Privacy Policy

Here you will find all the information about how SIA “MEDIKOM LATVIA” processes, uses, and stores personal data obtained through the remote neurosurgeon consultation platform on the website BrainAndSpine.health (ex. neirokirurgi.lv).

All personal data is processed by a company registered in Latvia:
SIA “MEDIKOM LATVIA”
Reģ. Nr.: 40103455640
(hereinafter referred to as – Data Controller)

SIA “MEDIKOM LATVIA” assumes responsibility for all submitted personal data (hereinafter referred to as – Data Subject) in accordance with the data protection law.

Personal data is any information relating to an identified or identifiable natural person, i.e., the Data Subject. Processing is any activity related to personal data, such as collection, recording, modification, use, viewing, deletion, or destruction.

The Data Controller complies with the data processing principles set out in legislation and can confirm that personal data is processed in accordance with applicable laws.

1. Basis for the Processing of Personal Data

The legal basis for the processing of personal data is Article 6(1)(a), (b), (c), and (f) of the General Data Protection Regulation (GDPR):

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract;
  • the processing is necessary for compliance with a legal obligation to which the controller is subject;
  • the processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, especially where the data subject is a child.

2. What data is processed

When submitting a service application and placing an order, we may process the following personal data:

  • Name, surname;
  • Personal identification number (only of the patient, if necessary);
  • Email address;
  • Phone number;
  • Health data, including information provided in the questionnaire;
  • Order and payment information.

In addition to the above SIA “MEDIKOM LATVIA” has the right to verify the accuracy of the submitted data using publicly available registers.

3. Processing and Security of Sensitive Data

To protect particularly sensitive personal data (e.g. personal identification number and health information):

  • This data is encrypted in the database — it is not stored as readable text;
  • Data is stored only as long as necessary for the provision of the consultation (no longer than 7 days after the consultation has been provided);
  • After this period, the patient's sensitive data (e.g. personal identification number and questionnaire responses) is permanently deleted from the system; dzēsti no sistēmas;
  • The information stored in the order (WooCommerce) may include the name, email address, and order details, but no longer includes sensitive health data. vairs neiekļauj sensitīvos pacienta veselības datus.

4. Purposes of Data Use

The processed data is used:

  • To provide remote neurosurgeon consultation;
  • For the preparation of a prescription or referral (in e-health);
  • For identity verification (SMART-ID, eParaksts or eParaksts mobile);
  • For payment processing and customer service;
  • For the fulfillment of legal obligations.

5. Transfer of Data to Third Parties

Lai pildītu savas saistības pret datu subjektu, SIA “MEDIKOM LATVIA” To fulfill its obligations to the data subject, Ltd. “MEDIKOM LATVIA” has the right to transfer your personal data to cooperation partners and data processors who carry out the necessary data processing on our behalf.

Personal data may be transferred:

  • To the doctor who provides the consultation;
  • To the eHealth system (if a prescription or referral is issued);
  • To the payment processing provider EveryPay (Swedbank);
  • For authentication via Smart ID and eparaksts.lv;
  • To accounting service providers;
  • To public authorities, if required by law.

Upon request, we may transfer your personal data to state and law enforcement authorities in order to defend our legal interests when necessary, including drafting, submitting, and defending legal claims.

We never transfer data to third parties for marketing or advertising purposes.

6. Duration of Data Storage

Sensitive data of the data subject (patient's name, surname, personal identification number, consultation questionnaire responses) is stored for no longer than 7 days after the consultation, for security purposes. After this period, the patient's data is permanently deleted. tiek glabāti ne ilgāk kā 7 dienas pēc konsultācijas īstenošanas. Pēc šī termiņa šie pacienta dati tiek neatgriezeniski dzēsti.

Other data of the data subject related to the order and payment (customer's name, email address, payment information) are stored and processed by SIA “MEDIKOM LATVIA” as long as at least one of the following criteria applies:

  • Personal data are necessary for the purpose for which they were collected;
  • As long as, in accordance with external regulatory enactments, the Data Controller and/or the Data Subject may exercise their legitimate interests, for example, by submitting objections or initiating/pursuing legal claims.
  • As long as there is a legal obligation to store data, for example, under the Accounting Act;
  • As long as the Data Subject's consent to the relevant personal data processing is valid, if no other lawful basis for processing exists.

Once the conditions mentioned in this section expire, the data retention period for the Data Subject's personal data also ends, and all relevant personal data are permanently deleted from computer systems and electronic and/or paper documents containing such data, or these documents are anonymized.

7. Data Protection

Mēs īstenojam šādus drošības pasākumus:

  • We implement the following security measures: datu bāzē (veselības dati, personas kods, utt.);
  • SSL protocol for data transfer over the Internet; datu pārsūtīšanai internetā;
  • Access control and auditing of doctors' access to data;
  • Regular security audits and testing.

8. Your rights

You have the right to:

  • Access your personal data;
  • Request corrections or additions;
  • Request data erasure (“right to be forgotten”);
  • Restrict data processing;
  • Transfer data to another service provider;
  • Contact the Data State Inspectorate. Contact the Data State Inspectorate..

You can submit a request to exercise your rights by writing to us at: info@brainandspine.health
info@brainandspine.health

9. Policy Changes

“MEDIKOM LATVIA” reserves the right to change this Privacy Policy at any time. Changes take effect from the moment they are published on the portal patients.brainandspine.health. patients.brainandspine.health.