Privacy Policy

1. Purpose of Privacy Policy

The Privacy Policy of SIA DentBaltic (hereinafter – the Controller) is a document that presents information on physical identifiable persons (hereinafter – Data subjects) whose personal data are processed by the Controller.

The purpose of the policy is to inform clients, patients, staff, and business partners about the measures taken by the Controller in relation to individuals who can be directly or indirectly identified.

The policy describes measures to ensure that the interests and freedoms of the data subjects are protected, while ensuring that their data are processed in a fair, lawful, and transparent manner.

The policy applies to the processing of personal data of individuals, regardless of the form and/or medium in which the data subject provides personal data (in person, by phone, orally, in paper form, electronically, etc.) and in which Controller’s systems they are processed.

The Controller reserves the right to make changes to the Policy at any time.

2. Applicable laws on data processing
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter – the Regulation)
  • Law on the Processing of Personal Data
  • Law on Patients’ Rights
  • Medical Treatment Law
  • Other applicable laws in Latvia in the field of processing and protection of personal data
3. Purpose of data processing

The Controller obtains personal data from the data subject to be able to carry out its rights and perform the following tasks:

  • provide healthcare, ensuring the provision of quality dental services (personal data are obtained, processed, and stored for the purpose of providing quality and efficient services, based on Article 6(1)(a), (b), and (c) and Article 9(2)(h) of the Regulation)
  • keep and record incoming and outgoing correspondence to ensure compliance with the Controller’s legitimate interests and/or contractual obligations (based on Article 6(1)(b) and (f) of the Regulation)
  • maintain the website to ensure the Controller’s legitimate interests (based on Article 6(1)(f) of the Regulation). The Controller uses cookies and visit history analysis on the website to conduct market research and obtain the opinions of data subjects.
  • The Controller will not use the personal data received for commercial messages unless the data subject has given explicit consent to do so.
  • The Controller, as an employer, ensures compliance with the legal requirements of institutions and authorities.
4. Legal basis for data processing

Based on Article 6(1)(b) and (c) and Article 9(2)(h) of the Regulation, data processing is carried out in order to ensure high-quality dental services.

To preserve and record incoming and outgoing correspondence, data is processed based on Article 6(1)(b), (c), and (f) of the Regulation. The aim is to ensure compliance with the obligations set out in regulatory acts, as well as to ensure the legitimate interests of the Controller (for example, to investigate claims and complaints about the quality of services or customer service, to provide evidence if necessary).

Based on Article 6(1)(f) of the Regulation, the Controller conducts an analysis of the website, customer feedback, and social media visit history in order to conduct market research. The processing of employee data by the Controller is carried out based on Article 6(1)(b) and (c) of the Regulation.

5. Duration of data processing

When determining the storage periods of personal data, the Controller takes into account the following factors:

  • whether the storage period of personal data is determined by or derived from the regulatory acts of the Republic of Latvia and the European Union
  • the period for which it is necessary to store the relevant personal data in order to ensure the legitimate interests of the Controller or third parties and their protection
  • as long as the data subject’s consent to the processing of personal data has not been withdrawn and there is no other legal basis for data processing, for example, to fulfill obligations binding on the Controller
  • it is necessary for the Controller to protect the vital interests of the data subject or other physical persons, including life and health

After the end of the storage period, personal data is irretrievably deleted unless there is a legal obligation to keep it in accordance with regulatory acts.

6. Data categories

When applying and arriving for a visit, authorized employees of the Controller may request the following information:


Patient’s first name


Patient’s last name

Date of birth


Personal code

With the patient’s consent (however, without submitting their personal code, the information about the services will be incomplete)

Residential address

With the patient’s consent – street, apartment, city

E-mail address

With the patient’s consent

Phone number

Patient’s mobile phone number, indicating that the patient agrees to receive reminder messages about appointments and related information

Number of identification document

In cases where the patient is a non-resident and does not have a Latvian personal code

Health status

Information about the overall health status, allergies, pregnancy, infectious diseases.

7. Recipients of personal data - only when necessary
  • Authorized employees of the Controller (to ensure the performance of their work duties and the provision of health care and support processes and services)
  • National Health Service (to provide state-funded services)
  • Health Inspection (upon request)
  • Law enforcement agencies (upon request)
  • Data subject (upon clear and unambiguous request)
8. Informing the data subject about data processing

The data subject is informed about the processing of personal data and related information by visiting the website, as well as in person by visiting the clinic and familiarizing themselves with the information posted.

9. Cookies

Cookies are small text files that a website stores on your computer or mobile device when you visit the website. On each subsequent visit, cookies are sent back to the originating website or a third-party website that recognizes the corresponding cookie. Cookies, among other things, allow the website to remember user-selected settings for the next visit so that they do not have to be specified again each time. Cookies are not used to personally identify you.

Cookies are used to improve the quality, usability, and customization of website content to user needs. The majority of large websites also use cookies. By using the website, you agree to the use of cookies.

10. Video surveillance

Video surveillance is carried out in the territory of the Controller for the following purposes: prevention or detection of criminal offenses related to the protection of property and vital interests of persons, including protection of life and health.

The Controller informs the area before the video surveillance is carried out. Only authorized persons with specific purposes of data processing or to ensure that the system is working or for system maintenance purposes can access these video surveillance records.

The legal basis for conducting video surveillance is to comply with the legitimate interests of the Controller (prevention or detection of criminal offenses related to the protection of property and vital interests of persons, including protection of life and health).

The recipients or categories of recipients of personal data are the authorized employees of the Controller, the security service provider for the Controller, and the organization that provides maintenance of the video surveillance equipment.

Video surveillance records are kept for no longer than 3 weeks.

11. Data subject's rights

The data subject has the right to:

  • request access to their personal data by writing a request to
  • request information on the purposes of their data processing by writing a request to
  • request information on the recipients of their personal data (if the legal acts allow the Controller to provide such information) by writing a request to
  • request information on the storage periods of their personal data by writing a request to
  • request correction of their data if the data is outdated or inaccurate by writing a request to
  • object to the processing of their data by writing a request to
  • request deletion of their data (if the legal acts allow the Controller to do so) by writing a request to
  • submit a complaint about data processing by addressing the appointed Data Protection Specialist of the Controller in writing at
  • submit a complaint to the Data State Inspectorate if they believe that the Controller has processed their data illegally: Data State Inspectorate Blaumana Street 11/13-11, Riga, LV-1011 Phone: 67 22 31 31 Fax: 67 22 35 56 Email:
12. Data protection

The Controller ensures, continuously reviews and improves the measures for the protection of personal data of individuals in order to protect their personal data from unauthorized access, accidental loss, disclosure or destruction. To ensure this, the Controller uses appropriate technical and organizational requirements, including restricted access to the register and archive.

Personal data is not transferred to third countries (countries outside the European Union or the European Economic Area).

In the event of a personal data breach, if it poses a high risk to the rights and freedoms of the data subject, the Controller will notify the relevant Data subject if possible, or the information will be published on the Controller’s website or social networks. The Controller is obliged to report on the security breach of data processing to the authorities within 72 hours from the moment the breach becomes known, as provided by the regulatory enactments.

13 Contact information

The Controller for the processing of personal data is SIA DentBaltic, registration number 40203001509, address – Terbatas Street 78, Riga, LV-1001, phones – +37127778858, +37163030347, email:, website:

Data protection specialist – Iveta Upeniece-Mežecka, email: