UAB „SB DANTŲ KLINIKA“ privacy policy

General provisions

UAB “SB DANTŲ KLINIKA“ (the “Company”) privacy policy (the “Privacy Policy”) sets out the basic principles and conditions under which the Company processes the personal data (“Personal Data”) of the Customers (“Customer” or “You”) when You visit the Company or use the Company’s website https://www.clinicdpc.lt (the “Website”).

Information regarding the processing of Personal Data may be provided in Customer Service Agreements and other documents related to the services provided by the Company. We comply with the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the protection of Personal Data, as well as the instructions of competent authorities.

Customer data controller – UAB “SB dantų klinika”, legal entity code 302430690, situated at Savanorių pr. 314A, LT-49452, Kaunas, Lithuania.

The Company has a designated data protection officer. If You have any questions, please contact us by email at [email protected], phone +37063200005.

WHAT PERSONAL DATA WE PROCESS

We collect, use and process Your data to provide You with services and fulfill our contractual obligations, as well as to pursue a legitimate interest, and carry out our instructions and duties in accordance with the law.

We collect:

  • Basic Personal Data describing You for the purposes listed above: name, surname, personal identification number, date of birth, age, contact details (address, e-mail address, telephone number), representative information (when You represent a minor), etc.;
  • Data about Your health, including the data that we generate through our services, health serveys, etc.;
  • Data collected through our Website or social accounts;
  • Video data captured by the Company’s CCTV equipment when You visit the Company’s premises;
  • Other data that is collected based on Your consent and defined in detail at the time You are asked for Your consent.

We receive Your Personal Data directly from You. We may also generate Your Data by providing services to You. By providing data to us, You are responsible for the accuracy, completeness, and accuracy of this Personal Data. We also collect and maintain information in the state registers or systems about You to the extent necessary for the provision of our services or the extent required by law.

When You visit our Website, we collect information that discloses the trends of Your personal use of a Website or automatically generated visit statistics. Google Analytics software (https://www.google.com/intl/en/analytics/) collects visitor IPs, tracks visit times, information about pages viewed, and records repeated visits with web cookies. By browsing the site, You agree that the Personal Data mentioned above will be processed for improvement of the site and statistical purposes.

In order to maintain the Website, the Website server may record the requests you make (the address of the website you are accessing, the device and browser you are using, your IP address and the time of access). We may use visitors’ IP addresses when necessary for the administration of the Website and for diagnosing malfunctions, as well as for the prevention of data security in the work of the Website server.

HOW DO WE USE YOUR INFORMATION?

The information we collect is used for these purposes:

  • For the purpose of providing dental and other related personal healthcare services;
  • Preregistration for the Company’s services through the Website (other electronic communication channels) or by telephone;
  • Investigating the complaints of patients under the Republic of Lithuania Law on the Rights of Patients and Compensation of the Damage to their Health;
  • Quality assurance of the services provided, administration of Customer requests, inquiries, referrals and customer feedback;
  • Financial affairs and bookkeeping, relations with insurance companies for debt management purposes;
  • Reminders of a visit and the need for periodic services; Direct Marketing* and Loyalty Program Implementations*;
  • Gift coupon sales and administration of their use*;

*You have the right to refuse or withdraw Your consent to process Your data for the above-mentioned purposes marked with an asterisk.

You have the right to change and update Your provided information.

Up-to-date information is crucial for the successful and efficient delivery of our services, so we may ask You to periodically confirm that the Company’s information on the entity is accurate.

TRANSFERING OF YOUR PERSONAL DATA

Your Personal Data may be transferred to third parties in the following cases:

  • Our partners, assisting us in the proper delivery of dental and other related personal health care services may require Your personal information. Partners will receive only as much of Your information as it is necessary to perform an assisting service. Learn more about our partners at https://www.clinicdpc.lt/partners/;
  • We provide The State Sickness Insurance Fund, SODRA, and other entities as required by the legislation of the Republic of Lithuania, with the mandatory or statutory information to ensure their proper functionality;
  • Debt collection companies to which claims on the Customer’s debt are assigned, courts, out-of-court dispute settlement entities, and bankruptcy administrators;
  • Third parties providing services related to the provision of the Company’s services, such as insurance companies paying for the customer’s services, etc.;

The Company shall act as a data processor when processing the Personal Data of Customers in relation to the provision of consumer credit services in cases where the Customer wishes to pay for the services provided by the Company with consumer credit funds. The data controller of such data is SB Lizingas UAB, legal entity code 234995490, e-mail address [email protected]. The Company acts on the basis of an agreement with this data controller.

TRANSMISSION OF PERSONAL DATA

If you use the Company’s social networking accounts, such as Facebook (https://www.facebook.com/clinicdpc/ ) and/or Instagram (https://www.instagram.com/clinicdpc/), your Personal Data is transferred to the providers of the tools used, such as. We use the tools used to access your personal data, such as those used by Google LLC, which provide data analytics services (where they receive personal data).





CUSTOMER PERSONAL DATA PROTECTION MEASURES

Your Personal Data is managed responsibly, securely and we take all the necessary measures to protect from loss, unauthorized use, and alteration. We have implemented physical and technical measures to protect all information we collect for the purpose of our services from accidental or unlawful destruction, damage, alteration, loss, disclosure, and any other unlawful handling. Personal data security measures shall be determined depending on the risks involved in the handling of personal data.

Personal Data is preserved for as long as is necessary for the purposes for which it was collected, but for no longer than 10 years (unless required by law to protect Personal Data for an extended period). Data is preserved for these purposes:

Provision of dental and other personal health care services The patient’s medical history is preserved for 15 years after the last visit. Information and details related to X-ray services are preserved for 25 years. Other Personal Data is preserved throughout provided health care services and for another 10 years until patient care is terminated.
Preregistration for the Company’s services through the Website (other electronic communication channels) or by telephone 6 months after registration.
Handling and investigating patient’s complaints under the Republic of Lithuania Law on the Rights of Patients and Compensation of the Damage to their Health For the entire period of investigation of the complaint and additional 10 years after its resolution.
Service quality assurance and administration of Customer requests, inquires, referrals, as well as Customer feedback For the entire referral period and 1 year after its final examination.
Management of financial operations, bookkeeping and relations with insurance companies for debt management purposes As long as it is required by the legislation governing these activities.
Reminder for a visit or the need for periodic services 2 years from the date of receipt of Consent.
Direct marketing and loyalty programs 2 years from the date of receipt of Consent.
Sale of gift coupons and administration of their use For the entire period of validity of the coupon and a year after its expiration.

DATA SUBJECT RIGHTS

The Data Subject whose Personal Data is handled by the Company has the following rights:

  • To know (be informed) about the processing of your data (right to know);
  • To know your data and how it is processed (right of access);
  • Request the rectification or, taking into account the purposes of the processing of Personal Data, the completion of incomplete Personal Data (right to rectification);
  • To request delete your data or the suspend the processing operations (except storage) (right to deletion and right to be forgotten);
  • Request the Company to restrict the processing of Personal Data on one of the legitimate grounds (the right of restrict);
  • The right to transfer data (the right to transfer). This right will only be exercised if there are grounds for exercising it and appropriate technical measures are taken to ensure that the transfer of the Personal Data requested will not harm the personal data of others.
  • The subject has a right to not consent to the handling and processing of Personal Data when such data is used for direct marketing, including profiling for direct marketing purposes.

If You do not wish to have Your Personal Data processed for direct marketing purposes, including profiling, You may opt-out by sending an email to [email protected] or contacting us by phone +37063200005 without having to disclose any reasons for Your refusal.

We may refuse to enforce Your rights, except the right to refuse the processing of Your Personal Data through direct marketing or in any other case where Personal Data is processed with your consent, as well as other cases, when it is required by law to prevent, investigate, and detect offenses, and protect the rights and freedoms of the data subject, the Company and others.

You may submit any request or instruction relating to the processing of your Personal Data to us by one of the following methods: by direct delivery to Savanorių pr. 314A, LT-49452 Kaunas, Lithuania. by email: [email protected]. When submitting such a request, we may ask you to fill out the appropriate forms to provide us a better understanding of the content of your request, as well as to provide us with an identity document or other information that will help us verify your identity. If You make your request by email, we may ask You to come to our headquarters or submit your request in writing.

After we receive your request or instructions regarding the handling of Your Personal Data, we will respond within one month about the fulfillment or refusal of your request. If necessary, this period may be extended by two additional months, taking into account the complexity and the number of requests. In that case, we will inform you of such an extension within one month of receiving your request.

If Your Personal Data is deleted by your request, we will only keep copies of the information necessary to protect the legitimate interests of the Company and others, to comply with the authorities obligations, resolve disputes, detect interferences or to comply with any agreements you have with us.

If you believe that we process your Personal Data unlawfully, you can always contact the State Data Protection Inspectorate on the website https://vdai.lrv.lt/ the indicated contacts. However, we will always seek to resolve all issues directly with you, therefore, we suggest that you first contact us (Our Data Protection Officer) using the contacts specified in this Privacy Policy.

TRANSMISSION OF INFORMATION

Once you have consented to delivery of any news by email and/or telephone number, You will receive information and updates about the services provided by the Company.

With your consent, you will also receive reminders for a visit and information about other periodic services by an email and/or telephone number

We will try not to abuse our right to send You information and updates about the services provided by the Company or remind you of visits and other periodic services, granted to us by your consent. We can collect the information about recipients of our news: which messages have been read, which links have been opened, etc. Such information is collected to improve the accuracy and relevancy of delivered information.

If your consent to receive news via email or SMS message, You may revoke such consent at any time by email and/or SMS. Without hesitation, but no later than in 5 business days, we will terminate your email and/or phone number, and transmission of information will cease.

Your email address and/or phone number may be shared with our partners/processors who provide us with newsletters or direct marketing services

THIRD-PARTY LINKS ON OUR WEBSITE

Our Website uses some third-party tools such as Google Analytics, Facebook, Instagram and these third parties may also use cookies through our Website. The Company is not responsible for the safety and privacy of information collected by such third parties. You must read the privacy statement applicable to third-party websites and services that you use.

For more information, please refer to the Company’s Cookie Policy https://www.clinicdpc.lt/cookie-policy/.

SELECTION OF CANDIDATE EMPLOYEES

The personal data of candidate employees is processed on the basis of the consent expressed by the candidate in his / her actions – by voluntarily submitting his / her CV and / or other documents to the Company. When the personal data of a candidate is processed for the purpose of conducting the selection for the job (s) and assessing the candidature, the Company considers the consent to process the personal data of the candidate to be obtained when the candidate in response to the announced vacancy (s) submits a CV (CV and / or other documents) to the Company.

The Company receives the candidate‘s personal data from the employees from the candidate himself / herself and does not provide his / her data to anyone.

The company will normally only contact candidates who meet the requirements of the published selection.

The Company does not accumulate a database of candidates for potential employees.

During the first job interview, the candidate will be provided with information on the processing of his / her Personal Data for the purpose of the selection for the job (s) and the assessment of the candidature. Personal data of candidates for employees are processed by the Company only for the purpose for which they were collected and only to the extent necessary to achieve the respective purpose. We process the following personal data about you for the purpose of selecting potential employees for the job (s) and assessing your candidacy:

forename, surname, data on place of residence (address), e-mail address, telephone number, information on work experience; information on education received and training, information technology and other competencies; other information that the candidate provides in the CV of the staff member, e.g., the name (s) of the current or former job (s), in the cover letter (if any) or in other application documents; information about what kind of job and in what city the person wants to work. Additional information provided by individuals (e.g., employer recommendation, competencies, etc.) if it is necessary in the recruitment process or if it is indistinguishable from the necessary information.

After the announcement of the selection, the CVs and personal data of the candidates are stored until the end of the selection process, and after the selection process and signing an employment contract with the selected candidate, the personal data of the remaining candidates are destroyed, except for 2-3 potential candidates whose data are stored for no more than 6 months at the end of the selection.

REGISTRATION OF PERSONS FOR THE IMPLEMENTATION OF COVID-19 DISEASE PREVENTION AND CONTROL MEASURES

We process your personal data in order to implement the measures for the prevention and control of the COVID-19 disease (coronavirus infection) established by the responsible authorities. In accordance with Decree No. 152 “On the Declaration of the State Emergency”, issued on February 26, 2020 by the Government of the Republic of Lithuania and Resolution no. V-1366 of the Minister of Health, issued on June 3, 2020 and Decision No. V-2862 of the Minister of Health of the Republic of Lithuania, issued December 08, 2020 and Order No. V-1504 (consolidated version from 11/11/2020) “On Approval of the Description of the Procedure for Organizing the Provision of Personal Health Care Services in the Event of a State-Level Emergency in the Territory of the Republic of Lithuania”, issued by the Minister of Health of the Republic of Lithuania on June 17, 2020 (the legal basis for data processing is our legal obligation). For this purpose, we register Clients who have arrived at the Company’s premises or are registered to receive the services provided by the Company.

For this purpose, when you register for entry or arrival at the Company, we will ask you to complete a Patient Epidemiological Questionnaire (the “Questionnaire”) in which we will collect the following Personal Data: name, date of visit / registration and interview method (i.e., by phone or in the Company), contact with a person with Covid-19 and other information related to the need to ensure measures to prevent and control coronavirus infection in the Company.

We will receive the above Personal Data from you when you complete the form provided. By submitting Personal Data, you confirm that the Personal Data is accurate and correct.

We will protect the Personal Data you provide during the completion of the form for 21 days from the date of your visit. Personal data may be stored longer if an instruction is received from state institutions (e.g., the Ministry of Health of the Republic of Lithuania, etc.) or the above-mentioned decision on the basis of which the personal data is collected or changed.

We will transfer your personal data to the National Centre for Public Health under the Ministry of Health for the epidemiological diagnosis of COVID-19 (coronavirus infection) if instructed to do so by public authorities.

CONTACT US

If you have any questions regarding the information contained in this Privacy Policy, please contact:

By mail: Savanorių pr. 314A, LT-49452 Kaunas

Phone: +370 632 00 005

By email: [email protected]

FINAL PROVISIONS

The Company has the right to unilaterally change the terms of the Privacy Policy. Changes shall be notified by the Company on the Website or by other customary means. Additions or changes to this Privacy Policy will be effective from the date they are posted, i.e. from the date on which they are posted on the Website or are otherwise notified unless another date is specified.

If the Customer uses the services after the change of the terms of the Privacy Policy, the Customer is deemed to have agreed to such a change of the terms.

Disputes between the Parties regarding the implementation of this Privacy Policy shall be resolved by negotiation. In the event of disagreement, it shall be settled in accordance with the procedure established by the laws of the Republic of Lithuania.

Last updated April 9, 2021.