UAB „Baltijos dermatologijos klinika“ Conditions of personal data processing

PURPOSES OF PERSONAL DATA PROCESSING, PERSONAL DATA PROCESSED AND OTHER INFORMATION RELATED TO PERSONAL DATA PROCESSING

Health care services provision

Conditions of legal processing provided by GDPR: Art. 6. 1 d. p. a, b, and c, Art. 9 2 d. p. a, b, and h.
Categories of data subjects: persons to whom the Company’s services are provided or have been provided.
Processed personal data: name, surname, contact details (telephone number, e-mail address), data of special categories (services provided, laboratory tests, diagnoses, visits to specialists, photos, descriptions of the services provided by specialists, and the patient’s condition, etc.), name, surname, contact of the person to whom any information about the course of the patient’s treatment and the results of the treatment is provided with the patient.
Storage term: personal data is stored within the terms set by legislation.
Data processing: personal data can only be processed by responsible employees, doctors, and assistants of the Company, and access to this data is strictly limited.
Categories of data recipients: data is provided only to those data recipients who are entitled to receive this data or obliged to provide it by law or other legal acts (lawyers, bailiffs, tax inspectorate, etc.), personal data are not transferred to third countries or international organizations. Also, personal data can be provided to specific data recipients at the request/consent of the data subject.

Video surveillance for the protection of persons and property

Conditions of legal processing provided by GDPR: Art. 6. 1 d. p. c and f.
Categories of data subjects: persons falling within the field of video surveillance. Personal data processed: video data.
Storage period: 2 months.
Data processing: video surveillance is carried out in the Company’s premises (visitor and reception areas). Responsible employees can only use personal data, and access to video data is strictly limited.
Categories of data recipients: data is not provided to anyone except for those data recipients who have the right to receive this data or the obligation to provide it to them by law or other legal acts (law enforcement institutions, insurance companies, etc.), personal data are not transferred to third countries or international organizations.

Recording of telephone conversations to preserve evidence of the terms of future transactions and/or transactions entered into and executed

Conditions of legal processing provided by GDPR: Art. 6. 1 d. a p.
Categories of data subjects: persons calling telephone numbers published by the Company.
Processed personal data: telephone number, conversation recording. Storage term: 6 months.
Data processing: personal data can only be used by responsible employees, and access to conversation recordings is strictly limited.
Categories of data recipients: data is not provided to anyone except for those data recipients who are required by law or other legal acts determine the right to receive these data or the obligation to provide them (to law enforcement authorities, insurance companies, etc.), personal data are not transferred to third countries or international organizations.

Management of cookies on the website

Conditions of legal processing provided by GDPR: Art. 6. 1 d. a p., if there were also non-technical cookies on the Company’s website. It should be noted that the consent of the data subject in accordance with the provisions of the ERĮ is only required for non-technical cookies.
Categories of data subjects: persons browsing the Company’s website.
Processed personal data: when you connect to the website, we process the IP address, network (you’re the browser used by the device), location data, etc.
Data processing: personal data can only be processed by the responsible employees of the service provider, and access to data is strictly limited.
Categories of data recipients: data is not provided to anyone, personal data is not transferred to third countries or international organizations.

Cookies are small text files that our Platform wants to place on your computer or other devices connected to the Internet, such as tablets or smartphones. If your browser settings accept cookies, your browser adds the text in the form of a small file.
Cookies used by the company are necessary for the website’s operation and are technical. Most cookies are deleted from your device when your browser session ends (session cookies). We only use the information stored in the necessary cookies to provide the essential information on the website.

{cookie table}

The cookie notice provides you with information about our use of cookies. By continuing to use our Platform after we display a cookie notice, you accept cookies and confirm that you are aware of them. You can configure your browser to refuse some or all cookies or to ask for your permission before accepting them. You can find information on how you can change your browser settings by visiting www.aboutcookies.org or www.allaboutcookies.org.
You can find more information about managing cookies here:
– Internet Explorer browser;– Google Chrome browser;
– Mozilla Firefox browser.
– Personal service (via the website balticdermatology.lt, by phone or e-mail) Conditions of legal processing, provided for by the GDPR: Art. 6 1 d. p. a, art. 9 2 d. a p.

Categories of data subjects: persons who apply to the Company.
Processed personal data: name, surname, contact data (telephone number, e-mail address), and other data that the natural person himself wishes to provide when applying to the Company via the website www.balticdermatology.lt, by phone or e-mail
Storage term: data is deleted when a person’s application to the Company is examined. Data processing: personal data can only be used by responsible employees.
Categories of data recipients: data is not provided to anyone.

Staff Management

Conditions of legal processing provided for by GDPR: Art. 6. 1 d. p. a, b, and c, Art. 9 2 d. pp. a, b, and h. Processed personal data and categories of data subjects:
personal data of applicants for positions: name, surname, personal photo, contact data (telephone number, e-mail address, address, education, information about work in other workplaces, other data, which the person provides in his resume.
personal data of former employees: name, surname, personal identification number, contact data (telephone number, e-mail address) and other data that the natural person himself provided to the Company.
personal data of employees: name, surname, personal code, contact data (telephone number, e-mail address), and other data that the natural person wishes to provide to the Company. With the exception of personal data processed for the purposes of the selection of applicants, unnecessary personal data is destroyed after the end of the selection procedure for a vacant position s.
Data management and security: personal data can only be used by responsible employees.
Categories of data recipients: state institutions (e.g., tax inspectorate, state social insurance fund board), personal data are not transferred to third countries or international organizations.

Accounting management

Conditions of legal processing provided by GDPR: Art. 6. 1 d. p. a, b, and c, Art. 9 2 d. p. a, b and h.
Processed personal data: settlement, payment data, any other information specified in the payment order.
Categories of data subjects: Persons who issue payment orders to the Company or to whom the Company issues payment orders .
Storage term: personal data is stored within the terms established by legal acts

Data processing: personal data can only be used by responsible employees authorized to handle accounting.
Categories of data recipients: data is provided only to those data recipients who are entitled to receive this data by law or other legal acts (lawyers, bailiffs, tax inspectorate, etc.), personal data are not transferred to third countries or international organizations.

DATA PROCESSORS

The Company, following the provisions of the General Data Protection Regulation, has the right to use data processors. A personal data processing contract is concluded with them, taking into account the requirements of the aforementioned regulation. Data processors cannot be used without the Company’s consent.
The Company uses data processors only in cases where such personal data processing operations cannot be carried out by itself, i.e.:
Companies performing maintenance of IT systems.
These service providers undertake data processing procedures on behalf of the Company and only according to the Company’s instructions. Third parties that process personal data are selected carefully and in accordance with applicable data protection legislation.
Under certain circumstances, the Company’s external service providers may be granted access to your personal data, but only for the specified data processing purposes. According to the contracts, such third parties are obliged to ensure that their data protection level is at least equivalent to that ensured by the Company and required by the applicable legal acts. All data processed on behalf of the Company remains under the control of the Company. Compliance with the Company’s instructions, data protection levels, and contractual obligations concluded with the data processor is constantly monitored.

DATA SUBJECT RIGHTS AND THEIR IMPLEMENTATION

The Company will implement the rights of the data subjects without undue delay, but in any case, no later than one month after receiving the request, it will provide the data subject with information about the actions taken upon receiving the request. The Company may extend the one month for another two months, depending on the complexity and number of requests, but in any case, the Company will inform you of such an extension within one month of receiving the request and will also indicate the reasons for the delay.
General data for you the protection regulation ensures the rights of the data subject. At any time, after the Company has properly verified your identity, you have the right to:

· be informed about data processing

The Company will provide you with all information that you have the right to receive and which is not specified in this personal data protection policy, for example: if any, recipients of personal data, the periods of personal data storage, or, if this is not possible, the criteria used to determine that period; the right to request that the Company allow access to the data subject’s personal data and correct or delete them, or limit data processing, or the right to object to data processing, as well as the right to data portability; whether the provision of personal data is a legal or contractual requirement, etc.

· get to know the processed data

The Company will confirm to you whether personal data related to you are being processed and if such personal data is being processed, it will provide all the necessary information: the purposes of data processing; categories of relevant personal data; data recipients or categories of data recipients to whom personal data has been or will be disclosed; the periods of personal data storage or, if not possible, the criteria for determining that period; the right to request the data controller to correct or delete personal data or to limit the processing of personal data related to the data subject or to object to such processing; when personal data is not collected from the data subject, all information about its sources is available. The Company will provide a copy of the processed personal data. When the data subject submits the request electronically, the information is provided in a commonly used electronic form.

· demand correction of data

The data subject has the right to demand from the Company that it immediately correct inaccurate personal data without undue delay. Depending on the purposes for which the data were processed, the data subject has the right to demand that incomplete personal data be supplemented.

· demand deletion of data (“right to be forgotten”)

If there is a basis (for example, the personal data is no longer necessary to achieve the purposes for which it was collected, etc.), you can request that your personal data be deleted.

· restrict data processing

You can request to limit the processing of your data if it meets the criteria defined in the General Data Protection Regulation; for example, the Company no longer needs your personal data for data processing purposes, but you need them in order to defend legal claims; You dispute the accuracy of the data for the period during which the Company can verify the accuracy of the personal data, etc.

· to data portability

In cases where the Company processes your personal data by automated means with your consent or based on a contract with the Company, you have the right to receive the personal data you have provided in a structured and computer-readable format and forward them to another data controller, and the Company will not create obstacles to this. You have the right for the Company to transfer your personal data to another data controller when this is technically possible.

· disagree

You have the right to object at any time to your personal data being processed when such data processing is carried out to achieve the legitimate interests of the Company, except when the Company processes the data for reasons that are superior to the interests, rights, and freedoms of the data subject, or in order to defend legal claims .
When personal data is processed for direct marketing purposes, the data subject has the right to object at any time to further data processing for marketing purposes. If you object to data processing for direct marketing purposes, the Company will no longer process your personal data for such purposes.
It should be noted that The Company does not currently use automated decision-making.
To exercise any of the rights listed in this section, you can contact the Company using the contacts below. Notwithstanding any other remedies, you also have the right to complain to the supervisory authorities at any time.

PERSONAL DATA SECURITY VIOLATIONS

The company notify the State Data Protection Inspectorate of a breach of personal data security, except when such a breach will not endanger the rights and freedoms of individuals. If, due to the nature of the violation and the seriousness of the risk, there would be a significant threat to the rights and freedoms of natural persons, the Company must also notify you, as the data subject, about the violation. Violations are reported in accordance with the procedure established by the General Data Protection Regulation.
In the notification, the subjects should provide in clear and simple language (when sending a message by e-mail, SMS, mail, etc.):
a description of the nature of the violation;
contact details of the data protection officer;
description of the likely consequences of the breach;
description of the measures taken by the Company to eliminate the breach;
other information that the Company considers should be provided to the data subject.
If submitting a notification would require a disproportionately large amount of effort, the Company will instead publicly announce the breach on its website. . ; immediately after the violation, the Company took measures to ensure that the rights and freedoms of individuals could no longer be in serious danger; it would require a disproportionate amount of effort with many individuals. In this case, the violation is made public.

DATA SECURITY

The company protects your personal data very carefully using appropriate data protection measures. They include active and reactive risk management, periodic software updates,
use of “firewalls” and anti-virus programs, access control, and security systems controlled granting and supervision of access/user rights, ensuring skills in the organization of personnel involved in personal data processing training, as well as in the assessment and selection of data processors. Paper documents are kept under lock and key on-premises with access control and other security measures. Persons working with personal data are bound by confidentiality obligations set forth in legal acts, internal regulatory acts of the data controller, and/or confidentiality agreements. Data is backed up. The company is constantly updating its internal practices.

FINAL PROVISIONS

This personal data protection policy is also the records of the Company’s processing activities.
The Company is constantly developing and improving its activities, therefore, the Company has the right to change this data protection policy at any time in accordance with applicable laws and other legal acts. All changes are immediately published on the Company’s website.
This personal data protection policy is reviewed periodically, but at least once every two years.
If you have any questions about the processing of your data or questions about your rights, please get in touch with our data protection officer:
Tel. + 370 646 55054
E-mail Mail. info@balticdermatology.lt