Terms

Privacy policy

Notice on Personal Data Processing for Clients and Visitors

1. Data controller

The data controller for personal data processing is SIA "FLEBOMEDIKA" (hereinafter referred to as the "Clinic"), registration number: 40003570396, legal address: Jaunā Mežparka iela 4, LV-1014.

You can contact us by phone: +37167374747 or via email: .

2. Contact information for data protection inquiries

2.1. If you have any questions regarding this notice or the processing of your personal data, you can contact us using the communication channels provided in Section 1.2. or by reaching out to our data protection officer via email: .

3. General description of our data processing

3.1. This notice describes how we process personal data of the following individuals: our clients, client representatives/contact persons, participants in our public events, participants in marketing activity competitions, visitors to our website and service locations, whistleblowers submitting reports, and other individuals whose data may come into our possession in connection with the purposes of personal data processing specified in this document.

3.2. We assume that before using our website or becoming our client, you have reviewed this notice. This is the latest version of the notice. We reserve the right to amend and update this notice as necessary.

3.3. The purpose of this notice is to provide you with a general overview of our personal data processing activities and objectives. However, please note that additional information about your data processing may also be provided in other documents (e.g., service agreements, cooperation agreements, lottery rules, loyalty program terms).

3.4. In addition to these terms, you may also review our additional personal data processing notice, specifically the cookie policy, available in the "Cookie Usage" section of the Clinic's websites www.maurinaklinika.lv and www.ameda.lv (hereinafter referred to as the "Website") .

3.5. Please note that the personal data processing rules outlined in this notice apply only to the processing of personal data of natural persons.

3.6. We recognize that personal data is valuable to you, and we process it in compliance with confidentiality requirements while ensuring the security of your personal data in our possession.

4. Purposes and legal basis for data processing

We ensure fair and lawful processing of personal data by processing your personal data only for specific, predetermined purposes with an appropriate legal basis. We process your personal data for the following purposes:

4.1. Initiation and provision of services

4.1.1. Appointment scheduling and communication

[1] When scheduling an appointment with one of our specialists or doctors, either by phone or in person, we need to identify you to locate your medical record if one has been created at our facility. It is important to determine the health issue or purpose of your visit to ensure the correct specialist is assigned. To confirm your online appointment request, we will contact you to clarify information regarding the selected specialist or doctor and your health concern or purpose of the visit. Your contact information is necessary for appointment reminders and updates on any changes.

[2] For this purpose, we process the following personal data: name, surname, personal identification number, phone number, email, health issue, or purpose of the visit.

[3] The primary legal bases for this data processing:

  • Data subject consent (Article 6(1)(a) of the General Data Protection Regulation) – for example, regarding the appointment request submitted online.

  • Management of healthcare services (Article 9(2)(h) of the General Data Protection Regulation).

  • Legitimate interests of the data controller and third parties (Article 6(1)(f) of the General Data Protection Regulation), such as making reminder calls or sending messages to ensure effective time management for doctors and accommodate other patients when necessary.

4.1.2. Personal identification

[1] When providing medical services, we must verify your identity by requesting an identification document. To complete medical documentation in accordance with legal requirements, we process the following personal data: name, surname, personal identification number, date of birth or age, gender.

[2] In cases where patients are represented by legal or authorized representatives, we are required to verify the representatives' identity (name, surname, personal identification number) and the basis of representation.

[3] The primary legal bases for this data processing:

  • Compliance with a legal obligation applicable to the Clinic (Article 6(1)(c) of the General Data Protection Regulation, Patient Rights Law, Section 15, Part 4, Cabinet Regulation No. 265 on "Medical Record Keeping Procedures").

4.1.3. Provision of medical services

[1] To ensure the provision of quality medical services, we need to process your health data (e.g., medical condition, including disease diagnosis; disability; blood type and Rh factor; allergies; medication side effects or intolerance; regularly used medications; past illnesses and injuries; test results; surgical operations; anesthesia methods; postoperative complications; course and outcomes of treatment. This list is not exhaustive, as the processed health data may vary depending on the problem you have addressed at the Clinic and the chosen treatment method).

[2] To monitor the treatment process, the doctor may request photo or video documentation of the affected body area. This processing will involve images of the relevant body part. If you do not wish for photo/video documentation to be used in your treatment monitoring, you have the right to refuse.

[3] To fulfill the obligation to document the treatment process, we record health data in your medical documentation during the provision of medical services. To comply with legal requirements and complete medical documentation, such as outpatient or inpatient medical records, we require information about your workplace or educational institution.

[4] To inform you about changes in planned procedures, assess your health condition during outpatient treatment, and issue certificates or referrals, we require your contact information (address, phone number, or email). In specific cases (if you are unable to make medical decisions due to your health condition or age), we may need the contact information of your authorized or legal representatives, spouse, or closest relatives (name, surname, phone number) to coordinate your treatment-related matters.

[5] The primary legal bases for this data processing:

  • Processing of data for medical treatment purposes (Article 9(2)(h) of the General Data Protection Regulation).
  • Protection of the patient's vital interests if the patient is physically or legally unable to give consent (Article 9(2)(c) of the General Data Protection Regulation).
  • Compliance with a legal obligation applicable to the Clinic (Article 6(1)(c) of the General Data Protection Regulation, Cabinet Regulation No. 265 on "Medical Record Keeping Procedures").
  • Legitimate interests of the data controller (Article 6(1)(f) of the General Data Protection Regulation) regarding photo/video documentation to monitor the patient’s treatment process.

4.1.4. Prescription medication issuance

[1] To prescribe the necessary prescription medications, we process the following personal data: name(s), surname; personal identification number; date of birth (if not included in the personal ID number); declared, registered, or provided residence address; gender. The prescription also contains data directly indicating your health condition, such as diagnosis, prescribed medications, and usage instructions.

[2] The primary legal bases for this data processing:

  • Processing of data for healthcare management purposes (Article 9(2)(h) of the General Data Protection Regulation, Cabinet Regulations No. 175 and No. 134 on electronic health information systems).

4.1.5. Issuance of sick leave certificates

[1] To complete and submit sick leave certificates, we need to process the following data: the recipient’s personal identification number, name(s), surname, gender, date of birth (if not included in the personal ID number), declared, registered, or provided residence address, and, if applicable, details of a child or dependent, cause of temporary incapacity, notes on compliance with medical instructions, sick leave periods, referrals to other doctors, expected return-to-work date, or extended incapacity.

[2] The primary legal bases for this data processing:

  • Data processing carried out for the purpose of health management (Article 9(2)(h) of the General Data Protection Regulation and Cabinet Regulation No. 152 of April 3, 2001, "Procedures for Issuing and Cancelling Sick Leave Certificates," and Cabinet Regulation No. 134 of March 11, 2014, "Regulations on the Unified Electronic Information System for the Health Sector").

4.1.6. Organization of training seminars, workshops, and conferences

[1] To register your participation in our organized public events, send information about the event, and provide educational materials, we need to process the following data: name, surname, phone number, email. If the seminar includes the allocation of qualification maintenance points, additional personal identification number and job-related data may also be processed.

[2] The primary legal bases for this data processing:

  • Data subject’s consent (Article 6(1)(a) of the General Data Protection Regulation).
  • Conclusion and performance of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation).

4.1.7. Administration of service payments

[1] To administer the receipt of payment for the provided service, we need to process various data, the scope of which may differ depending on the provided service. Typically, this data includes name, surname, personal identification number, bank account number, as well as diagnosis or service description.

[2] To obtain an insurance company's decision regarding the coverage of medical expenses, we need to process your health insurance policy information and send your personal data, including health data—such as diagnosis, treatment process, and costs—to the insurance company.

[3] To submit an e-receipt to the State Revenue Service as a supporting document for creating an annual income tax declaration, we need to process the information included in the receipt and transmit it to a third party—the State Revenue Service.

[4] The primary legal bases for this data processing:

  • Fulfillment of a service contract (Article 6(1)(b) of the General Data Protection Regulation).
  • Data subject’s consent (Article 6(1)(a) of the General Data Protection Regulation), for example, regarding the verification of medical expense coverage by insurance or the submission of an e-receipt to the State Revenue Service.

4.2. Participation in the loyalty program and marketing activities

4.2.1. Ensuring participation in the loyalty program

[1] Within this purpose, we facilitate your participation in our loyalty program, which offers special and personalized deals and discounts each month. The digital privilege card is registered and issued to a specific individual by sending it to the client's email address. As part of this purpose, we perform profiling (e.g., collecting information on previous appointments, gender, age) to determine appropriate offers for a specific and identifiable loyalty program participant. To ensure that personalized offers are used by the privilege cardholder, we need to process the following data: client’s name, surname, personal identification number, phone number, email address, and gender.

[2] The primary legal bases for this data processing:

  • Data subject’s consent (Article 6(1)(a) of the General Data Protection Regulation) – regarding enrollment in the loyalty program.
  • Legitimate interests of the data controller (Article 6(1)(f) of the General Data Protection Regulation) – for example, regarding the necessity to indicate gender to segment clients by gender and thereby determine appropriate offers for program participants.

4.2.2. Ensuring marketing activities, brand awareness, and scientific purposes

[1] Within this purpose, we may send you commercial notifications, facilitate your participation in our organized lotteries, publish or republish client reviews, and publish materials from our organized public events. We may use photo/video documentation of patients’ body parts taken during outpatient visits, procedures, or surgeries for publicity and scientific purposes.

[2] For these purposes, we may need at least the following personal data: client’s or client’s contact person’s name, surname, phone number, email address, appearance, behavior, and body part images.

[3] The primary legal bases for this data processing:

  • Data subject’s consent (Article 6(1)(a) of the General Data Protection Regulation) – regarding the sending of commercial notifications, participation in lotteries, publication of winner photos, use of patient body part photos/videos, use of submitted reviews, and republishing client social media posts.
  • Conclusion and performance of a contract with the data subject (Article 6(1)(b) of the General Data Protection Regulation) – regarding the publication of photo or video materials within the framework of cooperation with the data subject.
  • Legitimate interests of the data controller (Article 6(1)(f) of the General Data Protection Regulation) – for example, the publication of photographs from public events.

4.3. Compliance with legal obligations

[1] Within this purpose, we collect and process personal data to comply with legal requirements, including those set out in the Accounting Law, Archives Law, Whistleblower Protection Law, Patient Rights Law, and other applicable regulatory acts of the Republic of Latvia.

[2] For this purpose, we may need to process at least the following personal data: client’s or client’s representative/contact person’s name, surname, personal identification number, postal address, bank account number, phone number, and email address.

[3] The primary legal bases for this data processing:

  • Compliance with a legal obligation (Article 6(1)(c) of the General Data Protection Regulation).
  • Legitimate interests of the data controller (Article 6(1)(f) of the General Data Protection Regulation).

4.4. Prevention of security and property threats and protection of other essential legitimate interests

4.4.1. Detection of unlawful activities

[1] The Clinic conducts video surveillance within the building premises and its territory to detect criminal offenses related to the safety of visitors and the protection of the Clinic’s property. During video surveillance, the following personal data is processed: appearance (image), behavior, location, and time of presence. Data obtained through video surveillance is not used for any purposes other than detecting unlawful activities.

[2] The primary legal bases for this data processing:

  • Protection of the legitimate interests of the data controller or third parties (Article 6(1)(f) of the General Data Protection Regulation).

4.4.2. Control of vehicle flow in the parking area

[1] The Clinic carries out video surveillance of the parking area near the building using a video recorder that captures vehicle registration plate numbers upon entry and exit. This processing is conducted to control vehicle flow within the parking area and ensure compliance with parking regulations.

[2] The primary legal bases for this data processing:

  • Protection of the legitimate interests of the data controller (Article 6(1)(f) of the General Data Protection Regulation).

4.4.3. Ensuring proper service provision

[1] Within this purpose, we need to maintain and improve technical systems and IT infrastructure, as well as implement technical and organizational solutions that may involve the processing of your personal data (e.g., through cookies) to ensure proper service provision.

[2] The primary legal bases for this data processing:

  • Legitimate interests of the data controller (Article 6(1)(f) of the General Data Protection Regulation).
  • How we collect personal data and why you must provide your personal data
  • We may obtain your personal data through the following means:
  • Directly from you (information provided by the patient, identification documents).
  • When you submit applications, emails, or call us.
  • When you register for our services online.
  • Through our websites www.drmaurinaklinika.lv and www.ameda.lv, using cookies.
  • From the Smart Medical System.
  • In certain cases, from video surveillance recordings or vehicle registration number recordings from the video recorder.

Here is the full translation of your text into English:

5. Provision and receipt of information

The provision and receipt of information are necessary to ensure the provision of appropriate, high-quality, and safe medical services to you and to fulfill the legal obligations applicable to the Clinic as set out in the relevant laws and regulations. In certain cases, the failure to provide information may hinder or make the provision of services impossible.

6. Possible recipients of personal data

6.1. We process your personal data in accordance with applicable laws and regulations and take measures to ensure that third parties without a legal basis for processing your personal data do not have access to it.

6.2. Personal data may be received, if necessary, by:

  • The patient themselves;
  • The patient's legal or authorized representatives;
  • Doctors, specialists, the Clinic, and its authorized employees involved in the treatment process;
  • Laboratories for conducting necessary examinations;
  • The insurance company specified by the patient;
  • The authorized employees of the data processor;
  • The State Revenue Service;
  • Law enforcement authorities;
  • The Health Inspectorate—for the purpose of ensuring the supervision functions of the health sector;
  • The National Health Service—regarding the issuance of sick leave certificates and medication prescriptions;
  • The Data State Inspectorate—for the purpose of verifying compliance with data processing regulations.

6.3. Are your personal data transferred outside the European Union (EU) or the European Economic Area (EEA)?

Your personal data are not transferred outside the European Union (EU) or the European Economic Area (EEA).

7. Are your personal data used for automated decision-making?

7.1. We do not use your data for automated decision-making.

8. How is the retention period for your personal data determined?

8.1. Personal data that must be stored to comply with legal requirements will be retained for the periods specified in the relevant laws and regulations (for example, medical records included in the Inpatient Medical Record or Outpatient Medical Record are retained for 75 years from the last entry).

8.2. Data necessary to prove the fulfillment of obligations will be retained in accordance with the general limitation period for legal claims—10 years.

8.3. Video surveillance recordings will be retained for 20 days, while vehicle registration plate recordings will be retained for 3 days if parking regulations are followed or 60 days if parking regulations are not followed, if payment has not been made, unless the data have been previously requested by competent state or law enforcement authorities, or if no criminal offenses have been identified, or if no data subject request for restriction of data processing has been received. In such cases, the relevant data will not be deleted and will be retained for as long as necessary to achieve the purpose of processing or to comply with the instructions of competent state or law enforcement authorities.

9. What are your rights as a data subject regarding the processing of your personal data?

9.1. Updating personal data. If there have been changes to the personal data you have provided us (e.g., changes in personal identification number, contact address, phone number, or email), please contact us and provide the updated data so that we can fulfill the relevant data processing purposes.

9.2. Right to access and correct personal data. Under the General Data Protection Regulation (GDPR), you have the right to access your personal data held by us, request corrections, deletion, restriction of processing, object to the processing of your data, and the right to data portability in the cases and manner specified in the GDPR.

9.3. We respect your right to access and control your personal data. Therefore, upon receiving your request, we will respond within the timeframes specified by law (usually no later than one month, unless there is a special request requiring more time to prepare a response) and, where possible, correct or delete your personal data accordingly.

9.4. You can obtain information about your personal data stored with us or exercise other data subject rights in one of the following ways:

9.4.1. By submitting a request in person and identifying yourself at our legal address: Jaunā Mežaparka iela 4, Riga, LV-1014, on business days from 9:00 AM to 6:00 PM.

9.4.2. By sending a written request by post to our legal address: Jaunā Mežaparka iela 4, Riga, LV-1014.

9.4.3. By submitting a request signed with a secure electronic signature and sending it to our email: .

9.5. Upon receiving your request, we will assess its content and the possibility of verifying your identity. Depending on the circumstances, we reserve the right to request additional identification to ensure the security of your data and prevent disclosure to unauthorized individuals.

9.6. Withdrawal of consent

9.6.1. If the processing of your personal data is based on your consent, you have the right to withdraw it at any time. In such cases, we will no longer process your  personal data for the respective purpose. However, please note that withdrawing consent does not affect the legality of processing carried out before the withdrawal or the processing of data necessary for compliance with legal obligations, contractual performance, legitimate interests, or other legally established grounds for lawful data processing.

9.6.2. You may also object to the processing of your personal data if it is based on legitimate interests or used for marketing purposes (e.g., for sending commercial notifications or participation in a lottery).

10. Where can you turn for the protection of your rights?

10.1. If you have any questions or objections regarding our processing of your personal data, we encourage you to contact us first to resolve the matter.

10.2. If you believe that we have not been able to resolve the issue and that we are violating your rights regarding data protection, you have the right to file a complaint with the Data State Inspectorate. Complaint templates and other related information can be found on the Data State Inspectorate's website.

Prepared by:
SIA “Protectum” Data Protection Specialist S. Zīrāka

Terms
© Copyright 2025 Dr. Maurins Clinic. All materials published on this website, including but not limited to texts, images, logos, graphics, and designs, are protected by copyright. Any reproduction, copying, distribution, or publication of these materials in any form without prior written permission is strictly prohibited.
Up
Do you agree to the use of analytical and marketing cookies from Meta and Google on this site, in accordance with our privacy policy?