The Data Protection policy of ''Baltic Medical Destinations'' (BMD) 

The personal data controller is ''Baltic Medical Destinations'', Registration No. 40203187902, Address: Dubultu prospekts 84 - 1, Jūrmala, Latvia; Tel. +371 28 314 369; e-mail info@balticmedicaldestinations.eu; website: https://www.balticmedicaldestinations.eu/. BMD will take whatever measures are necessary to ensure client’s data is protected within BMD and it third party service providers.

Your trust and privacy are important for us!

• This Privacy Policy has been created to provide you (our client) with simple, clear and understandable information on your rights, the purpose and amount of data we require,  and to explain how we protect your data during its processing and utilization term.
• We wish to provide you with the highest quality services and individualized approach to provide you with personalised offers. We carry out secure and transparent processing of your personal data. In this Privacy Policy, personal data is considered any information which may be used to identify you.
• We implement appropriate measures to ensure that your personal data is secure and that processing of your personal data takes place in accordance with relevant data protection laws, and our internal policies, guidelines and procedures.
• We have appointed a data processing specialist whose task is to supervise and ensure that we observe requirements, guidelines and procedures in the legal framework of data protection.
• This Privacy Policy allows you to find out what data we may obtain about you and for how long we will use this data, and will provide information about your rights and how you can communicate with us.
• In the case of any improvements of this Privacy Policy, all changes will be published on this website. The latest version of the Privacy Policy will always be available to you.

Why do we process your data?

• We process your data so that you receive the highest quality healthcare services according to your choice, necessity, referral, agreements and requirements of regulatory agencies.
• medical service providers that we work with carry out video surveillance and process your personal data when you visit their facilities for your personal safety, and for the safety of their employees, customers and property. Video surveillance is done according to strict safety and privacy conditions using modern technology and equipment.
• We want to inform you about news and issues that are related to our services and could be of interest to you. E-mail messages are sent only upon with you consent. If you want to receive news, you have to indicate it on our website or by completing an application form. When receiving an e-mail message with news from us, you will always receive a link with an option to opt out of receipt of this news. Upon selecting this option, your e-mail address will be deleted from our database and you will no longer receive this information.
• We save and register all incoming and outgoing correspondence in order to ensure the observation of our legitimate interests and/or performance of contractual liabilities.
• Our website https://www.balticmedicaldestinations.eu/ uses cookies. By using cookies, the data on website use history is processed, problems and deficiencies in the website functioning are diagnosed, statistics on user habits are compiled, and the full-fledged and convenient use of the website is ensured. If you don't want to allow using of cookies, you may disable cookies by changing the settings of your web browser. In such cases, using of our website may be difficult. Deletion of saved cookies can be done in the settings section of your web browser deleting the history of saved cookies.
• If we process personal data for purposes you are not informed in this Policy, we will inform you separately on the individual conditions of such data processing.

What data do we process?

• Categories of processed personal data depend on services provided to you.
• When you receive healthcare services, according to requirements of regulatory agencies, we are obliged to process your identifying information and information that certifies the diagnosis, substantiates examinations and treatment methods, as well as precisely reflects the treatment results. In order to fulfil the healthcare services provision objective, we may process the broadest possible amount of personal data, which includes - name, surname, personal identity number, passport information, contact information, lifestyle, information on past diseases, information on received and receivable healthcare services (at which doctor, how often, what services are chosen) and other information which the respective healthcare specialist will select and record in the medical documentation the specific situation.
• When you visit the facilities of medical service providers that we work with, your video image and the time you attend may be processed. Video surveillance is not done in premises where you may expect increased privacy, and informative stickers are provided in places, where video surveillance is done.
• When you contact us, the communication content may be saved, which can include, for example, e-mail address and phone number.
• We process the data on website use history, using online identifiers, as well as information left by you intentionally, for example, your assessment on the quality of our services.

What is the legal basis for processing of your data?

• Data processing is carried out for the purpose of providing healthcare and other related services. Data processing is necessary for provide you with qualitative healthcare services and complete contractual obligations. It may also be necessary for the assessment of work performed by medical professionals, and for ensuring the management of medical diagnosis, healthcare or medical treatment, or healthcare systems and services. In certain cases, we may process personal data to ensure compliance with our and third party legitimate interests.
• Data processing through video surveillance is implemented with a purpose to prevent or detect criminal offences in relation to protection of personal and property protection, ensure the highest quality standards of customer service, protection of legal interests of persons and protection of vital interests of persons, including life and health.
• Data processing may be carried out to ensure compliance with our and third party legitimate interests, for example, to investigate your complaints or obtain evidence in the case of possible complaints.
• Saving and recording of received and sent correspondence is carried out to conclude a contract with you or fulfil it, to perform our legal obligations, as well as in the cases, when such processing is required for ensuring compliance with our and third-party legitimate interests.
• We carry out analysis of history of visits of our website and social network accounts if such processing is necessary for ensuring compliance with our and third-party legitimate interests.

From where do we obtain personal data?

• We compile your personal data from information provided by yourself before the receipt of any services, in the course of providing services or after receipt of services, when you visit our medical providers (video surveillance) and our website (while applying for receipt of our news), and also when your data is sent to us by any other medical treatment institution or doctor on your behalf.

To whom do we transfer your personal data to?

• Law enforcement authorities, courts or other public and local government authorities, if such transfer arises from regulatory requirements, and the respective authorities are eligible to receive the requested information, if such information has been specifically requested.
• Third parties within the framework of concluded contracts in order to perform any function required for the performance of a contract (for example, to a third party medical services provider, in the case of an insurance contract, for implementation of legitimate interests of the data controller, other medical treatment institution, observing the preconditions specified in the Law on the Rights of Patients), or, if the customer service and provision of qualitative services to customer has to be improved when attracting service providers.
• To you, pursuant to a clear and unambiguous request.
• Courts or other public institutions for the protection of our legal interests.
• Recipients of your personal data may be employees authorised by the Data Controller, Data Processors, as well as law enforcement and supervisory institutions.
• We will issue personal data only to the extent required and sufficient, according to requirements of regulatory regulations and substantiated objective circumstances of the specific situation.
• We always try to process your personal data within the territory of the European Union and the European Economic Area (EU/EEA). Your personal data is not processed in any country outside EU/EEA. Transfer and processing of personal data outside EU/EEA may be implemented if it has legal basis, i.e., to fulfil any legal obligation, conclude or perform a contract, or pursuant to your consent, and if appropriate security measures are implemented.

How long do we store your personal data?

• All personal data obtained from you is stored while you use our services, or until you revoke your consent, if your personal data is processed based on such consent. Longer period of storage of personal data is permissible to fulfil statutory requirements concerning the minimum term of storage of documents or information, or to protect our legal interests.
• When this period has expired, we will securely delete your personal data or make it unavailable (archiving), or non-identifiable, so that this data cannot be linked to your person anymore.
• The period of storage of personal data may be defined by contract, your legitimate interests, or applicable regulations which we are obliged to observe.
• During the process of providing healthcare services, we observe special regulations which set an obligation to retain certain data. If you want to receive detailed information, please contact us.

How do We ensure protection of your data?

• We ensure, regularly revise and improve our data protection measures to protect your personal data from unauthorised access, accidental loss, disclosure or destruction. To implement this, we use modern technology, technical and organisational requirements, including the use of firewalls, intrusion detection software and data encryption.
• We carefully verify all service providers who process your data in our name or on our behalf, and assess whether data processors implement appropriate security measures to ensure that processing of your data is implemented in accordance with our requirements of regulations.
• In the case of any incident concerning security of your data, if it could cause sufficiently high risk of your rights and freedoms, we will try to notify you, or will publish the information on our website.
• However, we recommend to observe general rules of secure use of computer and internet, as well as requirements for protection and storage of your private data (especially regarding identity documents), as we will not assume any liability for unauthorised access to your personal data and/or loss of data, if it has resulted from your fault or negligence.

What are your rights?

• We consider that the protection of your rights is our priority. We handle your data with utmost responsibility, and will always observe your rights and interests.
• You are eligible to request a confirmation from us as to whether or not we process personal data linked to you, and in such cases, request access to your personal data processed by us, or to issue information on such personal data, if ensuring of direct access is not possible.
• If you consider that information about you is outdated, incorrect or incomplete, you may request that the information be updated.
• You are eligible to request deletion of your personal data or object to its processing if you think that the data is processed unlawfully or it is not necessary anymore in relation to the purposes it was obtained and/or processed.
• You are entitled to submit a complaint to the Data State Inspectorate if you consider that we have processed your data illegally.
• Since we process your personal data based on your consent, you are eligible to revoke your consent for processing of personal data at any time.
• You are eligible to object to processing of your personal data for direct marketing purposes at any time.
• You have the right to object our processing of personal data based on our legitimate interests. However, we will continue processing of your data even in the case of your objections, if we have convincing justification for such continued processing of personal data. To implement the aforesaid rights, please submit an application in writing.
• In certain instances, you are entitled to request the deletion of your personal data, however, this does not apply to cases when the applicable laws require us to retain such data. To implement the aforesaid rights, please submit an application in writing.
• In certain instances, you are entitled to restrict processing of your persona data. Please, consider that, if you request processing restrictions of your personal data, it may affect your possibilities to receive our services. To implement the aforesaid rights, please submit an application in writing.
• Finally, you are eligible to receive or transfer your personal data to another data controller. These rights include only the data you have provided to us on your consent or concluded contract, and if automated processing is implemented. To implement the aforesaid rights, please submit an application in writing.

Do you have any questions?

We use a multi-level approach for providing information to you. In places, where video surveillance is performed, notifications are provided with a warning on video surveillance, thus providing basic information in relation to video surveillance, and we also inform about the rights to receive more detailed information. When you visit our website, notifications on this Privacy Policy are published, and you also can become acquainted with information on cookies used on the website. If you have any questions about protection of your data, please contact us electronically by sending an e-mail message to: info@balticmedicaldestinations.eu with an indication ''To the data protection specialist''.