1. General provisions
1.1. UAB SDC Klinika, registration number 304989582, Kalvarijų g. 128A-2, LT-08210 Vilnius (hereinafter referred to as the Company) processes personal data in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the GDPR), the Law on the Legal Protection of Personal Data of the Republic of Lithuania, as well as other legal acts regulating the processing and protection of personal data.
1.2. The Company respects the privacy of all individuals, including its clients, and is committed to ensuring the security of your personal data when using the Company’s services or visiting the Company’s website.
1.3. This Privacy policy sets out the Company’s policy on the collection, processing, and storage of personal data.
1.4. The terms used in this Privacy policy correspond to the definitions in the GDPR and the Law on the Legal Protection of Personal Data of the Republic of Lithuania.
1.5. By using the Company’s services and/or browsing the Company’s website, you agree to the processing of your personal data in accordance with this Privacy policy.
1.6. The Company may periodically amend this Privacy policy in accordance with changes in the GDPR or other legal acts, the scope of the Company’s services, and other circumstances.
2. Key principles of personal data processing
2.1. When collecting and processing your personal data entrusted to the Company, the Company adheres to the following key principles:
2.1.1. Your personal data is processed lawfully and fairly.
2.1.2. Your personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner incompatible with those purposes.
2.1.3. Your personal data is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
2.1.4. The processed personal data is accurate and, if necessary, kept up to date.
2.1.5. Your personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
2.1.6. Your personal data is processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
3. Processing of your personal data
3.1. You warrant that you will provide accurate and truthful personal data and will not provide the personal data of third parties.
3.2. The Company operates as a dental clinic. You have the right to contact the Company by email at [email protected] or at the registered address to obtain information about the processing of your personal data.
3.3. The Company processes personal data for the following purposes:
3.3.1. Provision of dental services, registration of individuals for appointments, and their service.
3.3.2. Video surveillance for property and security purposes.
3.3.3. Recruitment for vacant positions at the Company.
3.3.4. Marketing activities.
3.4. With your consent, the Company may process personal data for other purposes.
3.5. The Company uses cookies on its website. By using cookies, the Company may collect information about the number of website visitors, your actions on the website (such as the information you are looking for), and your geographical location. If you do not agree to the placement of cookies on your computer or other device, you can change your internet browser settings to disable/enable all or certain cookies.
3.6. For the purposes of providing dental services, registering individuals for appointments, and providing service, the following personal data may be processed: name, surname, personal identification number, date of birth, email address, phone number, passport or identity card number, residential address.
3.7. For video surveillance purposes, the following personal data may be processed: recorded images of individuals.
3.8. For recruitment purposes, the following personal data may be processed: name, surname, personal identification number, date of birth, email address, phone number, passport or identity card number, residential address, information about education and work experience.
3.9. For marketing purposes, the following personal data may be processed: name, surname, email address, phone number, your actions on the Company’s website (such as the information you are looking for), and your geographical location.
3.10. For the purposes of providing dental services, registering individuals for appointments, and providing service, the Company will keep your personal data for as long as required by applicable laws (e.g., the Order of the Minister of Health of the Republic of Lithuania of 29 November 1999 on the accounting and reporting procedure for healthcare institutions, etc.). In cases where the storage periods for personal data are not determined by law, the Company will keep your personal data for no longer than 2 years from the date of receipt, unless otherwise specified in this Privacy policy.
4. Video surveillance
4.1. Video surveillance is conducted for property and personal security purposes.
4.2. Video surveillance is conducted in areas where dental chairs, the reception desk, corridors, and parking spaces are located.
4.3. Recorded video footage is stored for a period of 1 month from the date of creation, unless the video footage needs to be stored for a longer period due to specific circumstances (e.g., evidence of criminal activity, legal disputes with clients, etc.).
4.4. The Company would like to note that the main purpose of installing video cameras is not to film clients, but to allow the Company’s staff to monitor individuals entering the dental clinic in real time, ensure compliance with legal requirements, and provide appropriate services, as well as to protect the Company’s assets and the safety of its staff and clients.
5. Your rights and their exercise
5.1. You have the following rights as established by the GDPR:
5.1.1. To be informed about the processing of your personal data.
5.1.2. To access your personal data being processed.
5.1.3. To withdraw your consent for the processing of personal data.
5.1.4. To request rectification of inaccurate personal data concerning you.
5.1.5. To request erasure of personal data concerning you (“right to be forgotten”).
5.1.6. To restrict the processing of personal data.
5.1.7. To receive personal data concerning you in a structured, commonly used, and machine-readable format.
5.1.8. To object to the processing of personal data.
5.1.9. To lodge a complaint with the State Data Protection Inspectorate regarding the potential unlawful processing of your personal data or a possible breach of data protection.
5.2. In order for the Company to fulfill your rights as described above, you must submit a written request to the Company in a manner that allows us to identify you, i.e., the request must be signed by you and accompanied by a copy of your identity document or you can confirm your identity in accordance with the procedures established by law using electronic communication means that allow for proper identification. The Company will review the submitted requests no later than 1 month from the date of receipt.
6. Data security
6.1. The Company implements appropriate technical and organizational measures to ensure the security of your personal data against accidental or unlawful destruction, alteration, or disclosure.
6.2. Employees of the Company who have the right to process personal data or organize and ensure its protection must comply with this Privacy policy and the legal acts regulating the legal protection of personal data.
6.3. In the event of a personal data security breach, the Company shall notify the State Data Protection Inspectorate of such breach no later than 72 hours after becoming aware of it.
6.4. In cases where a personal data security breach may pose a high risk to the rights and freedoms of individuals, the Company shall promptly notify the affected individuals by email.
7. Contact information
7.1. For any inquiries regarding this Privacy policy, you can contact the Company using the following details:
UAB SDC Klinika
Registration number: 304989582
Registered address: Kalvarijų g. 128A-2, LT-08210 Vilnius
Tel: +370 696 66247
Email: [email protected]