1. Personal data means any information relating to a natural person (data subject) who is known or who can be identified directly or indirectly by reference to such data as a personal identification number or one or more factors specific to his physical, psychological, economic, cultural or social identity.
2. Data processing means any operation which is performed on personal data: collection, recording, accumulation, storage, classification, grouping, connecting, changing (supplementation or correction), provision, publication, use, logical and/or arithmetical operations, search, dissemination, destruction or any other operation or a set of operations.
3. Data controller means UAB Estetinės chirurgijos centras.
PERSONAL DATA PROCESSING PRINCIPLES AND OBJECTIVES
4. In processing personal data the following personal data processing requirements shall be observed:
4.1. Personal data shall be collected for specified and legitimate purposes and not further processed for purposes incompatible with the purposes determined before the personal data concerned are collected;
4.2. Personal data shall be processed accurately, fairly and lawfully;
4.3. Personal data must be accurate and, where necessary, for purposes of personal data processing, kept up to date; inaccurate or incomplete personal data must be rectified, supplemented, erased or their further processing must be suspended;
5. The personal data of the Clinic’s data subjects shall be processed (legal basis) –
5.1. for the purposes of providing personal healthcare services and identifying patients and specialists carrying out health promoting activities;
6. All information about the patient’s stay at the healthcare establishment, medical treatment, health status, diagnosis, prognosis and treatment, also any other personal information about the patient shall be confidential, also subsequent to the patient’s death. Information about the patient has to be provided if this is mandatory under law.
PROCEDURE FOR EXERCISING DATA SUBJECT’S RIGHTS
7. Data subjects shall have the right to:
7.1. know and obtain communication about the processing of his or her personal data;
7.2. have access to his or her personal data upon supplying the data processor with a personal identification document personally or by electronic means which make it possible to properly identify the person, have access to his or her personal data and processing thereof, also obtain copies of documents containing his or her personal data. Submission of medical documents to the patient may be restricted under the procedure prescribed by law if the information contained therein would be prejudicial to the patient’s health or endanger his or her life.
7.3. to have his or her personal data rectified, erased and suspend his or her personal data processing actions, except retention, when personal data are processed without complying with legal provisions;
7.4. object to the processing of his or her personal data.
ORGANISATIONAL AND TECHNICAL PERSONAL DATA SAFEGUARDS
8. All employees who are processing a data subject’s data shall observe the principle of confidentiality and maintain secrecy about any information relating to the data of the data subject to which they gained access in performing their duties. This obligation shall remain in effect following termination of employment or contractual relations with the Clinic.
9. The Clinic shall ensure the use of safe protocols and/or passwords while transferring personal data by external data transmission channels.