Privacy policy

1. What does this Privacy Policy mean?

In this privacy policy (hereinafter referred to as the “Privacy Policy“), we provide you with information about how UAB Valakupiu plastines chirurgijos klinika (hereinafter referred to as the “Clinic“), processes your personal data obtained: when the Clinic provides you with health care services; when the Clinic carries out the marketing of medical devices; in order to perform contracts concluded between the Clinic and legal entities; in order to promote the Clinic’s awareness; when you visit the Clinic’s website or the Clinic’s social media accounts; when you make enquiries; etc. All the following persons whose data is processed by the Clinic are referred to as Data Subjects.

2. About the Clinic

The Clinic means UAB “Valakupiu plastines chirurgijos klinika”, legal entity code 300017892, address Svajoniu g. 48, LT – 10100 Vilnius, Republic of Lithuania, the data about the Clinic is collected and stored in the Register of Legal Entities of the Republic of Lithuania. The contact e-mail address for personal data protection issues is [email protected].

3. What is personal data?

Personal data is any information collected by the Clinic about a Data Subject that can be used to identify the Data Subject and is stored electronically or otherwise.

Personal data includes any information, including the Data Subject’s name, address, telephone number, health information, etc., which the Clinic collects about the Data Subject for the purposes set out in this Privacy Policy or in the Data Subject’s individual consent or agreement with the Clinic.

4. Processing of personal data in the course of registration for a visit to the Clinic

Categories of data subjects Legal basis for data processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Registering a person for a visit to the Clinic
Persons who register for a visit Article 6 (1)(a) BDAR (consent) Name, surname, date of birth, age, email, phone number, special category (health) data (as much as the person chooses to provide). None IT administrators and suppliers Until the start of the registered visit
Representatives of the persons who register for the visit Article 6(1)(c) BDAR (legal obligation) Name, surname, email, phone number, contact person (basis of representation) None IT administrators and suppliers Until the start of the registered visit

5. Provision of health care services

Categories of data subjects Legal basis for data processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Provision of health care services
Patients BDAR Article 6(1)(a) {consent), (b) {agreement), (c) {contract}, BDAR Article 9(2)(a) {consent), (h) {provision of health care services}. Name, surname, contact details {telephone number, email address, residential address}, special category data {healthcare services provided, laboratory tests, diagnoses, specialist visits, photographs, medication prescribed, description of the patient’s condition, health questionnaire, medical history, etc. }, other data related to payment for health care services provided (bank account number, price of health care services provided, date of payment, information on cash receipt, etc.). Data controller supervisory authority), other companies/institutions providing health care services IT administrators and suppliers, accounting company Personal data shall be stored within the time limits specified in the Ministry of Health of the Republic of Lithuania Order No. 515 of 29 November 1999.
Patient representatives Article 6(1)(c) BDAR (legal obligation) Name, surname, email, phone number, relationship to the person (basis of representation), other data related to payment for healthcare services provided (bank account number, cost of healthcare services provided, date of payment, information on the cash receipt, etc.). Supervisory authority of the data controller), other companies/institutions providing health care services IT administrators and suppliers, accounting company Personal data shall be stored within the time limits specified in the Ministry of Health of the Republic of Lithuania Order No 515 of 29 November 1999.

6. Marketing of medical devices

Categories of data subjects Legal basis for data processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Marketing of medical devices
Employee of the buyer Article 6(1)(f) BDAR (legitimate interest in respect of the counterparty’s employees) Name, surname, e-mail address, telephone number, content of the meeting Legal person None 10 years from the completion of the specific order/end of the contractual relationship
Patient Article 6(1)(f) BDAR (legitimate interest) Name, surname, age, date of birth, image, special category data (health services provided, diagnosis, etc.) Legal person None 10 years from the completion of the specific order/end of the contractual relationship

7. Increasing the visibility and marketing of the clinic, publicising patient feedback

Categories of data subjects Legal basis for data processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Increasing the clinic’s visibility and marketing, publicising patient feedback
Persons who have agreed to
to have his or her personal data made public by the company
Article 6(1)(a) BDAR
{consent)
Name, surname, testimonial about healthcare services provided, other information the person chooses to disclose, email address, signature, date of consent. www.vitkusclinic.com website visitors Website administrator 5 years from receipt of consent

8. Direct marketing

Categories of data subjects Legal basis for data processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Direct marketing (service offers, reminders to visit the Clinic, etc.)
Persons who have consented to direct marketing on their behalf Article 6(1)(a) BDAR
(consent)
Name, surname, email address, phone number. None Supplier of marketing services Personal data is stored for 2 years after consent is given

9. Video surveillance for the protection of property and persons

Categories of data subjects Legal basis for processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Video surveillance for the protection of property and persons
Persons entering the video surveillance field Article 6(1)(f) BDAR (legitimate interest) Personal image data (image) None Supplier of video surveillance equipment 14 calendar days after the creation of the video

10. Selection of candidates

Categories of data subjects Legal basis for processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Selection of candidates
Candidates BDAR Article 6(1)(a) (consent), (f) (person making the recommendation) Name, surname, contact details (e-mail, telephone number), preferred position, work experience (workplace, position, contact person/recommendation person), education, and any other details provided in the CV, letter of application or motivation letter None None 3 days after the award of the contract to the successful candidate or the adoption of the decision to terminate the selection process, unless a separate consent is given for the retention of the candidate’s personal data for the period specified in the consent.

11. Drawing up and executing the Clinic’s contracts with legal entities and natural persons.

Categories of data subjects Legal basis for processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Drawing up and executing contracts with legal entities and natural persons
Employees of the legal entity of the counterparty Article 6(1)(f) BDAR (legitimate interest at the expense of the contractor’s employees), Article 6(1)(b) BDAR (contract at the expense of the employee) Name, surname, e-mail address, telephone number, content of the communication Supplier legal person None 10 years after expiry of the contract
Counterparty Article 6(1)(b) BDAR (contract) Name, surname, personal identification number, contact details (telephone number, e-mail), individual activity number, bank account details, other information specified in the contract with the natural person None None 10 years after expiry of the contract

12. Protecting legitimate interests

Categories of data subjects Legal basis for processing (Article 6 BDAR) Categories of personal data Data recipients (controllers) Data recipients (processors) Data storage, deletion periods
Protecting rights and interests
Other party to the dispute, employees of the disputing party Article 6(1)(f) BDAR (legitimate interest) Name, surname, position, date, circumstances of the dispute, other information relevant to the dispute Law enforcement authorities, lawyers, courts, bailiffs None 5 years from the date of entry into force of the judgment

13. Contact us

There are several ways you can contact the Clinic: by phone, email. We receive, review and respond to all enquiries ourselves. If you contact us, we may process the data you provide to us, i.e. name, surname, email address, telephone number, the content of the enquiry (information you choose to provide to us).

Such data will be processed in order to answer your questions and to process your suggestions. If you do not provide your contact details, we will not be able to contact you and respond to you.

The personal data provided will be stored for 1 year from the date of receipt of the enquiry and/or request, with the exception of information for which other time limits have been set in this Privacy Policy or in the legal acts for storage.

Any personal data you provide when you communicate with us is used only for the purposes set out above.

Please note that we may need to contact you by post, email or telephone. Therefore, please notify us of any changes to your personal data.

14. Website

Our website www.vitkusclinic.com uses cookies. A cookie is a small file made up of letters and numbers which we place on your browser or hard drive of your computer with your consent. We use different cookies for different purposes. Cookies also help us to distinguish you from other users of the website, thus ensuring a more pleasant experience and allowing us to improve the website.

Most browsers allow you to reject all cookies, and some browsers only allow you to reject cookies for the third party. So you can take advantage of these options. However, please note that blocking all cookies will have a negative impact on the use of the website and without cookies you will not be able to use all the services provided on the website. for more information please visit AllAboutCookies.org or www.google.com/privacy_ads.html.

We may use the following cookies:

Cookie name Purpose of processing Motivation of the cookie (necessary, analytical, functional, commercial) Period of validity
_ga This cookie is set by ,,Google Analytics”. The cookie collects information about the user’s behaviour on the website and is used to store statistical information Analytical 2 years
_gid You can set a cookie with “Google Analytics”. The cookie collects information about the user’s behaviour on the website and is used to store statistical information Analytical 1 day
_gat Cookie used to manage enquiry traffic Analytical 1 year
_cookie_notice_accepted Stores the cookie consent status of the current domain user Required 1 year

15. Social media

The information you provide to us via social media (including notifications, use of the “Like” and “Follow” fields, and other communications) is controlled by the operator of the social network.

Our website contains links to our social media accounts. We currently have an account on Facebook – “VitkusClinic”.

We process the information contained in our accounts for the purpose of administering our accounts on the basis of your consent.

We recommend that you read the privacy notices of the third parties and contact the service providers directly if you have any questions about their use of your personal data.

16. Receipt and disclosure of data

We receive your data from you, your legal representatives, your devices, our employees, banks and our contractors.

We may disclose information about you to our employees, service providers such as IT professionals, website administrators, etc., if reasonably necessary for the purposes set out in this Privacy Policy, as well as to banks and other recipients specified in the Policy.

In addition, we may disclose information about you:

  • if we are required to do so by law;
  • in the event of a proposed sale of the Clinic’s business (shares) or part of its assets by disclosing your personal data to a potential buyer of the business (shares) or part of it;
  • the sale of the Clinic’s business (shares) or a substantial part of its assets to a third party.

Except as provided in this Privacy Policy, we do not provide your personal data to any third parties.

The recipients or categories of recipients listed in the Privacy Policy may change, so we recommend that you check the Privacy Policy regularly for any changes.

17. Security of your personal data

Your personal data will be processed in accordance with the requirements set out in the General Data Protection Regulation (EU) 2016/679, the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts. When processing your personal data, we implement organisational and technical measures to ensure the protection of personal data against accidental or unlawful deletion, alteration, disclosure, as well as against any other unlawful processing.

18. Your rights

In this section we provide information about your rights in relation to our processing of your personal data and when you can exercise these rights.

The Clinic will provide you with information about the steps it will take to implement your rights without undue delay, but at the latest within 1 (one) month of receiving your request.

Depending on the complexity of the claim and the number of claims received, the above deadline may be extended by a further 2 (two) months. In this case, we will inform you within 1 (one) month of receipt of the request of such extension and the reasons for it. The Clinic will only refuse to enforce your rights in the cases provided for by law.

19. The right to access your personal data

We want you to fully understand how we use your personal data and not to experience any inconvenience as a result. You can contact us at any time to enquire whether we are processing any of your personal data. If we store or use your personal data in any way, you have the right to see it. To do so, please make a written request to us at the email address set out in this Privacy Policy, provide us with proof of your identity, and observe the principles of fairness and reasonableness when making such a request.

19.1. Right to withdraw consent

If you have given us your explicit consent to the processing of your data, you may withdraw it at any time. You can provide us with information about the withdrawal of your consent by sending us an email at the email address specified in this Privacy Policy.

19.2. Additional rights

Please find below information about additional rights that you may have, which you can exercise by following the procedure described below.

  • You have the right to ask us to correct any inaccuracies in the data we hold. In this case, we may ask you to confirm the corrected information.
  • You have the right to ask us to erase your personal data. This right shall be exercised in the cases provided for in Article 17 of the General Data Protection Regulation (EU) 2016/679.
  • You have the right to ask us to restrict or not to process your personal data:
    • For the period necessary to verify the accuracy of your personal data when you make a data accuracy claim;
    • When our collection, storage or use of your personal data is unlawful, but you choose not to request erasure;
    • When we no longer need your personal data, but you need it to establish, exercise or defend a legal claim;
    • The period necessary to determine whether we have an overriding legal basis to continue processing your personal data if you have given up your right to oppose the processing of your personal data.
  • You have the right to the transfer of data processed by automated means and which we have received from you with your consent or for the purposes of concluding a contract. If you choose to make use of this right, we will transfer a copy of the data you have provided to us upon your request.
  • You have the right to object to our use of your personal data in accordance with Article 21 of the BDAR. You have the right to object when your personal data is processed on the basis of legitimate interest (each of the purposes for which the data is processed is indicated above) or for direct marketing purposes.

19.3. The right to request further information

We hope that you will understand that it is very difficult to discuss all the ways in which personal data may be collected and used. We endeavour to provide as clear and comprehensive information as possible and we undertake to update this Privacy Policy as and when the use of personal data changes.

However, if you have any questions about the use of your personal data, we will be happy to answer them or provide any additional information that we may disclose. If you have any specific questions or if you do not understand the information provided, please contact us.

20. Complaints

If you believe that your rights as a Data Subject have been and/or may be violated, please contact us immediately at the email address provided in this Privacy Policy. We assure you that only upon receipt of your complaint we will contact you within a reasonable period of time to inform you of the progress of the investigation of the complaint and subsequently of the outcome.

If you are not satisfied with the outcome of the investigation, you may lodge a complaint with the supervisory authority, the State Data Protection Inspectorate (www.vdai.lrv.lt).

21. Responsibility

You are responsible for the confidentiality of the data you provide to us and for ensuring that the data you provide to us is accurate, correct and complete. If the data you have provided changes, you must inform us immediately by email. Under no circumstances will we be liable for any damage caused to you as a result of you providing incorrect or incomplete personal data or failing to inform us of any changes to such data.

22. Changes to the Privacy Policy

We may update or change this Privacy Policy at any time. You can always find the current version of this Privacy Policy on our website www.vitkusclinic.com.

Privacy Policy last updated on 05-12-2022.