Personal data controller – NEWMAN Bariatric (JSC Vivamedicus), hereinafter – Company, company code 304411429, business address: S. Žukausko str. 2B-60, LT-50118 Kaunas, Lithuania, e-mail: email address email@example.com, tel. No. +370 612 04006, processing personal data of data subjects in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data security and implement appropriate technical and organizational measures to protect personal data against unauthorized destruction and / or accidental alteration, distribution, disclosure or any other unlawful use.
Our Client is an integral part of the Company. Your needs, observations, opinion are important to us so that we can improve and professionally meet your expectations. Respecting the rights of our Customers and other data subjects to their private information, we process their personal data legally and fairly.
We collect only those Customer data that are necessary for the provision of the Company’s services, activities and / or visits, use, browsing of the Company’s website (hereinafter – the Website). We ensure that the collected and processed Customer data will be secure and will be used only for a specific purpose.
When writing “You”, “Your”, “You”, “Client”, “Patient”, “User” or “Visitor”, we mean an unregistered user of our website when registering with NEWMAN Bariatric (JSC Vivamedicus) service (s), or a visitor to our website who does not necessarily register for the NEWMAN Bariatric (JSC Vivamedicus) service (s).
- Personal data – any information relating to a natural person – a data subject whose identity is known or can be established directly or indirectly by means of the relevant data.
- Customer – any natural person, data subject who orders, purchases, uses, has used or has expressed a wish to use the Company’s services, visits the Company’s website or is otherwise connected with the services provided by the Company.
- Personalized data – information that is no longer related to a natural person, as all elements that allow the identification of a person have been removed from the personal data set.
- Services – any products, goods and / or services offered by the Company, both electronically and non-electronically.
- Data subject – any natural person, data subject who orders, buys, uses, has used or has expressed a wish to use the Company’s services, visits the Company’s website or is in any other way related to the services provided by the Company.
- Provision of data – disclosure of personal data through transmission or other ways of making it available (except for publication in the media).
- Data processing – any operation performed on personal data: collection, recording, accumulation, storage, classification, grouping, aggregation, modification (supplementation or correction), provision, publication, use, logical and / or arithmetic operations, retrieval, dissemination, destruction or other action or set of actions.
- Automatic data processing – data processing operations performed in whole or in part by automatic means.
- Special personal data – data related to a person’s racial or ethnic origin, political, religious, philosophical or other beliefs, trade union membership, health, sexual life, as well as information about a person’s criminal record.
- Consent – a voluntary statement of the data subject’s intention to process his or her personal data for a purpose known to him or her. Consent to the processing of sensitive personal data must be expressed in a clear, written, equivalent or other form that clearly demonstrates the will of the data subject.
- Direct marketing – activities aimed at offering goods and services to individuals and / or seeking their opinion on the goods or services offered by post, telephone or other means.
- Data processor – a legal or natural person (who is not an employee of the data controller) authorized by the data controller to process personal data. The data controller and / or the procedure for its appointment may be established by laws or other legal acts.
- Data controller – a legal or natural person who, alone or together with others, determines the purposes and means of the processing of personal data. If the purposes of data processing are determined by laws or other legal acts, the data controller and / or the procedure for its appointment may be established in those laws or other legal acts.
- Third party / party – a legal or natural person, except the data subject, the controller, the processor and persons who are directly authorized by the controller or processor to process the data.
PROCESSING OF PERSONAL DATA
Processing of Personal Data means any operation performed on Personal Data (including the collection, recording, storage, editing, modification, granting of access, submission of requests, transmission, archiving, etc.).
The Company processes personal data in accordance with the General Data Protection Regulation (EU) 2016/679 of the European Union (hereinafter – the Regulation), the Law on Legal Protection of Personal Data of the Republic of Lithuania and other legal acts regulating the processing of personal data.
The scope of personal data processed depends on the Company’s services ordered, purchased or used and the information provided by the person as a visitor to the Company’s website when ordering, purchasing and / or using the Company’s services, visiting or registering on the Company’s website.
SOURCES OF PERSONAL DATA
Personal data is provided by the Customer by contacting the Company, registering for services using the Company’s services, participating in the loyalty program, surveys or research, leaving comments, asking questions, subscribing to newsletters and / or using the Company’s services, requesting a consultation from the Company.
Personal data is obtained on the basis of the Customer’s consent. In cases where the Customer has expressed a wish to receive information or express an opinion on specific services, personal data may be processed to ensure the provision of the information required by the Customer. For the purposes of customer surveys, market research and statistical data collection, games and promotions for the Clients, with the Client’s consent or in the legitimate interest of improving the quality of the Company’s services, the Clients’ experience as service recipients and developing new products and services. The Customer has the right to revoke the consent given to the Company at any time. The consent shall be valid until it is fulfilled or, as the case may be, revoked, whichever is the earlier. Withdrawal of consent shall not affect the lawfulness of the processing, which is based on the relevant consent given before the withdrawal.
PURPOSES OF THE PROCESSING OF PERSONAL DATA
By providing personal data to the Company, the Customer agrees that the Company will use the collected data in fulfilling its obligations to the Customer and providing the services that the Customer expects. The Client’s personal data is required for the Company for the following purposes:
- For maintaining relations with Clients and establishing and administering access to the Company’s services.
- Conclusion and execution of Service Agreements with the Client, updating of data about the Client, when it is necessary for the performance of the Agreement or in order to take action at the Client’s request before concluding the Agreement or fulfilling a legal obligation.
- Protection of the rights, interests and privacy of the Customer, the Company and third parties.
- Statement, enforcement or defense of legal requirements (to a court, bailiffs or other institutions to which we must transfer in accordance with the legal acts of the Republic of Lithuania).
For direct marketing, loyalty program, promotional purposes, discounts, loyalty card administration, providing offers, news, information, services, or sending a newsletter that the Customer requests from the Company or that the Company believes may be of interest to the Customer.
For the purpose of customer solvency assessment and indebtedness management.
For the purpose of staff selection (personal data of candidates are collected). The personal data of candidates who have sent their CVs directly to the Company by e-mail or through job advertisement portals (e-mail address, name, telephone number, all information provided in the CV, motivation letter and the position they are applying for) are processed by the Company, in order to select a candidate for the job application. The company keeps the personal data of the candidates for as long as the selection for a specific job continues. Data is only kept longer if the candidate’s consent is obtained. The company does not collect or process special personal data of candidates.
For other purposes for which the Company has the right to process the Customer’s personal data when the Customer has given his consent, when the data needs to be processed due to the Company’s legitimate interest or when the Company is obliged to process the data by relevant legal acts.
WE COLLECT PERSONAL DATA
Information you provide voluntarily: when you register for a visit to our website directly or using third-party services (Facebook, Google, etc.), send us an e-mail, contact us through third-party applications (Facebook, Instagram, etc.), consult in writing, orally or by other means with our staff regarding the services provided and / or subscribe to the newsletter service, use the comments feature on the website, contact us in any other way and voluntarily provide information about yourself. This may include your name, personal health information, physical address, email address, phone number, gender, age, and other demographic information.
Information we receive when you use our services: when registering with a doctor in the online registration form, you provide your name, telephone number, e-mail address, a brief description of your health condition.
Information we collect automatically: When you use our services while browsing our website, we collect information about the pages you visit on the website and other browsing, activity history and statistics. This may include your IP address, device operating system, browser ID, browsing activity, and other information related to your activity on the Website or other services we provide. We collect some information from log files, as well as with the help of cookies and other tracking technologies. Cookies: We and our partners use a variety of technologies to collect information about website usage statistics and browsing activities, such as cookies and / or similar technologies such as pixel codes or website indicators for website trend analysis, page administration, depersonalized demographic statistics about website visitors, so we cannot identify a specific person. Each visitor can control and refuse as well as their browser accepts or does not accept any cookie in their web browser. We use our cookies on our website together with third-party cookies to ensure the full functionality of the website and for marketing purposes to show you specialized offers on other platforms (Google, Facebook, Instagram).
PROVISION OF PERSONAL DATA TO THIRD PARTIES
The Company undertakes to observe the obligation of confidentiality with regard to the personal data of the Clients. Personal data may be disclosed to third parties only if this is necessary for the conclusion and performance of the contract for the benefit of the data subject or for other legitimate reasons.
The Company may enter into or have entered into agreements with the following processors for the processing of the specified personal documents: data centers, cloud, website administration and related services companies, advertising / marketing companies, software developers, providers, maintainers and developers, information technology infrastructure service companies, communication service companies, consultancy companies, internet browsing or internet analysis and service companies.
The Company may also provide Customer data at the request of a court or government agency, to the extent necessary to properly comply with applicable laws and regulations of government agencies.
The company may need to exchange personal data when there is a specific intended purpose. The company may need to provide personal data to the following recipients of personal data: business partners, data processors (subcontractors).
TERM OF STORAGE OF PERSONAL DATA
Personal data collected by the Company is stored in Outpatient Cards (printable documents) and / or in the Company’s information systems by e-mail. format. Personal data shall be processed no longer than is necessary to achieve the purposes of data processing or not longer than required by the data subjects and (or) provided by the legal acts of the Republic of Lithuania.
Although the customer may terminate the contract and refuse the Company’s services, the Company must continue to protect the customer’s personal data due to possible future claims or legal claims until the data retention period expires.
RIGHTS OF THE CUSTOMER AS A DATA SUBJECT
The customer, as a data subject, has the right to:
- Get acquainted with the processed personal data. Contact the Company with a request to provide information on whether the Company processes its personal data.
- Apply to the Company to correct his / her personal data and / or suspend the processing of such personal data, except for storage – in case the data is found to be incorrect, incomplete or inaccurate.
- Apply to the Company with a request to delete his / her personal data, which is processed only with his / her consent, if the Customer revokes the respective consent. This right shall not apply if the personal data requested to be deleted are also processed on another legal basis, such as processing necessary for the performance of the contract or the performance of an obligation under the applicable law.
- Restrict the processing of his personal data in accordance with applicable law, such as the period during which the Company will assess whether the Customer has the right to request the deletion of his personal data.
- Receive personal data provided by him, which is processed on the basis of his consent or performance of the contract, in writing or in a commonly used electronic form, and, if possible, transfer such data to another service provider (data portability).
- Disagree on the processing of his personal data if the processing of personal data is based on a legitimate interest, including profiling for direct marketing purposes (eg receipt of marketing offers or participation in surveys).
- At any time, withdraw your consent to the processing of personal data for direct marketing purposes.
- Disagree that it should be subject to a fully automated decision, including profiling, if such decision-making has legal implications or similar significant effects on the Customer. This right does not apply if such decision-making is necessary for the purposes of concluding or executing the contract with the Client, is permitted by applicable law or the Client has given explicit consent to do so.
- To apply to the State Data Protection Inspectorate if the issue with the Company cannot be resolved.
- The Client, regarding the exercise of his rights, may apply to the Company by submitting a written request in person, by post, through a representative at the address: JSC Vivamedicus, business address: S. Žukausko str. 2B-60, Kaunas, Lithuania, as well as by submitting a written request in person by e-mail. e-mail: firstname.lastname@example.org, orally – by phone +370 612 04006.
The Company processes customer requests for data subject’s rights free of charge. Upon receipt of a person’s request to provide what data the Company has collected about him / her, the response shall be provided within 30 calendar days from the date of the submitted request. The applicant must provide proof of the identity of the applicant. The examination of the application may be refused or an appropriate fee may be charged if the application is manifestly unfounded or excessive, as well as in other cases specified in regulatory enactments.
Inform the Company about changes in the information and data provided. It is important for the company to have correct and valid Customer information;
Provide the necessary information to enable the Company to identify the Customer at the Customer’s request and to ensure that it is in real communication with or cooperation with a particular Customer (provide an identity document or legal or electronic means of identification). This is necessary for the protection of the data of the Customer and other persons so that the disclosed information about the Customer is provided only to the Customer, without violating the rights of other persons.