Privacy policy
1. What does this Privacy Policy mean?
In this privacy policy (hereinafter referred to as the “Privacy Policy“), we provide you with information about how UAB Valakupiu plastines chirurgijos klinika (hereinafter referred to as the “Clinic“), processes your personal data obtained: when the Clinic provides you with health care services; when the Clinic carries out the marketing of medical devices; in order to perform contracts concluded between the Clinic and legal entities; in order to promote the Clinic’s awareness; when you visit the Clinic’s website or the Clinic’s social media accounts; when you make enquiries; etc. All the following persons whose data is processed by the Clinic are referred to as Data Subjects.
2. About the Clinic
The Clinic means UAB “Valakupiu plastines chirurgijos klinika”, legal entity code 300017892, address Svajoniu g. 48, LT – 10100 Vilnius, Republic of Lithuania, the data about the Clinic is collected and stored in the Register of Legal Entities of the Republic of Lithuania. The contact e-mail address for personal data protection issues is [email protected].
3. What is personal data?
Personal data is any information collected by the Clinic about a Data Subject that can be used to identify the Data Subject and is stored electronically or otherwise.
Personal data includes any information, including the Data Subject’s name, address, telephone number, health information, etc., which the Clinic collects about the Data Subject for the purposes set out in this Privacy Policy or in the Data Subject’s individual consent or agreement with the Clinic.
4. Processing of personal data in the course of registration for a visit to the Clinic
Categories of data subjects | Legal basis for data processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Registering a person for a visit to the Clinic | |||||
Persons who register for a visit | Article 6 (1)(a) BDAR (consent) | Name, surname, date of birth, age, email, phone number, special category (health) data (as much as the person chooses to provide). | None | IT administrators and suppliers | Until the start of the registered visit |
Representatives of the persons who register for the visit | Article 6(1)(c) BDAR (legal obligation) | Name, surname, email, phone number, contact person (basis of representation) | None | IT administrators and suppliers | Until the start of the registered visit |
5. Provision of health care services
Categories of data subjects | Legal basis for data processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Provision of health care services | |||||
Patients | BDAR Article 6(1)(a) {consent), (b) {agreement), (c) {contract}, BDAR Article 9(2)(a) {consent), (h) {provision of health care services}. | Name, surname, contact details {telephone number, email address, residential address}, special category data {healthcare services provided, laboratory tests, diagnoses, specialist visits, photographs, medication prescribed, description of the patient’s condition, health questionnaire, medical history, etc. }, other data related to payment for health care services provided (bank account number, price of health care services provided, date of payment, information on cash receipt, etc.). | Data controller supervisory authority), other companies/institutions providing health care services | IT administrators and suppliers, accounting company | Personal data shall be stored within the time limits specified in the Ministry of Health of the Republic of Lithuania Order No. 515 of 29 November 1999. |
Patient representatives | Article 6(1)(c) BDAR (legal obligation) | Name, surname, email, phone number, relationship to the person (basis of representation), other data related to payment for healthcare services provided (bank account number, cost of healthcare services provided, date of payment, information on the cash receipt, etc.). | Supervisory authority of the data controller), other companies/institutions providing health care services | IT administrators and suppliers, accounting company | Personal data shall be stored within the time limits specified in the Ministry of Health of the Republic of Lithuania Order No 515 of 29 November 1999. |
6. Marketing of medical devices
Categories of data subjects | Legal basis for data processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Marketing of medical devices | |||||
Employee of the buyer | Article 6(1)(f) BDAR (legitimate interest in respect of the counterparty’s employees) | Name, surname, e-mail address, telephone number, content of the meeting | Legal person | None | 10 years from the completion of the specific order/end of the contractual relationship |
Patient | Article 6(1)(f) BDAR (legitimate interest) | Name, surname, age, date of birth, image, special category data (health services provided, diagnosis, etc.) | Legal person | None | 10 years from the completion of the specific order/end of the contractual relationship |
7. Increasing the visibility and marketing of the clinic, publicising patient feedback
Categories of data subjects | Legal basis for data processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Increasing the clinic’s visibility and marketing, publicising patient feedback | |||||
Persons who have agreed to to have his or her personal data made public by the company |
Article 6(1)(a) BDAR {consent) |
Name, surname, testimonial about healthcare services provided, other information the person chooses to disclose, email address, signature, date of consent. | www.vitkusclinic.com website visitors | Website administrator | 5 years from receipt of consent |
8. Direct marketing
Categories of data subjects | Legal basis for data processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Direct marketing (service offers, reminders to visit the Clinic, etc.) | |||||
Persons who have consented to direct marketing on their behalf | Article 6(1)(a) BDAR (consent) |
Name, surname, email address, phone number. | None | Supplier of marketing services | Personal data is stored for 2 years after consent is given |
9. Video surveillance for the protection of property and persons
Categories of data subjects | Legal basis for processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Video surveillance for the protection of property and persons | |||||
Persons entering the video surveillance field | Article 6(1)(f) BDAR (legitimate interest) | Personal image data (image) | None | Supplier of video surveillance equipment | 14 calendar days after the creation of the video |
10. Selection of candidates
Categories of data subjects | Legal basis for processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Selection of candidates | |||||
Candidates | BDAR Article 6(1)(a) (consent), (f) (person making the recommendation) | Name, surname, contact details (e-mail, telephone number), preferred position, work experience (workplace, position, contact person/recommendation person), education, and any other details provided in the CV, letter of application or motivation letter | None | None | 3 days after the award of the contract to the successful candidate or the adoption of the decision to terminate the selection process, unless a separate consent is given for the retention of the candidate’s personal data for the period specified in the consent. |
11. Drawing up and executing the Clinic’s contracts with legal entities and natural persons.
Categories of data subjects | Legal basis for processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Drawing up and executing contracts with legal entities and natural persons | |||||
Employees of the legal entity of the counterparty | Article 6(1)(f) BDAR (legitimate interest at the expense of the contractor’s employees), Article 6(1)(b) BDAR (contract at the expense of the employee) | Name, surname, e-mail address, telephone number, content of the communication | Supplier legal person | None | 10 years after expiry of the contract |
Counterparty | Article 6(1)(b) BDAR (contract) | Name, surname, personal identification number, contact details (telephone number, e-mail), individual activity number, bank account details, other information specified in the contract with the natural person | None | None | 10 years after expiry of the contract |
12. Protecting legitimate interests
Categories of data subjects | Legal basis for processing (Article 6 BDAR) | Categories of personal data | Data recipients (controllers) | Data recipients (processors) | Data storage, deletion periods |
---|---|---|---|---|---|
Protecting rights and interests | |||||
Other party to the dispute, employees of the disputing party | Article 6(1)(f) BDAR (legitimate interest) | Name, surname, position, date, circumstances of the dispute, other information relevant to the dispute | Law enforcement authorities, lawyers, courts, bailiffs | None | 5 years from the date of entry into force of the judgment |
13. Contact us
There are several ways you can contact the Clinic: by phone, email. We receive, review and respond to all enquiries ourselves. If you contact us, we may process the data you provide to us, i.e. name, surname, email address, telephone number, the content of the enquiry (information you choose to provide to us).
Such data will be processed in order to answer your questions and to process your suggestions. If you do not provide your contact details, we will not be able to contact you and respond to you.
The personal data provided will be stored for 1 year from the date of receipt of the enquiry and/or request, with the exception of information for which other time limits have been set in this Privacy Policy or in the legal acts for storage.
Any personal data you provide when you communicate with us is used only for the purposes set out above.
Please note that we may need to contact you by post, email or telephone. Therefore, please notify us of any changes to your personal data.
14. Website
Our website www.vitkusclinic.com uses cookies. A cookie is a small text file which we place on your browser or hard drive of your computer with your consent. We use different cookies for different purposes. Cookies also help us to distinguish you from other users of the website, thus ensuring a more pleasant experience and allowing us to improve the website.
By clicking the “I accept” button, you confirm your agreement to the Cookie Policy used on this website. Most browsers allow you to reject all cookies, and some browsers only allow you to reject cookies for the third party. So you can take advantage of these options. However, please note that blocking all cookies will have a negative impact on the use of the website and without cookies you will not be able to use all the services provided on the website. For more information please visit AllAboutCookies.org or www.google.com/privacy_ads.html.
We may use the following cookies:
Cookie name | Purpose of processing | Motivation of the cookie (necessary, analytical, functional, commercial) | Period of validity |
---|---|---|---|
pll_language | To store language settings | Functional | Persistent |
wordpress_test_cookie | To read if cookies can be placed | Functional | Browsing session |
_ga | This cookie is set by ,,Google Analytics”. The cookie collects information about the user’s behaviour on the website and is used to store statistical information. | Analytical | 2 years |
_ga_* | To store and count pageviews. | Statistics | 1 year |
hjSessionUser* | To store a unique user ID | Statistics | 1 year |
hjSession* | To provide functions across pages. | Statistics | Session |
ar_debug | Store and track conversions | Statistics | 1 month |
ANONCHK | To provide functions across pages. | Marketing | At least one session |
CLID | Identifies the first-time Clarity saw this user on any site using Clarity. | Statistics | 1 year |
MR | This cookie is used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronise the ID across many different Microsoft domains to enable user tracking. | Statistics | 7 days |
MUID | To store and track visits across websites | Marketing | 1 year |
SM | Used in synchronizing the MUID across Microsoft domains. | Statistics | 1 year |
SRM_B | This cookie identifies unique web browsers visiting Microsoft sites. These cookies are used for advertising, site analytics, and other operational purposes. | Marketing | 1 year |
_clck | To store a unique user ID | Marketing | 1 year |
_clsk | To store and combine pageviews by a user into a single session recording | Statistics | 1 day |
_fbp | To store and track visits across websites | Marketing | 3 months |
Website functionionality cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. These cookies are mandatory and can be refused only by not using the website.
Visitor statistics cookies
We use cookies to compile visitor statistics, such as how many people have visited our website, what type of technology they use (for example, Mac or Windows, which helps to identify when our site does not work as it should for certain technologies), how long they spend on the site, what page they look at etc. This helps us to continually improve our website.
These cookies let us monitor website using such tools as “GoogleAnalytics”. It is a tool provided by “Google”, that helps website owners measure how users interact with website content. It helps to collect data for the analysis like when, how long, how many times the user visited the website etc.
These so-called “analytics” programs also tell us if how people reached this site (e.g. from a search engine) and whether they have been here before helping us put more money into developing our services for you instead of marketing spend.
Marketing cookies
These cookies collect information for remarketing purposes based on user behavior, such as pages visited or search phrases used. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Our cookies help us:
- Make our website work as you’d expect;
- Remember your settings during and between visits;
- Improve the security of the site
- Continuously improve our website for you
We do not use cookies to:
- Collect any personally identifiable information (without your express permission);
- Collect any sensitive information (without your express permission)
- Pass personally identifiable data to third parties
How long is your personal data kept?
Anonymous visitor statistics cookies are stored for 2 years from the last use.
Granting us permission to use cookies
If the settings on your software that you are using to view this website (your browser) are adjusted to accept cookies we take this, and your consent to use cookies means that you are fine with this. Should you wish to remove or not use cookies from our site you can learn how to do this below, however doing so will likely mean that our site will not work as you would expect.
Turning cookies off
You can usually switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing so however will likely limit the functionality of our’s and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
15. Social media
The information you provide to us via social media (including notifications, use of the “Like” and “Follow” fields, and other communications) is controlled by the operator of the social network.
Our website contains links to our social media accounts. We currently have an account on Facebook – “VitkusClinic”.
We process the information contained in our accounts for the purpose of administering our accounts on the basis of your consent.
We recommend that you read the privacy notices of the third parties and contact the service providers directly if you have any questions about their use of your personal data.
16. Receipt and disclosure of data
We receive your data from you, your legal representatives, your devices, our employees, banks and our contractors.
We may disclose information about you to our employees, service providers such as IT professionals, website administrators, etc., if reasonably necessary for the purposes set out in this Privacy Policy, as well as to banks and other recipients specified in the Policy.
In addition, we may disclose information about you:
- if we are required to do so by law;
- in the event of a proposed sale of the Clinic’s business (shares) or part of its assets by disclosing your personal data to a potential buyer of the business (shares) or part of it;
- the sale of the Clinic’s business (shares) or a substantial part of its assets to a third party.
Except as provided in this Privacy Policy, we do not provide your personal data to any third parties.
The recipients or categories of recipients listed in the Privacy Policy may change, so we recommend that you check the Privacy Policy regularly for any changes.
17. Security of your personal data
Your personal data will be processed in accordance with the requirements set out in the General Data Protection Regulation (EU) 2016/679, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts. When processing your personal data, we implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful deletion, alteration, disclosure, as well as against any other unlawful processing.
18. Your rights
In this section we provide information about your rights in relation to our processing of your personal data and when you can exercise these rights.
The Clinic will provide you with information about the steps it will take to implement your rights without undue delay, but at the latest within 1 (one) month of receiving your request.
Depending on the complexity of the claim and the number of claims received, the above deadline may be extended by a further 2 (two) months. In this case, we will inform you within 1 (one) month of receipt of the request of such extension and the reasons for it. The Clinic will only refuse to enforce your rights in the cases provided for by law.
19. The right to access your personal data
We want you to fully understand how we use your personal data and not to experience any inconvenience as a result. You can contact us at any time to enquire whether we are processing any of your personal data. If we store or use your personal data in any way, you have the right to see it. To do so, please make a written request to us at the email address set out in this Privacy Policy, provide us with proof of your identity, and observe the principles of fairness and reasonableness when making such a request.
19.1. Right to withdraw consent
If you have given us your explicit consent to the processing of your data, you may withdraw it at any time. You can provide us with information about the withdrawal of your consent by sending us an email at the email address specified in this Privacy Policy.
19.2. Additional rights
Please find below information about additional rights that you may have, which you can exercise by following the procedure described below.
- You have the right to ask us to correct any inaccuracies in the data we hold. In this case, we may ask you to confirm the corrected information.
- You have the right to ask us to erase your personal data. This right shall be exercised in the cases provided for in Article 17 of the General Data Protection Regulation (EU) 2016/679.
- You have the right to ask us to restrict or not to process your personal data:
- For the period necessary to verify the accuracy of your personal data when you make a data accuracy claim;
- When our collection, storage or use of your personal data is unlawful, but you choose not to request erasure;
- When we no longer need your personal data, but you need it to establish, exercise or defend a legal claim;
- The period necessary to determine whether we have an overriding legal basis to continue processing your personal data if you have given up your right to oppose the processing of your personal data.
- You have the right to the transfer of data processed by automated means and which we have received from you with your consent or for the purposes of concluding a contract. If you choose to make use of this right, we will transfer a copy of the data you have provided to us upon your request.
- You have the right to object to our use of your personal data in accordance with Article 21 of the BDAR. You have the right to object when your personal data is processed on the basis of legitimate interest (each of the purposes for which the data is processed is indicated above) or for direct marketing purposes.
19.3. The right to request further information
We hope that you will understand that it is very difficult to discuss all the ways in which personal data may be collected and used. We endeavour to provide as clear and comprehensive information as possible and we undertake to update this Privacy Policy as and when the use of personal data changes.
However, if you have any questions about the use of your personal data, we will be happy to answer them or provide any additional information that we may disclose. If you have any specific questions or if you do not understand the information provided, please contact us.
20. Complaints
If you believe that your rights as a Data Subject have been and/or may be violated, please contact us immediately at the email address provided in this Privacy Policy. We assure you that only upon receipt of your complaint we will contact you within a reasonable period of time to inform you of the progress of the investigation of the complaint and subsequently of the outcome.
If you are not satisfied with the outcome of the investigation, you may lodge a complaint with the supervisory authority, the State Data Protection Inspectorate (www.vdai.lrv.lt).
21. Responsibility
You are responsible for the confidentiality of the data you provide to us and for ensuring that the data you provide to us is accurate, correct and complete. If the data you have provided changes, you must inform us immediately by email. Under no circumstances will we be liable for any damage caused to you as a result of you providing incorrect or incomplete personal data or failing to inform us of any changes to such data.
22. Changes to the Privacy Policy
We may update or change this Privacy Policy at any time. You can always find the current version of this Privacy Policy on our website www.vitkusclinic.com.
Privacy Policy last updated on 05-12-2022.