© Institute of Stomatology, Riga Stradins University


Mo-Fri 8:00-20:00
Sat 9:00-15:00,Sun: closed

Privacy Policy

SIA “Rīgas Stradiņa universitātes Stomatoloģijas institūts”


The purpose of this privacy policy is to provide to a natural person – a data subject – information about the purpose, scope, and protection of personal data processing and the period of processing during the acquisition of data and when processing the personal data of the data subject.

1. The Controller

1.1. The Controller of personal data processing is SIA “Rīgas Stradiņa universitātes Stomatoloģijas institūts” (hereinafter - Institute), unified registration No. 40003579713, registered address at 20 Dzirciema Street, Riga, LV-1007.

1.2. Contact details of the Institute on issues related to personal data processing: Agnese Rušiņa, lawyer, ph. (+371) 67451783, E-mail: agnese.rusina@stomatologijasinstituts.lv. By using this contact information or by contacting the registered address of the Institute, you may ask questions about the processing of personal data. A claim for the exercise of one’s rights shall be made in accordance with the present Privacy Policy.

1.3. Personal data means any information about an identified or identifiable natural person.

1.4. Privacy Policy applies to the protection of privacy and personal data concerning the following:

1.4.1 natural persons - patients, employees, and third parties who receive or forward to the Institute any information related to the provision of services;

1.4.2. Visitors to the Institute, including those subject to video surveillance;

1.4.3. Users of Internet sites maintained by the Institute; (hereinafter all together referred to as “Persons”).

1.5. The Institute takes care of the Persons’ privacy and protection of personal data, observes the Persons’ rights to the lawfulness of personal data processing in accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter - the Regulation), Personal Data Protection Law, Law On the Rights of Patients, Medical Treatment Law and other applicable legislation in the field of privacy and data processing.

1.6. The Privacy Policy applies to personal data of natural persons obtained in any form – in person, verbally, by telephone, electronically;

1.7. The Institute may lay down additional rules for certain types of data processing, of which the Person shall be notified at the time the relevant data are provided.

2. Purpose of processing personal data

2.1. The purpose of personal data processing is to ensure the provision of comprehensive, high quality health care services to the Institute’s patients.

2.2. Patient contact information is processed for the purpose of communicating or providing information on healthcare services in the patient’s best interest.

2.3. For the provision of services and fulfilment of the transaction. The purpose concerns the provision of services and the performance of concluded contracts (transactions). Personal data are processed on the basis of law and contract (transaction);

2.4. For reviewing and processing applications, claims, complaints;

2.5. The content of telephone conversations and electronic communications is processed for the purpose of improving the quality of the services provided by the Controller, investigating complaints, and ensuring the legitimate interests of the Controller and the Patient;

2.6. For the administration of settlements and debt recovery. The purpose concerns the settlements undertaken with individuals. Personal data are processed on the basis of law and contract (transaction);

2.7. For the maintenance and improvement of operation of the webpage;

2.8. For the provision of information to the state administration authorities and subjects of operational activities in cases and within the scope prescribed by external regulatory enactments;

2.9. For the security of the Institute’s infrastructure, services, information, staff, clients and visitors, the prevention of unlawful or other threats, the facilitation of the detection of criminal offenses at facilities and adjacent sites. The purpose concerns measures taken with the means of physical and logical protective equipment, including video surveillance, pass control and other technical and organisational measures to provide protection against hazards due to physical exposure and protection ensured by logical protective measures. Personal data are processed on the basis of contract and legitimate interests;

2.10. For accounting/financial and tax management. The purpose concerns accounting, paying taxes, settlements, etc. We process data on the basis of law and contract (transaction);

2.11. For other specific purposes that are communicated to Persons prior to the provision of data;

2.12. In any of these cases, the Institute will process Personal Data only to the extent permitted by the particular purpose of the processing.

3. Legal grounds for the processing of personal data

3.1. entering into and fulfilment of a contract - in order to enter into the contract subject to an application and ensure its fulfilment;

3.2. for the fulfilment of regulatory enactments - to fulfil a statutory obligation or right (Law On the Rights of Patients, Medical Treatment Law, Cabinet of Ministers Regulations No. 265 “Procedures for Keeping Medical Documents” of 04.04.2006, etc.);

3.3. consent of the data subject;

3.4. for legal (legitimate) interests - to fulfil the legal (legitimate) interests of the Institute arising from the existing liabilities or from a concluded contract, or those arising from law:

3.4.1. to provide health care services;

3.4.2. to perform commercial activities;

3.4.3. to ensure the fulfilment of contractual obligations;

3.4.4. to develop and improve services;

3.4.5. to send other messages regarding the course of fulfilment of the contract and events significant for fulfilment of the contract, as well as to perform surveys of Persons about services;

3.4.6. to ensure and improve service quality;

3.4.7. to administer payments;

3.4.8. to administer non-performed payments;

3.4.9. to turn to the state administration and operational activity authorities and the court for the protection of its legal interests;

3.4.10. to inform society about its activities.

4. Personal data processing and protection

4.1. The Controller processes and protects Personal Data using security tools in devices and programmes that store personal data, as well as organisational measures, taking into account existing privacy risks and available financial and technical resources.

5. The categories of recipients of the personal data, or to whom the data are disclosed

5.1. The Institute shall not disclose to third parties the personal data or any information obtained during the provision of services and during the term of the contract, including information about the nature, substance of services, etc., except:

5.1.1. subject to the consent of a Patient/Data Subject;

5.1.2. The transfer of data is prescribed by regulatory enactments;

5.1.3. The transfer of data is required on the basis of the patient’s contracts with insurance joint stock companies.

6. Disclosure of personal data outside the European Union

6.1. The Institute does not transfer personal data outside the European Union;

6.2. Where necessary, the Institute will provide statutory procedures to ensure a level of processing and protection of personal data equivalent to that provided by the Regulation.

7. Duration for the storage of personal data

7.1. Personal Data is stored for as long as necessary to achieve the purposes set out in this Privacy Policy, subject to regulatory requirements;

7.2. At the end of the data storage period, personal data are deleted or destroyed.

8. Rights and obligations of the Person (data subject)

8.1. A Person shall have the right to request access to his or her personal data to the Institute and to obtain clarification regarding what personal data are at the disposal of the Controller, for what purposes the Controlled processes personal data, the categories of recipients of personal data, insofar as allowed by legal acts, and information on the period of time, during which personal data will be stored.

8.2. The right to have your data rectified if it is incomplete or modified;

8.3. The right to request the erasure of his or her personal data;

8.4. If the processing of Personal Data is based on consent to the processing of Personal Data, the person shall have the right to withdraw his/her consent to data processing at any time in the form the consent was given; it shall be done on-site in writing, and in such case further processing of the data based on the above consent for the particular purpose will not be carried out in the future.

8.5. The right to object to the processing of personal data if the Person believes that the processing is unlawful and unsuitable for the purpose of the processing;

8.6. The right to file complaints about the use of personal data to the Data State Inspectorate (www.dvi.gov.lv), if the Person believes that the processing of their personal data infringes their rights and interests in accordance with the valid laws and regulations;

8.7. Upon receipt of a request from a Person for the exercise of his or her rights, the Institute shall be required to identify the person, assess the request and execute it in accordance with the law;

8.8. The Institute shall reply to the request received to the indicated contact address by registered post or personal delivery, as far as practicable having regard to the method of response indicated by the Person;

8.9. The Institute ensures the fulfilment of data processing and protection requirements in accordance with regulatory enactments and, in case of objections, takes reasonable steps to resolve the objection. However, if this fails, the Person has the right to turn to the supervisory authority, the Data State Inspectorate;

8.10. The Person is obligated to review the Institute’s Privacy Policy before commencing cooperation.

9. Website visits and cookie processing

9.1. The Institute’s website may use cookies;

9.2. Cookies are small text files stored by a web browser (such as Internet Explorer, Firexox, Safari, etc.) on a user’s terminal (computer, mobile phone, tablet) when a user visits a website; they are used to identify the browser or save information or settings to the browser. Therefore, with the help of cookies, the website is able to maintain the user's individual settings, recognise them and respond accordingly in order to improve the site’s user experience. The user may disable or restrict the use of cookies, but without cookies it will not be possible to fully use all features of the sites. Depending on the functions to be performed and the purpose for which they are used, mandatory cookies, functional cookies, analytical cookies and targeting (advertising) cookies may be used;

9.3. Mandatory cookies. These cookies are necessary for the user to freely visit and browse the website and to use it offered options, including to obtain information about services and acquire them. These cookies identify a user’s device, but they do not disclose the user’s identity and do not collect or collate information. Without such cookies the website will not be able to effectively operate, for example, provide information necessary for the user to ensure the requested services or application for a service. These cookies are stored on the user’s device until the web browser is closed.

9.4. Functional cookies. With functional cookies, the site remembers the settings and choices made by the user to make the site more user-friendly. These cookies are permanently stored on the user’s device;

9.5. Analytical cookies. Analytical cookies collect information about how the website is used by the user, establish the most frequently visited sections, including the content the user chooses when browsing the site. The information is used for analytical purposes to find out what the users of the site are interested in and to improve the functionality of the site and make it more user-friendly. Analytical cookies identify only the user’s device, but do not reveal the user’s identity. In certain cases a few of the analytical cookies are managed by third persons - data processors (operators), such as Google Adwords, on behalf of the site owner, in accordance with the instructions of the site owner and only in compliance with the specified purposes.

9.6. Target (advertising) cookies. Target (advertising) cookies are used to collect information about websites visited by a user and to provide LNKs or affiliate services that are of direct interest to a particular user or to address offers that are relevant to that user. Usually, these cookies are placed by third parties, such as Google Adwords, for the stated purposes with the permission of the site owner. The target cookies are permanently stored in the user’s terminal;

9.7. Cookies are used to improve the user experience of websites and homepages:

9.7.1. to ensure website functionality;

9.7.2. to customise the functionality of the website to the user’s usage habits - including language, search requests, previously viewed content;

9.7.3. to obtain statistical data on the flow of visitors to the site - the number of visitors, time spent on the website, etc.;

9.7.4. for user authentication;

9.8. Unless otherwise specified, cookies are stored for the duration of the activity for which they were collected, and then they are deleted.

9.9. Cookie information is not transferred outside the European Union and the EEA for processing.

9.10. By visiting a website, the user is presented with a window stating that the website is using cookies. By closing this message window, the user confirms that he/she has read and agrees with the information on the cookies, their use, and cases when they are transferred to a third party. Accordingly, the legal basis for the use of cookies is the user’s consent. However, it shall be noted that it is not possible to waive the use of mandatory and functional cookies, as the full use of the website and the homepage cannot be ensured without them.

10. Miscellaneous

10.1. The Institute has the right to make additions or changes to the Privacy Policy by making it available to the Persons on the website.


SIA “Rīgas Stradiņa universitātes Stomatoloģijas institūts”

Chairperson of the Board

Ilga Urtāne