Privacy rules and personal data

We, the Company of Medical SPA “Eglės sanatorija”, which is a joint stock company (hereinafter referred to as Medical SPA “Eglės sanatorija”/We), acknowledge that protection of the personal data is important to you – our clients, and We undertake to respect and protect the privacy and personal data of each data subject.

What is personal data?

Personal data means any information relating to a natural person (data subject) whose identity is known or may be directly/indirectly identified using the relevant data, such as the name, surname, identity number, address, telephone number, etc. In order to fulfil our obligations to you as our client, we need some of your personal data. Medical SPA “Eglės sanatorija” undertakes to collect and manage your personal data only if the data are necessary to achieve a specific, defined and legitimate purpose, and to the extent necessary.

What is the purpose of collecting (processing) personal data?

We collect personal information of the clients to provide rehabilitation and accommodation services, and performs related activities such as procedure provision, lodging for the night and catering.

We may need your personal data for the following purposes:

  • direct marketing, including offers, promotions, discounts;
  • personnel, client or property security (for video surveillance);
  • recording of telephone conversations for assessment of the quality of service.
  • Medical SPA “Eglės sanatorija” is a company registered in the State Register of Personal Data Managers (registration code P7150) and has the status of a personal data manager. For more information see:

Legal basis for processing of personal data

For the purpose of personal data management, Medical SPA “Eglės sanatorija” follows the personal data processing requirements established by the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts related to the protection of personal data, and from 25 May 2018 onwards – the General Data Protection Regulation (Regulation (EU) 2016/67 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data).

Medical SPA “Eglės sanatorija” collects and performs further processing of your personal data only on legitimate grounds in order to provide you with rehabilitation and accommodation services.

Personal data may also be processed with your consent, for example, with a purpose of direct marketing. Consent must be clearly expressed, voluntary, and comprehensible, and contain information regarding the purpose of use of the data. The consent to processing personal data may be revoked simply and free of charge.

Collection of personal data

Medical SPA “Eglės sanatorija” receives personal data from the data subjects themselves, from such partners as Territorial Patient Funds, and the governing Board of the Social Insurance Fund (SODRA) with whom cooperation, service provision, and other contracts have been concluded.

Who are entitled to receive your data from us?

Medical SPA “Eglės sanatorija” is committed to confidentiality when handling personal data. Such obligation arises from the provisions of the Civil Code of the Republic of Lithuania, and the Law on Legal Protection of Personal Data of the Republic of Lithuania. The information may be disclosed to other parties if necessary for the conclusion or performance of the contract or for other legitimate reasons. Information may also be provided to other parties at your request and with your consent.

We may provide your data to processors (subcontractors) who provide us with services (carry out work) and process your data on behalf of us as the data manager. Data managers have the right to process personal data only in accordance with our instructions and to the extent necessary for the proper performance of the contractual obligations. By hiring subcontractors, we take all necessary measures to ensure that our processors also implement appropriate organizational and technical security measures and maintain the confidentiality of personal data. We provide a sample (non-exhaustive) list of entities to which the personal data may be provided to:

  • territorial patient funds that process data for the purpose of paying for health care services;
  • insurance companies that process data for the purpose of paying for services provided;
  • partners with whom cooperation, service provision, and other contracts are concluded;
  • information technology companies that process data to ensure the creation, development and maintenance of information systems;
  • state authorities that can acquire your data from us in response to requests from a court or public authority, however, to the extent necessary to properly implement the legislation.

How long do we store your data?

The collected personal data are stored in printed documents and in our information systems. We store your personal data during a period provided for by law or in accordance with the provisions of the processing aims provided that they contain a longer storage period. Personal data are usually stored as long as reasonable claims can arise from the contractual relationship. Personal data that is no longer needed is destroyed.

We attempt not to keep outdated or unnecessary information, and ensure that personal information and other client information is kept updated and correct.

In addition, we store the information so that we can provide you with the necessary information in order you obtain a proper history of our relationship with you, and we can answer any questions related to your cooperation with us.

How do we protect your data?

It is very important for us to ensure the security of your personal data. In the process of managing your personal data, we implement particular organizational and technical security measures that give possibility to protect personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful processing. Furthermore, our security ensuring activities include testation of personnel, information, IT infrastructure, including periodic “intrusion” into internal networks and database testing as well as protection of buildings and technical facilities.

What are your rights?

You have the right to:

  • receive information about your personal data including from where and how personal data is collected and how we handle it;
  • contact us with a request to correct your personal data, stop processing it, and destroy if the data is incorrect, not provided in full or inaccurate or if it is no longer necessary for the purpose for which it was collected. In this case, you should submit an application upon receipt of which we will verify the information provided and take appropriate actions. It is very important for us to have your personal data accurately collected;
  • contact us with a request to destroy your personal data or stop processing it with the exception of the request to stop storing of the personal data. The data may be no longer stored only if after you have read your personal data you conclude that your personal data is stored illegally or fraudulently;
  • disagree with the processing of your personal data when these data are processed or intended to be processed for direct marketing purposes or legitimate interest pursued by Medical SPA “Eglės sanatorija” or any third party to whom personal data are provided;
  • withdraw at any time the consent given for the data processing related to direct marketing purposes;
  • since the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data) entered into force on 25 May 2018, you are also entitled to data portability and the right to delete data (“the right to be forgotten”) or ask for a restriction on data processing.
  • If you have any questions regarding personal data processing or related suggestions, please contact us in order to discuss them.

What are cookies?

Cookies comprise of the bits of text and are placed on the user computer or other device by websites that are browsed. Depending on the browser, the data are stored either in small individual files or in a shared file of cookies stored on various websites. Cookies are used by most advanced websites in Lithuania and abroad. Cookies can only be transmitted if there is such an option provided by your device settings.

How can you contact us?

You can contact us on all data processing issues in the following ways:

Coming to Druskininkai administration office at the address: Eglės Str. 1, Druskininkai

Coming to Birštonas administration office at the address: Algirdo Str. 22, Birštonas

By e-mail:


To contact the Data Protection Officer:

E-mail address:, tel. (8 694) 87 785

Postal address: Algirdo g. 22, 59204 Birštonas.

The letter should be addressed: Data Protection Officer of Medical SPA “Eglės sanatorija”, JSC


Requisites of the Company as the data manager:

Medical SPA “Eglės sanatorija”, JSC

Legal entity code: 152038626

Address of headquarters: Eglės Str. 1, 66251 Druskininkai, the Republic of Lithuania

Tel. (8 313) 60 222, e-mail