only where appropriate safeguards exist under GDPR, including patient consent or standard contractual clauses.
VII. RETENTION OF PERSONAL DATA
Personal data is stored:
• while healthcare services are provided
• as long as required by law
• as long as necessary for handling requests or complaints
• while patient consent remains valid.
Data is deleted or anonymized when retention is no longer necessary.
VII.A MEDICAL DATA CONFIDENTIALITY
Health-related data is treated as strictly confidential.
Medical data is processed only for purposes directly related to healthcare services.
Access is limited to authorized medical professionals and employees.
The Clinic implements measures to protect medical data from unauthorized access or disclosure.
VIII. DATA SUBJECT RIGHTS
Patients have the right to:
• access their personal data
• request correction or deletion
• restrict processing
• object to processing
• request data portability.
Complaints may be submitted to the Data State Inspectorate of Latvia.
IX. CONSENT AND WITHDRAWAL
Where processing is based on consent, the patient may withdraw consent at any time.
Withdrawal does not affect processing carried out before consent withdrawal.
X. WEBSITE AND COOKIES
The Clinic’s website may use cookies to improve user experience.
Visitors may disable cookies in their browser settings.
Third-party websites linked from the Clinic website may have separate privacy policies.
XI. PRIVACY POLICY CHANGES
The Clinic may update this Privacy Policy if changes occur in legislation or data processing practices.
The latest version will always be available on the Clinic website.