The personal data processing supervisor is the NGO Latvian Resort Town Association (hereinafter referred to as – LRTA), Uniform Registration No.90000068977, registered office address: Dzirnavu Street 93-27, 4th floor, Riga, LV-1011;
 Contact information for matters related to personal data processing is as follows:
 The LRTA is responsible for patient privacy and personal data protection, lawfully respects the Client’s rights to personal data processing in accordance with applicable law – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to personal data processing and such data (hereinafter referred to – the Regulation), the Personal Data Processing Law, the Law on the Rights of Patients and other applicable laws and regulations in the realm of privacy and data processing.
 In its work, the LRTA:
 The LRTA processes personal data for the following purposes:
iii. Preparing the patient’s medical documentation in accordance with the requirement stipulated in laws and regulations;
vii. Assessing the state of health of the patient or other private individuals;
viii. Payment administration;
xii. Preparing and signing agreements with patients;
xiii. Homepage maintenance and operational improvement;
 The LRTA processes patients’ personal data on the following grounds:
 In its basic operations, the LRTA primarily obtain information from the Data Subject that is necessary for the clear identification of the relevant person for the provision medical treatment services and for communication purposes:
 As part of the provision of services, LRTA may obtain additional information from the Data Subject and other third parties, which primarily includes, but is not restricted to, referral information, information about previous medical treatment, an information obtained during a specific case of medical treatment.
 The specific volume of information depends on the specifics of the relevant service to be rendered and laws and regulations currently applicable, which regulate the terms and conditions of the provision of the service.
 The LRTA is aware that, in providing its services, it is processing health data which are considered as a special category of personal data in the context of the Regulation.
 The LRTA processes the Patient’s data, using modern technological capabilities, in accordance with the privacy risks existing and the organisational, financial and technical resources available to the LRTA.
 The LRTA continually improves and augments the technical solutions at its disposal, taking current industry trends and available capabilities into account, based on identified risks.
 The personal data at the disposal of the LRTA and that obtained during the provision of services are used to:
 The LRTA, in cooperation with third parties, in relation to obtaining and transferring the necessary data, shall conduct its activities strictly in accordance with the laws and regulations, which govern the implementation of the LRTA’s capabilities in relation to the implementing measures for the exchange of personal data.
 In its daily operations, in relation to its employees the LRTA implements measures to minimise the amount of personal data processing by only providing employees with access to the patient data they require to perform their job duties.
 The LRTA ensures that personal data at its disposal is issued only to the data subject himself. Disclosure of data to third parties, including persons related to data subjects is only done in instances where the written permission of the data subject has been received or in the case in which such disclosure of data is permitted as stipulated in laws and regulations.
 The LRTA will not transfer data in instances in which it cannot verify the identity of the data subject or in which there are suspicions that the identity presented by the data subject is not the same as his true identity.
 In instances when data transfer is implemented by e-mail, the LRTA will ensure that this process is only conducted after the receipt of written permission from the data subject.
 In transferring data by e-mail or using other online data exchange solutions, including information system self-service platforms, the, LRTA will take measures to protect the relevant data by implementing data access protection or encryption methods.
 The LRTA transfers personal data to third parties ensuring that the relevant third parties preserve the confidentiality of the personal data and provide suitable security.
 The LRTA is entitled to transfer personal data to clinic service providers that help the LRTA to ensure the fulfilment of its functions. In this case, the principle of minimising the data to be transferred will be observed.
 In the cases mentioned in Clause , service providers that receive and process personal data are considered to be data processors in the sense of the Regulation, and a written agreement is concluded with them, in which it is stipulated that the LRTA requires an undertaking from recipients of data to only use information received for the purposes for which the data was transferred, and in accordance with the requirements of the applicable laws and regulations in the realm of data processing and data protection.
 The LRTA only transfers data to third countries (countries outside the European Union and European Economic Area in which cases, where it has receive the written permission of the data subject.
 The LRTA stores and processes the Client’s personal data, while at least one of the following criteria is applicable:
 Once terms and conditions come into force that stipulate that further storage of the Client’s data is no longer necessary, the Client’s personal data will be deleted.
 The LRTA guarantees the patient’s rights to receive the information stipulated in laws and regulations in relation to processing of his data.
 In accordance with laws and regulations, the Client is also entitled to ask the LRTA for access to his personal data, as well as to ask the LRTA to augment, correct or delete it, or to restrict processing in relation to the Client, or for the right to object to processing, as well as rights to data transferability. These rights are exercisable, in so far as data processing does not arise from the LRTA’s duties, imposed upon it in accordance with laws and regulations currently applicable.
 The Client may submit a request to exercise its rights:
 Upon receiving the Client’s request to exercise its rights, the LRTA will verify the Client’s identity, assess the request and execute it in accordance with laws and regulations.
 The LRTA will reply to the Client at the earliest opportunity, using the means of sending the reply specified by the Client.
 If the reply is sent by post, it will be addressed to the data subject (the person whose personal data is requested) by registered letter. If the answer is provided electronically, it will be signed with a secure electronic signature (if the application has been submitted with a secure electronic signature).
 The LRTA guarantees compliance with data processing and protection requirements in accordance with laws and regulations and, in the event of objections from the Client, will take practical to resolve the objection. However, if this does not resolve the matter, the Client is entitled to contact the supervisory body – Data State Inspectorate.
 The Client is entitled to receive one free copy of his personal data being processed.
 Receipt and/or use of the information referred to in Clause  of this document may be restricted with the goal of preventing a negative impact on the rights and liberties of other people (including LRTA employees).
 The LRTA undertakes to ensure the accuracy of personal data and relies on its Customers, suppliers and other third parties that transfer personal data to ensure the completeness and accuracy of the transferred personal data.
 The Client gives his consent to personal data processing, whose legal grounds are this consent, in person in writing by sending it in paper format using postal services, or by e-mail signed with a secure electronic signature.
 The Client is entitled to revoke consent for data processing at any time in the same way as it was given, and in this case subsequent data processing based on the consent previous given for the specific purpose will not carried out henceforth.
 Revocation of consent does not affect data processing, which was performed during the period, when the Client’s consent was valid.
 In revoking consent, data processing carried out on other legal grounds (e.g. in accordance with external laws and regulations or the agreement signed between the LRTA and the Client) cannot be stopped.
 LRTA homepages may contain links to third parties’ internet homepages, which have their own usage and personal data protection terms and conditions for which the LRTA is not liable.