GDPR
Last updated date: 2024-10-14PRIVACY POLICY OF “EGLĖS SANATORIJA” UAB
We, “Eglės sanatorija” UAB (hereinafter – Medical SPA or We) acknowledge that personal data protection is important for You – our clients, and We undertake to respect and protect the privacy and personal data of every data subject. This privacy policy is drawn up in accordance with the Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – GDPR), Law of the Republic of Lithuania on Legal Protection of Personal Data and other legislation that protects Your information that we collect, use, and store in our enterprise.
This privacy policy will answer the most important questions about for what purposes, on what legal grounds, and what Your personal data we process, how we collect, use, and store it, as well as find the information on Your rights as a data subject.
If any questions arise, we are always ready to help.
You can reach us at:
“Eglės sanatorija” UAB
Company registration number: 152038626
Address: Eglės g. 1, Druskininkai
Tel.: +370 313 60221
E-mail: office@sanatorija.lt
Data protection officer appointed by the Medical SPA
Tomas Revuckas
IT specialist
Address: Eglės g. 1, Druskininkai
Tel.: +370 694 87 785
E-mail: dap@sanatorija.lt
Data protection officer shall provide information about the processing of personal data in the Medical SPA.
PERSONAL DATA PROCESSED BY THE MEDICAL SPA AND LEGAL GROUNDS FOR THE PROCESSING THEREOF
We inform you that you may get a better understanding of what specific personal data of yours we process, for how long and how we process it, in each privacy policy separately. Currently, these privacy policies are in effect at the Medical SPA:
In effort to manage, improve, and optimise our Website and its user experience, in order to understand browsing trends, our user desires, and in effort to improve the website functionality, We collect, use, and store the information about Your browsing through our internet website. We process this data on the grounds of your consent (Annex 1).
On the grounds of your consent, we process the information about Your use of our internet website by employing cookies and similar technology (Annex 2).
To assess candidate suitability for specific positions and their employment, we process the personal data of candidates for vacancies, which includes all the information provided in resumes. We process this data on the grounds of your consent (Annex 3).
- Employee privacy policy –
We, in performance of the obligations established by labour and social law, on the grounds of entering into and performing an employment contract, and in consideration of our legitimate interests and with the employee consent, process the personal data of our employees (Annex 4).
To enter into and perform an internship contract, we process the personal data of interns (students) (Annex 5).
In effort to foster our partner relations, procure items, services, or works, and in effort to enter into and perform contracts with item vendors, service providers, or contractors for work, we process the personal data provided by their representatives. We process this data for the purposes of the performance of the contract (Annex 6).
The Medical SPA processes the personal data of the patients/clients on the grounds of entering into a service provision contract or of a clearly given consent of the patient/client, or by considering its own legitimate interests. (Annex 7).
If you are not our client or patient, on the grounds of Your consent we process Your personal data for communication purposes, which You shall provide to Us by submitting enquiries via e-mail (Annex 8).
In effort to ensure the safety of our employees, our patients/clients, and Our and Your property, we do video surveillance of the territory and premises of the Medical SPA (Annex 9).
For the purposes of quality assessment of the services provided and dispute negotiation, We record the phone call conversations (Annex 10)
For the purposes of direct marketing and implementing its loyalty programme, on the grounds of your freely given consent, the Medical SPA processes the personal data provided by You (Annex 11).
Currently, we have set up accounts on these social media: “Facebook”, “Instagram”, “Linkedin”. We recommend to get familiar with the privacy policies of third parties by directly contacing the service providers if any questions were to arise regarding their use of Your data.
Currently, our clients may book our services via these internet websites: booking.com, „Noriu noriu noriu“, „Gera dovana“, „Laisvalaikio dovanos“, „Beta“ „Grupinis“, „Makaliaus Lietuva“, „Dovanų sala“, „Kelionių akademija“, „Novaturas“. We recommend to get familiar with the privacy policies of these websites by directly contacting the service providers if any questions were to arise regarding their use of Your data.
THE ORIGIN OF THE PERSONAL DATA PROCESSED
Where do We receive Your personal data from:
- You directly (when you buy our services, register for procedures or other our services, submit a request, lodge a complaint, etc.);
- Your representative (necessary documentation proving the grounds of representation);
- The data of You that we already have and process for other purposes;
- Visual and audio recording devices;
- State authorities (for example, state registers, information systems), telecommunication service companies, publicly available sources, or persons who may provide important information.
TO WHOM DO WE TRANSFER YOUR DATA
Your data may be transferred when it is necessary to do to perform our legal obligations, as well as when it is required to protect the vital interests of you or other physical persons.
Your data may also be transferred to other data controllers or processors, but in doing so we always take all the necessary measures to ensure that those data processors would have implemented the proper organisational and technical safety measures.
Your personal data is not transferred to the countries outside of the European Economic Area, but if it were to happen that it would be required to transfer Your data to the said countries, we will take all the measures mandated by law in order to ensure the safety of Your personal data.
IMPLEMENTATION OF DATA SUBJECT RIGHTS
We inform that You, as a data subject, under the legal acts of data protection and if you were to submit a written request, may exercise these rights of a data subject:
- The right to access the information about data processing;
- The right to access the data;
- The right to rectification or having incomplete data completed;
- The right to erasure (“right to be forgotten”) or to suspend the processing activities (except storing);
- The right to limit the processing;
- The right to data portability;
- The right to object the data processing;
- The right to lodge a complaint with the State Data Protection Inspectorate.
- The right to access the information about data processing – you are entitled to receive our confirmation whether we process Your data, and if we do, to provide information about what data we do process.
- The rights to access the personal data and the information about how they are processed – You are entitled to receive the information about what personal data of Yours we process, the data sources, the purposes of the processing, data transfer recipients, storing terms (You may request us to provide the copies of Your personal data processed, except when it would infringe on the rights and freedoms of other persons);
- The right to rectification or, considering the purposes of the processing, to have incomplete data completed;
- The rights to request the erasure of data (“right to be forgotten”) or suspend the data processing (except storing) – You may demand erasure of the data if the data is no longer necessary for the purposes they were previously processed, or when you withdraw Your consent and the data had been processed only on the grounds of Your consent, or you object to the data processing, or when the data is processed with the purposes of direct marketing, or unlawfully. It is important to note that you will not be able to exercise this right when the data processing is essential: in effort to exercise the rights to freedom of expression and information; or in compliance with our legal obligations established by law, that require us to process the data; or when the data is processed for the reasons of public interest in the area of public health; or for the archiving purposes for the good of public interest, for scientific or historical research, statistics; or in effort to state, perform, or protect the legal interests.
- You can exercise the right to demand the data processing to be restricted in the following cases: when you contest the data accuracy (before we evaluate the accuracy of your data); when the data is processed unlawfully and you do not wish for their erasure; when we no longer require Your data but You require them for the establishment, exercise or defence of legal claims; when you object to the processing on the grounds of public or lawful interest, before the assessment of how justified is your objection.
- The right to data portability – You are entitled to receive the data provided to us, inasmuch as the legal grounds for our processing is Your consent or performance of the contract, in a structured, commonly used, machine-readable format. You can demand Us to transmit Your personal data in our possession to another data controller where technically feasible. The exercising of this right cannot adversely affect the rights and freedoms of others.
- The right to object the data processing – when We process Your data for the purposes of public interests or on the grounds of legitimate interest, we will not process Your data without Your consent, unless we were to demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. Whenever your data is processed for the purposes of direct marketing, and you express an objection to it, Your data will not be processed on these grounds. Whenever Your data is processed on the grounds of Your given consent, you may withdraw your consent at any time.
- The right to lodge a complaint with the data protection authority – if you suspect that by processing Your personal data we violate the legal acts regulating personal data protection, you may lodge a complaint with the State Data Protection Inspectorate (Address: L. Sapiegos g. 17, 10312 Vilnius, Tel. (8 5) 271 2804, 279 1445, E-mail ada@ada.lt).
To exercise the rights granted to You by GDPR, You may contact the Medical SPA with a written request under the procedure laid down in the Procedures for the Exercise of the Rights of the Data Subjects. To exercise Your rights as a data subject, we will have to verify Your identity. Without the verification of Your identity, it will not be possible to establish whether the person contacting is genuinely that person whose data is being processed, thus failing to exercise Your rights. For that reason, we will not exercise the rights of the data subject via telephone but before the exercise thereof will require the present an identity verifying document or its copy.
- The requests concerning the questions about the processing of your data can be submitted to the Medical SPA by arriving thereto in person. The address of the Medical SPA: Eglės g. 1, Druskininkai;
- Via mail or other persons offering the services of mail delivery or delivery of other shipments, to the following address: Eglės g. 1, Druskininkai;
- via e-mail address: dap@sanatorija.lt.
We also inform you that there is a possibility that your request to exercise the rights will be denied consideration or you may be asked to pay the respective fee if the request were to be evidently unjustified or excessive and also in other such cases established by law.