Privacy policy

Personal Data Processing Policy

Controller of Personal Data Processing and Contact Person

The controller of personal data processing is Northway Clinic, SIA “VASU”, registration No. 40103449875, legal address: 14 Apuzes Street, Riga, LV-1046, phone: 28664723, e-mail: info@northwayklinika.lv (hereinafter – Northway Clinic), website: www.northwayklinika.lv.

Data Protection Specialist: Sofja Zeleznakova, e-mail: sofja.zeleznakova, phone: 26383040.

Processor of Personal Data

Northway Clinic processes the Patient’s personal data in the scope and in accordance with the procedures established and permitted by the laws and regulations of the Republic of Latvia and the European Union.

1. What is the Privacy Policy?

This Privacy Policy (hereinafter – the “Policy”) provides information on how and for what purposes Northway Clinic collects, processes, stores, shares, deletes, and protects the Patient’s personal data, including the legal basis, scope, and retention period of such processing, thereby ensuring that personal data is processed lawfully, fairly, and transparently.

The Policy applies to the personal data of Patients, any processing of personal data of natural persons, and services provided to Patients.

Providing personal data is a prerequisite for receiving healthcare services. If such data is not provided, the service cannot be delivered or may be provided only to a limited extent.

The Policy applies to personal data of Northway Clinic patients and visitors, as well as visitors to the clinic’s website.

The Policy applies regardless of the form or environment in which personal data is provided (in person, via the website, in printed form, or by telephone).

If Northway Clinic updates this Policy, all changes will be published on the website www.northwayklinika.lv in the section “About Us” – “Privacy Policy”.

Applicable Laws and Legal Basis

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR);
  • Personal Data Processing Law;
  • Medical Treatment Law;
  • Patients’ Rights Law;
  • Cabinet of Ministers Regulation No. 265;
  • other laws and regulations governing the activities of the clinic.

Categories of Personal Data

Personal data is any information that can be used to identify a specific individual.

The categories of personal data processed by Northway Clinic depend on the services provided. The clinic may process the following categories of personal data:

name, surname, personal identity number/date of birth, correspondence address, phone number, and e-mail address;
data provided by the Patient.

2. How does Northway Clinic obtain personal data?

Personal data is obtained directly from the Patient. Data is not collected from public sources.

3. For what purposes is personal data processed?

Northway Clinic processes personal data for the following purposes:

  • provision of healthcare services;
  • appointment scheduling;
  • creation and storage of medical records;
  • medical consultations, procedures, and examinations;
  • referrals to other specialists and laboratory tests;
  • prescription issuance;
  • issuance of sick leave certificates and other documents;
  • processing of payments;
  • communication with the Patient by phone, post, or e-mail regarding treatment, results, or appointments;
  • other activities required by applicable laws and regulations.

Personal data may also be processed for purposes not explicitly mentioned above if they are closely related and necessary for compliance with legal obligations.

4. Who may receive personal data?

Personal data may be disclosed to the following institutions:

  • Health Inspectorate;
  • State Agency of Medicines;
  • National Health Service;
  • Centre for Disease Prevention and Control;
  • other persons and institutions as provided by law.

Personal data will not be disclosed if the recipient’s identity and legal entitlement cannot be verified.

Personal data is not transferred to countries outside the European Union or the European Economic Area, nor to international organisations.

5. Storage and deletion of personal data

  • retention periods are determined in accordance with applicable laws;
  • if not specified by law, retention periods are determined by the clinic;
  • medical records are stored in accordance with Cabinet of Ministers Regulation No. 265;
  • accounting documents are stored in accordance with applicable accounting laws;
  • data is retained only as long as necessary for the purposes of processing;
  • paper documents are destroyed by shredding, and electronic data is permanently deleted.

6. Protection of personal data

Northway Clinic protects personal data using modern technologies and appropriate organisational, financial, and technical measures, taking into account existing privacy risks.

7. Patient rights

The Patient has the right to request access to their personal data, request rectification or erasure, restriction of processing, object to processing, and the right to data portability, insofar as these rights do not conflict with legal obligations of Northway Clinic.

The Patient has the right to lodge a complaint with a supervisory authority in case of unlawful processing of personal data.

8. Cookies

The Northway Clinic website uses cookies. Cookies are data about visits to the website (www.northwayklinika.lv) and are widely used to ensure the functioning of websites and to provide information to site owners. Refusing cookies does not prevent users from using the website.

Scroll to Top