KAUNAS IMPLANTOLOGY CENTER UAB
PRIVACY POLICY

1. GENERAL TERMS AND CONDITIONS

1.1. This Kaunas Implantology Center UAB Privacy Policy (hereinafter referred to as Privacy Policy) regulates the main Patient’s personal data collecting, processing and storing principles in Kaunas Implantology Center UAB (hereinafter referred to as Clinics) website www.kicklinika.lt (hereinafter referred to as Website) and social networking sites (Facebook, Instagram, etc.) as well as the procedures when using the Website or other applications possessed by the Clinics, including enquiries, comments or sending other information using the forms provided in the Website or other applications (Facebook, Instagram, etc.) possessed by the Clinics or by email. This Privacy Policy ensures compliance with and implementation of General Data Protection Regulation, the Law on the Legal Protection of Personal data of the Republic of Lithuania and other legislation regulating the processing of personal data.

1.2. Privacy Policy can be accessed any time on the website www.kicklinika.lt or upon arrival to the Clinics, address Kalniečių g. 247, Kaunas.

1.3. The aim of the Privacy Policy is to provide the main technical and organizational measures for the processing personal data, data subject rights and data security implementation.

1.4. All staff members working at the Clinics (hereinafter referred to as Clinics Staff) are obliged to follow the Privacy Policy when they handle any personal data at the Clinics or discover that in the course of their duties. Also, any third party is introduced to this Privacy Policy if due to the peculiarities of their activities they are inevitably exposed to the data (IT network administrators, etc.)

1.5. Definitions:
1.5.1. data controller is Kaunas Implantology Center UAB;
1.5.2. data processor is a legal or natural person that a data controller concludes the cooperation agreement with regarding personal data processing;
1.5.3. data user is any employee of the data controller, who are specified in this Privacy Policy and have the right to use personal data for the intended functions. Where further specific data protection requirements for data users are set out in the text below, the data user is understood to be a specific employee who has the right to use personal data for the performance of his or her job functions;
1.5.4. data processing means any act performed on personal data: collecting, recording, accumulating, storing, classifying, grouping, merging, modifying (adding or editing), providing, publishing, using, logic and / or arithmetic operations, search, dissemination, destruction or other action or set of actions;
1.5.5. data subject is a Patient or other visitor of the Website, the personal data of whom is managed by the data controller;

1.6 The terms used in this Privacy Policy are understood as they are defined in the Law on the Legal Protection of Personal Data of the Republic of Lithuania and other legal acts.

1.7 The Privacy Policy is based on:
1.7.1 The General Data Protection Regulation;
1.7.2 The Law on the Legal Protection of Personal Data of the Republic of Lithuania;
1.7.3 General requirements for organizational and technical data security measures approved by Director of the State Data Protection Inspectorate on November 12, 2008 by order No. T71 (Official Gazette, 2008, No. 1355298);
1.7.4 Other legislation regulating the protection of personal data and the right to collect personal data.
1.7.5 Cookies
1.7.5.1 Cookies are files containing small amounts of information, which a computer or another device download when a person visit a website.
1.7.5.2 Use of cookies provides information about your browsing on our site, which helps provide relevant information and improve the website and its content. Cookies and the data contained therein will not be used for any other purpose and will not be forwarded to third parties.
1.7.5.3 A person can delete or block cookies by choosing the appropriate settings in their browser to allow all or part of the cookie to be discarded. Please note that using browser settings that block cookies (including required cookies), a person may encounter problems using all or a part of the website’s features.
1.7.5.4 The website uses the Google Analytics tool, which collects information about your IP address, visit time, duration, viewed internal pages of the Website, and actions taken on them (such as button clicks or form validations). The cookie generated information about your actions on the Website is transferred and stored on Google servers located in the USA. This information is used to report usage statistics for a Website without personally identifying individual visitors.
1.7.5.5 The Website uses plugins of a social networking site facebook.com. This network is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (Facebook). Our Website has no influence on the volume of data collected by this Facebook plugin. For more information about the data collected and used by Facebook, related rights and privacy protections, see Facebook privacy notices.
1.7.5.6 Cookies, the term they are valid for and their purpose of use.

Cookies Valid for Purpose Is the Cookie compulsory?
gdpr 1 year This cookie stores the visitor interaction information with the elements

falling within the scope of the BDAR (GDPR)

Yes
catAccCookies 30 days This cookie is used by WordPress plugin, which remembers the fact that

the user agreed to use cookies.

Yes
_icl_current_language 1 year This cookie is used to save a user’s selected language Yes
_ga, _gid 1 year These cookies are used to collect statistical information about the traffic

on the Website within the system of Google Analytics

No

1.7.5.7 Cookies can be changed and updated.

2. THE MAIN PRINCIPLES AND OBJECTIVES FOR PERSONAL DATA PROCESSING

2.1. Upon performing the functions and processing personal data at the Clinic, the following principles for the processing of personal data are observed:
2.1.1. personal data is collected for specified and legitimate purposes and processed in a manner consistent with those purposes;
2.1.2. the collection and processing of personal data is subject to the principles of expediency and proportionality; there is no requirement for data subjects to provide data that is not necessary; surplus data is not accumulated and unmanaged;
2.1.3. personal data is processed accurately, honestly and lawfully;
2.1.4. personal data must be accurate and constantly updated if necessary for the purpose of personal data processing. Inaccurate or incomplete data is corrected, supplemented, destroyed or its processing stopped;
2.1.5. personal data shall be stored in such a way that the identity of the data subjects can be determined for no longer than is necessary for the purposes for which the data was collected and processed.

2.2. Personal data in the Clinic are collected only in accordance with the procedure laid down in the legal acts, receiving them directly from the data subject, formally requesting on the basis of information processing and having the right to provide it entities and contracts.

2.3. Personal data is stored for no longer than what the data management purposes require. Where personal data is no longer required for the purpose of their processing, they shall be destroyed, except those to be transferred to the Clinic’s archives in the cases specified by law.

2.4. The Clinic ensures that all relevant information is provided to the data subject in a clear and comprehensible manner.

2.5. In the cases and according to the procedure established by law, the Clinic may provide personal data processed by it to the third parties.

2.6. The protection of personal data against accidental or unlawful destruction, alteration, disclosure, as well as any other unlawful handling is ensured through the implementation of appropriate organizational and technical measures. The premises where the collected data is stored is physically protected from access by unauthorized persons.

2.7. Personal data shall be protected from unauthorized access through computer networks.

2.8. Compliance with the principles of personal data processing is ensured by the Director of the Clinic by taking appropriate organizational measures (orders, instructions, recommendations).

2.9. The purposes of personal data processing are as follows:
2.9.1. internal administration (consultation or registration for consultation / treatment, etc.), provision of high-quality health services.
2.9.2. Comments and tutorials for the promotional purposes.

2.10. With the aim of achieving the purpose of the data processing laid down in Clause 2.9.1., the following personal data are processed:
2.10.1. Non-sensitive personal data:
2.10.1.1. First name, last name;
2.10.1.2. Date of birth;
2.10.1.3. Email address, telephone number and/or other contact information.

2.11. With the aim of achieving the purpose of the data processing laid down in Clause 2.9.2., the following personal data are processed:
2.11.1. Non-sensitive personal data:
2.11.1.1. First name, last name;

2.12. All Clinic staff or third parties involved in personal data processing are familiar with this Privacy Policy and are liable for its compliance.

2.13. Services provided by the Website can be used by:
2.13.1. any competent natural person over 18 years old;
2.13.2. legal persons;
2.13.3. authorized representatives of all the above persons.

2.14. Personal data shall be stored and processed as follows:
2.14.1. After registration to procedures and after providing procedures, according to the terms specified in the Personal Data Processing Rules, which are presented to the Patient during the first visit to the Clinic.
2.14.2. For the purpose of administering electronic queries, they are kept for 2 months, the comments and the information provided with them, for marketing purposes and administration of comments, are kept indefinitely.

2.15. Upon the above deadlines, your Personal Data will be destroyed automatically.

2.16. The Clinic reserves the right to store data for an unlimited period if it has been used in the course of an unlawful act or identity theft or any other violation that has been or will be investigated by the relevant law enforcement authorities if the Clinic has received any complaints related to the person or in case of other legitimate purposes to store personal data.

2.17. The Clinic collects, uses or transmits Personal Data only on the basis of consent or to the extent necessary on the basis of special individual cases (e.g. answering queries, coordinating and approving the time of the appointment, etc.) in order to ensure the quality of service provision.

3. RIGHTS OF THE DATA SUBJECT

3.1. The data subject has the right, in an easy manner and at reasonable intervals, to get acquainted with his personal data in the Clinic and to obtain information on which sources and what his personal data are collected, for which purpose they are processed and for whom they are provided. This includes the right of the data subject to access his or her health data, for example, to receive medical record statements containing information such as diagnosis, results of tests, conclusions from medical doctors and prescribed treatment or intervention. The clinic, upon receiving the written request from the data subject, within 15 working days from the date of receiving the request from the data subject, shall submit the requested data in writing or indicate the reason for refusing to satisfy such a request.

3.2. If the data subject, having become aware of his or her personal data, finds that they are incorrect, incomplete or inaccurate, he/she shall contact the Clinic (in writing, orally or in another form that allows to clearly identify the identity of the applicant). Clinic staff are required to verify and immediately correct any incorrect, incomplete or inaccurate personal data.

3.3. Adjustment and correction, updating and deletion of personal data to the extent permitted by legislation of the Republic of Lithuania and the EU and technical possibilities are performed with the consent or request of the data subject.

3.4. In case of any questions regarding the Privacy Policy of Kaunas Implantology Center UAB or the protection of personal data, the data subject has the right to apply for an explanation by e-mail. info@kicklinika.lt or at the Clinic at Kalniečių g. 247-39, Kaunas.

4. PROVISIONS ON PERSONAL DATA SECURITY

4.1. The clinic implements appropriate organizational and technical measures to protect personal data from accidental or unlawful destruction, alteration, disclosure, and any other unlawful handling.

4.2. Staff who perform personal data processing functions and who have access to personal data that is processed by the Clinic, shall be familiarized with the Privacy Policy in writing.

4.3. The Clinic’s staff must observe the confidentiality principle and keep confidential any information related to personal data they have acquired in the course of their duties, unless such information is made public in accordance with applicable laws and regulations.

4.4. Staff performing personal data processing functions shall, in order to prevent accidental or unlawful destruction, alteration, disclosure and any other unauthorized handling of personal data, keep documents and data files in an appropriate and safe manner and avoid unnecessary duplication. Copies of the Clinic’s documents containing personal data must be destroyed in such a way that they cannot be reproduced and their contents cannot be recognized.

5. AMENDMENT TO PRIVACY POLICY

5.1. The clinic has the right to unilaterally amend all or part of the Privacy Policy by notifying it on the website www.kicklinika.lt

5.2. If you do not consent to the new edition of Privacy Policy, you are entitled to contact the Clinic on info@kicklinika.lt or upon arrival at the Clinic at Kalniečių g. 247, Kaunas.

5.3. The supplements and amendments to the Privacy Policy come into effect from the date of their publication, i.e. y from the day they are placed on the Website www.kicklinika.lt.