SIA Urolit, reg.nr. 40203352230, Strautu iela 13, Vētras, Mārupe (hereinafter – ĀI) is the Controller of personal data, which fulfills the requirements set forth in legal acts regarding the processing and protection of personal data held by the institution.
The purpose of the privacy policy is to ensure privacy rights and freedoms of natural persons, transparency and control of personal data processing processes, data integrity and availability to data subjects. With this policy, we inform patients, clients, cooperation partners and staff about the measures implemented in the institution to ensure the protection of personal data. We inform data subjects about their rights and obligations.
In this document, the concept of personal data is understood as any information directly or indirectly attributable to a natural person (“data subject”). The term “processing” is understood as any activity or set of activities performed with or without automated means with personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or transformation, retrieval, viewing, use, disclosure, transmission, distribution or otherwise making available, matching or combining, restriction, erasure or destruction.
This Privacy Policy fully applies to every data subject whose personal data is processed by AI as a controller.
AI is also a personal data processor for the data of natural persons that AI processes on behalf of other personal data controllers. AI is the data processor for personal data included in the unified electronic information system of the health sector (e-health) of the National Health Service and the “Management Information System” payment system for health care services. Regarding the processing of the data mentioned here, AI fulfills the duties of the data processor, while the duties of the Controller are performed by the manager of each specific data processing system. Therefore, this policy only applies within the scope of the obligations imposed on the processor.
About personal data collected and processed
This policy applies to all types of personal data processed by the medical facility. Personal data in a medical institution can be in paper and electronic form, including in the form of e-mail correspondence, in the form of photo, video and audio recordings, including as recordings of telephone conversations, in the form of biological material.
AI, as a manager, ensures that personal data is stored securely and that the principle of confidentiality is respected at work. The institution ensures the interests of the data subject, honest and legal processing of personal data only in accordance with the intended purpose and to the extent necessary for it.
The medical institution obtains and processes the patients’ personal data in the patients’ medical and other documents, which are necessary for the provision of healthcare services. They may contain the following information:
- the person’s first and last name, personal code, address, e-mail address, phone number, age, gender, profession, qualification, education, information about the patient’s representative and contact information for emergencies;
- information about the patient’s contacts with the practice, including calls and electronically sent notifications, as well as about visits to the practice;
- medical records and opinions about the patient’s state of health, information about the treatment and care performed, which are usually collected in the patient’s outpatient card, but may also be contained in separate documents;
- results of various laboratory and diagnostic examinations;
- such information from other providers of health care packages or from the patient’s relatives that provide information about the patient’s treatment needs;
- personal data, the acquisition and processing of which is determined by mandatory legal norms;
- personal data, the processing of which is necessary to ensure essential public interests, for example, to prevent criminal offenses or risks related to the protection of children or other adults.
The legal basis for the processing of personal data is defined in legal acts, such as the Patient Rights Act, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and by which repeals Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation) and other regulatory acts in force in the Republic of Latvia, which regulate the protection of personal data and private life.
Personal data of patients is obtained and processed with the aim of providing a full-fledged, high-quality and timely health care service. Processing of patients’ personal data takes place on the basis of Article 6, Clause 1, subparagraphs b) and c) of the Regulation and Article 9, Clause 2, subparagraphs c) and h) of the Regulation.
The medical institution acquires and processes the personal data of the staff of the medical institution in order to ensure the measures necessary for the establishment and implementation of employment legal relations. The processing of personal data of personnel takes place in accordance with legal acts and the employment contract