APPROVED
UAB "Kardiolita"
Mr Kostogriz, Executive Director Order No B-23-31 of 23 June 2023

PRIVACY POLICY

We are aware of the particular importance we attach to the protection of your personal data, and we only collect and process your data that is necessary for the performance of our activities. We process personal data lawfully, transparently and fairly, for predefined purposes and only to the extent necessary to achieve those purposes. When we process personal data, we aim to keep it accurate, secure, confidential, properly stored and protected.

When processing your personal data, we comply with the requirements of the General Data Protection Regulation (GDPR), the Law on Legal Protection of Personal Data of the Republic of Lithuania, as well as with the requirements for the processing of personal data set out in other legal acts.

1.         WHAT IS THIS DOCUMENT?

1.2 This privacy policy (hereinafter referred to as the "Privacy Policy") sets out the privacy terms and conditions for your use of the website kardiolitosklinikos.lt (hereinafter referred to as the "Website").

1.2 Please read this Privacy Policy carefully so that you understand our practices when processing your personal data. By reading this document, you will know how we process your personal data, where we obtain it from and what your rights are as a data subject.

1.3 If you use the Website, it means that you have read and accepted this Privacy Policy and the purposes, methods and procedures for processing your personal data set out in it. If you object to the terms and conditions set out in this Privacy Policy with respect to your personal data, you are not entitled to use the Site.

1.4 As used in this Privacy Policy, "personal data" means any information from which you can be identified, whether directly or indirectly. Personal data includes name, surname, date of birth, postal or e-mail address, information about your health, location data and internet identifiers, characteristics specific to you etc.

1.5 In order for you to be able to fully benefit from our services, you must be on our clinic's list of persons (patients). You can do this by visiting any of our At the time of signing up to our clinic, you will be made aware of our clinic's rules for the processing of personal data ("the Rules"), as well as your rights as a patient and a subject of personal data.

1.6 This Privacy Policy applies to all persons who visit any of the InMedica Group Websites, regardless of whether you are a patient of our clinic, as well as to actions you may take on the Website, including registering for an appointment with a health care professional at our clinic, as well as to persons involved in the selection of staff, suppliers and partners whose data we process for the performance of contracts.

2.         WHO ARE WE?

2.1 The website is managed and administered by InMedica Group Clinic UAB "Kardiolita", legal entity code 126118245, address Laisvės pr. 64A, 05263 Vilnius.

2.2 In accordance with the provisions of the legislation, we are the controller of your personal

3.         WHAT PRINCIPLES DO WE FOLLOW?

3.1 When we process your personal data, we:

1. 1. we will comply with the requirements of current and applicable legislation, including the GDPR;
   2. we will process your personal data in a lawful, fair and transparent manner;
   3. we will collect your personal data for specified, explicit and legitimate purposes and will not further process your personal data in a way that is incompatible with those purposes, except to the extent permitted by law
   4. We will take all reasonable steps to ensure that personal data which are not accurate or complete in relation to the purposes for which they are processed are rectified, supplemented, suspended or destroyed without delay;
   5. we will keep them in a form which permits your identification for no longer than is necessary for the purposes for which the personal data are processed;
   6. we will not provide personal data to third parties and will not disclose it, except in the cases specified in the Privacy Policy or the Terms and Conditions (if you are a patient of our clinic) or in the cases specified by law;
   7. we will ensure that your personal data is processed in such a way as to ensure, by appropriate technical or organisational measures, adequate security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage.

4.         FOR WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA?

4.1 We will process your personal data for the following purposes:

1. 1. to provide you with health services when you register on the Website for an appointment with a health care professional at our clinic;
   2. to improve the Website and offer you better and more tailored services;
   3. with your consent, to provide you with offers and information about our, our affiliates' and our partners' goods and/or services;
   4. through quality surveys;
   5. dealing with complaints and claims and managing your enquiries;
   6. selecting candidates for vacant positions;
   7. protecting patients, staff and property;
   8. for the purpose of concluding and performing the contract;
   9. Ensuring that Cardiolita Clinics are equipped with the necessary tools, in collaboration with suppliers and partners;
   10. for other purposes where we are required to process your personal data by law or where there is a legitimate interest.

5.         HOW DO WE COLLECT AND PROCESS YOUR PERSONAL DATA?

5.1 We process your personal data received in the following ways:

1. 1. when you provide them to us (e.g. when you register on the Website or by telephone);
   2. when you use the Site (e.g. the type of web browser you use, the number of visits, the pages you view on the Site, the amount of time you spend on the Site, etc.);
   3. when we receive your personal data from other persons in accordance with the procedure established by the legislation, this Privacy Policy or the Rules (if you are a patient of our clinic).

5.2 You provide us with your personal data and other information by using or registering on the Site, by writing to us or contacting our customer service team, or by making complaints about the Site or our services. If you contact us in writing or by email, we will retain the details of the correspondence.

5.3 The information you provide may include your name, personal identification number, email address and telephone number, age, gender, password, the text of the message (e.g. when registering for an appointment with a health care professional at our clinic) and other registration or complaint, claim and enquiry data.

5.4 When you use the Site, certain anonymous information (e.g. the type of web browser you use, the number of visits, the pages you view on the Site, the amount of time you spend on the Site, etc.) is collected automatically. This information is used to improve the content, functionality and attractiveness of the Site.

 

6.         ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?

6.1 General categories of personal data processed on the basis of - Article 6(1) GDPR: points (a), (b), (c), (d) and (f);

6.2 Special categories of personal data processed on the basis of - Article 9(2) GDPR: (a), (b), (c), (e), (f), (h), (i).

7.         WHAT CATEGORIES OF YOUR PERSONAL DATA DO WE PROCESS?

7.1 personal data necessary for patient identification and the provision of personal healthcare services: personal health record identification number, contact information (address, telephone no.), address of declared residence, name, surname, marital status, date of birth, gender, personal identification number, address of actual residence, billing data, call records and call metadata, registration data at the personal healthcare institution (name of the institution, name and specialty of the doctor visited, time of visit, reasons for the visit and complaints), relationship data (relationship of the data subject to the person concerned, name and surname of the person concerned, personal identification number, date of birth, gender) and other data;

7.2 special categories of personal data: examination data, photographs, videos, list of diagnoses, history of visits to Cardiolita Clinics (date, name and surname of the doctor visited, office, status), descriptions and conclusions, prescription of medicines and medical aids, referrals for personal health care services in other institutions, examinations, medical history, other entries in the personal health history, certificates and other data;

7.3 data required for sending personalised marketing messages: email address and/or telephone number and/or residential address, city, gender, age and other data;

7.4 selection data for vacant positions: name, date of birth, place of residence, telephone number, email address, education data, information on work experience, information on skills, information on driver's licence, computer literacy, city, position and salary expectations, curriculum vitae, and similar data;

7.5  Relationship data with suppliers and partners: name, surname, contact details (email address, telephone number, address), VAT number, business license or individual activity certificate number, date of validity, personal identification number, business activity under business license or individual activity certificate, bank account number, powers of attorney and other data;

7.6 website visitor data, unique identifiers and other tracking tools that collect information about subscribing to, (not) receiving, opening, clicking, unsubscribing from newsletters, which app/application is used to read the email, the IP address and the country assigned to it, and the information provided by visitors on social networks - recommendations, complaints, opinions, suggestions and other data;

7.7 commercial patient relationship data: name, title, debt information, contact details, account information;

7.8 call centre data: caller's name, contact details (email address, phone number, address), opinion on the quality of the service, feedback, bookings, audio recordings, call

7.9 If you would like to know or clarify what specific personal data the Cardiolita Clinic processes about you, please contact us to exercise your data subject rights in the ways set out below.

8.         DO WE USE YOUR PERSONAL DATA FOR DIRECT MARKETING?

8.1 Only with your consent, we may use your personal data for direct marketing purposes to provide you with offers and information about goods and/or services from us, our affiliates and partners that we think may be of interest to you.

8.2 For this purpose, we process the following personal data: name, surname, telephone number , e-mail address, gender, age, information about your subscription to our clinic.

8.3 You can choose whether or not you consent to our use of your personal data for direct marketing purposes. You can do this by:

1. 1. ticking the consent text "I agree to receive direct marketing offers" or not ticking it when registering on the Site;
   2. by clicking on the link in the email we send you regarding the use of your data for direct marketing purposes.

8.4 By granting us the right to process your data for direct marketing purposes, you also grant us permission to contact you by means of communication (e.g. email, telephone, SMS) or other means of communication (e.g. Skype, Viber, etc.) for this purpose.

8.5 We may combine the information we hold about you with information held by third parties in order to make offers to you.

8.6 If you consent to the use of your personal data for direct marketing purposes, we may use your personal data to analyse and improve the effectiveness of our websites, advertising and market research, and for other company marketing and sales purposes. In this case, we will use your personalised data.

8.7 Even if you have given your consent to the processing of your personal data for direct marketing purposes, you can easily withdraw this consent at any time for all processing activities. To do so, you can:

1. Change the settings in the Patient Area -> My Data section of the website to indicate that you no longer want your personal data to be used for direct marketing purposes, or
2. to notify your unsubscription in the manner specified in the e-notifications and/or offers (e.g. by clicking on the "unsubscribe" link in the newsletter, etc.), or
3. by coming to our clinic and making a You must clearly state your name in the request. If you wish to withdraw your consent in this way, we may ask you to provide proof of identity;

8.8 From the moment your consent is withdrawn, we will unreasonably cease sending you direct marketing offers immediately.

8.9 Withdrawal of consent does not automatically oblige us to destroy your personal data or to provide you with information about our processing of your personal data, so if you want us to do this as well, you must make a separate request.

9.         HOW DO WE USE COOKIES?

9.1 We collect information about you using cookies and similar Cookies are small files that are temporarily stored on your device's hard drive and allow us to recognise you on subsequent visits to the Site, save your browsing history, preferences, customise content, speed up searches on the Site, create a user-friendly and friendly Site environment, and make the Site more efficient and reliable. Cookies are a common practice on websites that make it easier to use the website.

9.2 We may collect the following information through cookies: IP address, browser type, demographic data, etc.

9.3 We use the information we receive from cookies for the following purposes:

1. to ensure the functionality of the Site (e.g. to enable you to use the Site's personalisation);
2. so that we can improve and develop the Website to better meet your needs;
3. for the development of services and analysis of the use of the Website;
4. for targeted

9.4 We may, without prejudice to the law, combine information obtained through the use of cookies with information obtained about an individual by other means (e.g. information about the use of the Website, personal data provided by you).

9.5 The following cookies may be used on the Website:

1. 1. technical (essential) cookies - these are cookies that are necessary for the operation of the Website;
   2. Functional cookies - these are cookies that, although not essential to the operation of the Website, significantly improve its performance, quality and user experience;
   3. analytical cookies - these are cookies used to prepare a statistical analysis of the navigation methods of visitors to the Website; the data collected by these cookies is used anonymously;
   4. Targeting or advertising cookies - these are cookies that are used to show you offers or other information that may be of interest to you;
   5. Social cookies - these are cookies that are necessary for you to use the Site information in your social profile account.

9.6 All information about the cookies used on the Website, their purpose, validity and the data used is provided in the table below:

Place of use	Name	Purpose	Category	Moment of creation	Period of validity	Data used
www.kardiolito sklinikos.lt	test_cookie	A cookie helps to distinguish whether a user's settings support cookies	Required	By visiting the website	1 day
www.kardiolito sklinikos.lt	EW4SITE	The cookie helps to ensure               the functionality of the page.	Functional	By visiting the website	1 day	Random unique code
www.kardiolito sklinikos.lt	SITEXSRF	The cookie helps to manage           user consents.	Functional	By visiting the website	In session	Random unique code
www.kardiolito sklinikos.lt	Hex (40)	Cookie     to     help administer       user consents	Functional	By visiting the website	3 months	Random unique code
www.kardiolito sklinikos.lt	_ga	The cookie collects information about user behaviour on the website and is used to store statistical information.	Statistical	By visiting the website	2 years	Unique identifier
www.kardiolito sklinikos.lt	_dc_gtm_UA-#	The cookie collects information about user behaviour on the website and is used to store statistical information.	Statistical	By visiting the website	1 day	Random unique code
www.kardiolito sklinikos.lt	_ga_#	The cookie collects information about user behaviour on the website and is used to store statistical information.	Statistical	By visiting the website	2 years	Unique identifier
www.kardiolito sklinikos.lt	_gid	The cookie collects information about user behaviour on the website and is used  to  store statistical information.	Statistical	By visiting the website	1 day	Unique identifier
www.kardiolito sklinikos.lt	_fbp	Cookie used for Facebook promotional product sessions	Promotional	With consent	3 months	Unique identifier
www.kardiolito sklinikos.lt	_gcl_au	Cookie  used  for Google advertising sessions	Promotional	With consent	3 months	Unique identifier
www.kardiolito sklinikos.lt	ads/ga-audiences	A cookie is used to identify            user behaviour    on    a website.	Promotional	With consent	In session	Unique identifier
www.kardiolito sklinikos.lt	ads/ga-audiences	A cookie is used to identify            user behaviour  on  a website.	Promotional	With consent	In session	Unique identifier
www.kardiolito sklinikos.lt	IDE	A cookie is used to identify            user behaviour  on  a website.	Promotional	With consent	1 year	Unique identifier

 

9.7 You can give your consent to the use of cookies in the following ways:

1. By clicking on the "I accept" link (bar) on the website about cookies;
2. by expressing your consent at the time of registration on the Site;
3. at any time by unfolding the cookie bar and making changes to your cookie

9.8 You can withdraw your consent to our use of cookies at any time. You can do this by changing the settings on your web browser so that it does not accept cookies. How you do this depends on the operating system and web browser you are using. For detailed information on cookies, their use and how to refuse them, please visit http://AllAboutCookies.org or http://google.com/privacy_ads.html.

9.9 In some cases, disabling, not accepting or deleting functional cookies may slow down the speed of your web browsing and limit the functionality of certain features of the Website.

10.     WHO DO WE PROVIDE YOUR PERSONAL DATA TO?

10.1 We guarantee that your personal data will not be sold, provided or otherwise transferred to third parties without lawful basis, or used for purposes other than those for which they were collected. We will not transfer your personal data in any way other than in accordance with this Privacy Policy, the Terms and Conditions (if you are a patient of our clinic) and the However, we reserve the right to disclose information about you if we are required to do so by law or if we are requested to do so by lawful authorities or prosecuting authorities.

10.2 We may transfer your personal data to companies that assist us with our operations, accounting, direct marketing and quality assessment surveys or other We require such partners to process your data only in accordance with the instructions we have given them and applicable data protection legislation.

10.3 We may disclose the data we collect about you to the following third parties:

1. third party service providers (e.g. technical service providers in the performance of our contracts with these service providers, including the performance of services for sending newsletters or other marketing activities).
2. third-party service providers whose services we generally use for data storage, telecommunications and website hosting purposes.
3. to insurance organisations, pre-trial investigation bodies, courts, lawyers, government organisations and other recipients to whom we are required to disclose the data by law, or if we have your consent to the transfer of the data to these recipients.

10.4 The above service providers are limited in their ability to use your data for purposes other than to provide services to us or for the purposes set out in individual requests for personal

11.     HOW LONG DO WE KEEP YOUR PERSONAL DATA?

11.1 We keep the data collected for the purpose specified in point 4.1 (a) of the Privacy Policy for as long as you are registered with our clinic and for the periods required by law.

11.2 We store the data collected for the purpose referred to in point 1 (b) of this Privacy Policy for a period not longer than the period specified in the cookie table referred to in point 7.6 of this Privacy Policy.

11.3 We keep the data collected for the purpose set out in point 4.1 (c) of the Privacy Policy for as long as you are registered with our If you have not subscribed to our clinic, but you have consented to the processing of your data for the purpose of direct marketing in the other ways set out in this Privacy Policy, in such a case, we will store your personal data for a maximum period of 3 years from the date of your consent.

11.4 We store the data collected for the purpose referred to in point 1 (d) of the Privacy Policy for the periods prescribed by law.

11.5 We keep the data collected for the purpose referred to in point 4.1 (e) of the Privacy Policy for one year after the final resolution of the matter.

11.6 We will keep the data collected for the purpose referred to in point 4.1 (f) of the Privacy Policy until the end of the selection process, unless we have your consent to keep the data

11.7 We keep the data collected for the purpose set out in point 4.1 (g) of the Privacy Policy for no longer than is necessary to achieve the stated purposes.

11.8 We keep the data collected for the purpose referred to in point 4.1 (h) of the Privacy Policy for the period of cooperation and for 10 years after the end of the contract.

11.9 We keep the data collected for the purpose referred to in point 4.1.(i) of the Privacy Policy for the period of statutory cooperation and for 10 years after the end of the contract.

11.10 We protect the data collected for the purpose referred to in point 1 (j) of the Privacy Policy for the periods provided for by law.

11.11 We will not keep your personal data for longer than the purposes of processing or the law requires, unless a longer retention period is specified in the law.

11.12 We aim not to store outdated, irrelevant personal data, so that only relevant information is stored when it is updated (e.g. when your account is revised, information is changed, etc.).

11.13 Historical information is kept where it is necessary for the purposes of the law or for the conduct of our business.

12.      HOW DO WE PROTECT YOUR PERSONAL DATA?

12.1 The data we collect from you will be located within the EU, but may be transferred or stored outside the EU. It may also be processed by our or our suppliers' staff working outside the EU. When we transfer your data outside the EU, we will take all necessary steps to ensure that your data is processed securely and in accordance with this privacy policy.

12.2 Unfortunately, the transmission of information over the internet is not completely secure. Although we take great care to protect your personal data, we cannot guarantee the security of the data when you transmit data to the Website - you assume the risks associated with the transmission of data to the Once we receive your data, we will implement strict procedures and security measures to protect your data from unauthorised access.

12.3 In the unlikely event that we become aware of a breach of security of your personal data which may pose a serious threat to your rights or freedoms, we will inform you immediately upon becoming aware of it and identifying the information accessed.

13.      EXTERNAL WEBSITES

13.1. The Website may contain links to external websites, such as those of our business partners or websites that advertise our goods and/or services. If you follow such links to any of these sites, please note that these sites and the services available through them have their own separate privacy policies and we do not accept any responsibility or liability for these policies or for the personal data, such as contact or location data, collected on these sites or through these services. Please review these policies before submitting personal data to these websites or using any services.

14.        WHAT RIGHTS DO YOU HAVE?

14.1 When processing personal data, we ensure your rights in accordance with the GDPR and the Law on Legal Protection of Personal Data of the Republic of Lithuania. As a personal data subject you have the following rights:

1. 1. to know (be informed) about the processing of your personal data;
   2. to have access to your personal data that we process;
   3. request the rectification or completion, clarification of inaccurate or incomplete personal data;
   4. require the destruction of personal data when they are no longer necessary for the purposes for which they were collected;
   5. require the destruction of personal data where the processing is unlawful or where you withdraw or withhold your consent to the processing of personal data, which is necessary;
   6. to object to the processing of personal data or to withdraw your prior consent;
   7. request the suspension (other than storage) of the processing of your personal data in the event of disputes or to verify the lawfulness of the processing, the accuracy of the data, as well as in cases where we no longer need your personal data, but you do not wish us to destroy them;
   8. require you to provide, where technically feasible, your personal data collected pursuant to your consent or for the purposes of the performance of a contract, in an easily readable format, or to request that it be transferred to another controller.
   9. We will endeavour to guarantee the exercise of your rights as a personal data subject and to provide all the conditions for the effective exercise of these rights, but please note that your rights as a data subject are not absolute and may be limited in cases provided for by law.

14.2 You may submit claims relating to the exercise of your rights to us in person, by post or by electronic Upon receipt of your request, we may ask you to provide proof of identity, as well as other additional information we require in connection with your request.

14.3 Once we have received your request, we will respond to you no later than 30 calendar days from the date of receipt of your request and the submission of all the documents necessary to provide the response.

14.4 If we deem it necessary, we will suspend the processing of your data, with the exception of storage, until your request is resolved. If you lawfully withdraw your consent, we will cease processing your personal data immediately, but no later than 30 calendar days, except in the cases set out in clause 12.2 of this Privacy Policy and in the cases provided for by law, i.e. where we are obliged to continue to process your personal data by applicable law, by a legal obligation incumbent on us, by a judicial decision or by a binding order from the authorities.

14.5 If we refuse to comply with your request, we will clearly state the reason for such

14.6 If you disagree with our actions or our response to your request, you may complain about our actions and decisions to the competent public authority.

15.        WHO CAN YOU COMPLAIN TO?

15.1 If you wish to make a complaint about our processing, please submit it in writing, providing as much information as possible, using the contact details provided at the end of this We will co-operate with you and endeavour to resolve any issues promptly.

15.2 If you believe that your rights under the GDPR have been infringed, you can lodge a complaint with our supervisory authority, the State Data Protection Inspectorate, although we will endeavour to resolve any disputes with you in the first instance.

15.3 If we receive a complaint or request from you concerning the processing of your data, we will provide you with information about the action we have taken following receipt of the complaint or request without undue delay, but in any event within one month of That period may be extended by a further two months, if necessary, depending on the complexity and number of requests for complaints. However, in such a case, we will inform you of the extension within one month of receiving the request, together with the reasons for the delay. Where you submit your request by electronic means, the information will also be provided to you, where possible by electronic means, unless you request otherwise. If we have reasonable doubt as to the identity of the natural person who has made the complaint or request, we may ask you to provide us with additional information necessary to confirm your identity.

16.                   HOW WILL THIS PRIVACY POLICY BE AMENDED?

16.1 Any changes to our Privacy Policy will be posted on the We will notify you of such changes as necessary. New terms of our Privacy Policy may also be posted on the Site and you may need to read and agree to them in order to continue using the Site and/or our services.

17.        HOW TO CONTACT US?

17.1 Please send all documents related to this Privacy Policy to the contacts below:

1. 1. by post - UAB "Kardiolita" legal entity code 126118245, address Laisvės 64A, 05263 Vilnius.
   2. by email - asmensduomenys@meliva.lt

Date of update 2023-06-23