Confidentiality

NORTHWAY PRIVACY POLICY

Depending on the healthcare services that are provided to the Patient one of these Norhway group companies (or both) acts as a data controller in relation to personal data: UAB “NORTHWAY MEDICINOS CENTRAI”, a company registered in the Republic of Lithuania, code of legal entity 111807761, registered address S. Žukausko g. 19, Vilnius, Lithuania and / or UAB “Northway chirurgijos centras”, company registered in the Republic of Lithuania, code of legal entity 300064600, registered address S. Žukausko g. 19, Vilnius, Lithuania (hereinafter also jointly and severally referred to as “Northway” or “us”, “our” and each of them separately as a “Northway clinic”).

This Personal Data Privacy Policy (“Policy”) sets out how Northway processes patients of Northway clinics (“Patient”) or potential Patients’ personal data, or visitors’ data when they use the website https://treatmentoverseas.co.uk/ (“Website”) and Treatment overseas services of each Northway clinic, including:

o what Patient’s data is processed by Northway;
o for what purposes and on what grounds Northway processes the Patient’s data;
o to whom the Patient’s data may be transferred and where from Northway may receive the Patient’s data;
o Patient’s data storage periods;
o Patient’s rights relating to the processing of his/her personal data by Northway;
o and other aspects related to the processing of the Patient’s personal data.

The terms used in this Policy are in accordance within the terms used in the agreement that the Patient concluded with specific Northway clinic for the provision of healthcare services, as well as the definitions used in legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – “GDPR”) and Republic of Lithuania Law on Legal Protection of Personal Data (“Data Protection Law”).

Northway is the controller of the Patient’s personal data

Data Protection Officer (“DPO”) appointed by Northway is Ms Kristina Mateikienė.

Any questions about this Policy of the Website and/or any questions related to Patient’s personal data processing should be addressed to the DPO of Northway. Contact information of the DPO is as follows: phone (8-5) 264 4466, email duomenuapsauga@northway.lt.

What Patient’s personal data will be processed by Northway?

Personal Data of a potential Patient

Northway clinic will process the potential Patient’s personal data that the potential Patient will provide to Northway clinic, this may include:

o name, surname;
o contact information including telephone number, address and email address.

Personal Data of the Patient

Northway clinic will process the Patient’s personal data that the Patient will provide to Northway clinic, this may include:

o name, surname;
o personal identification number;
o contact information including telephone number, address and email address;
o payment information;
o National Insurance number;
o date of birth;
o gender;
o health information (diseases, physical condition, etc.);
o next of kin information;
o information about hotel or other accommodation when the Patient comes from abroad in order to receive healthcare services and his / her travel schedule.

If you visit our premises or contact us by telephone, Northway clinic will automatically collect additional personal data including:
o your voice and information you choose to provide in the course of a telephone conversation with Northway clinic, which could include details of any medical condition, symptoms and other sensitive information (please note that official consultations with healthcare specialists are not being recorded);

o your image (and that of persons accompanying you) as recorded on our CCTV system.

Personal Data collected from third parties

In order to provide relevant healthcare services Northway clinic may also process the Patient’s personal data which may be obtained from other third party sources. For example Northway clinic may collect information from other healthcare institutions, test laboratories, insurance or medical tourism companies, maternity hospitals, state enterprises and institutions (e.g. National health insurance funds, Centre of registers), Northway group companies (including those companies established outside the territory of Lithuania) when the Patient has contracted with or from other companies of Northway group, provided that the Patient has entered into a service or other agreement with such third party. The personal data received from third parties may include, e.g.:

o name, surname;
o personal identification number;
o contact information including telephone number, address, email address;
o payment information;
o National Insurance number;
o date of birth;
o gender;
o health information (diseases, physical condition, etc.);
o next of kin information.

In order to execute the agreement with the Patient, as well as to provide services adequately, when the Patient is directed, in accordance with the conditions provided for in the agreement for the provision of personal health care services, to partners of Northway – other health care institutions, Northway clinic may obtain the Patient’s personal data that is necessary for the provision of or settlement for the provided services from the said institutions.

For what purposes will Northway clinic process the Patient’s personal data?

Northway clinic will process the Patient’s personal data in order to:

o conclude and execute an agreement with the Patient;
o provide healthcare services, including data transfer to laboratories, where it is necessary to carry out tests for the provision of services;
o implement the statutory duties of Northway clinic, including the provision of emergency medical assistance, contacting the Patients’ healthcare providers;
o respond to the Patients’ queries or complaints;
o carry out the duties and rights of Northway clinic in relation to the use of our regulators, like the State Health Care Accreditation Agency under the Ministry of Health, also in relation to the use of the state e-health information system;
o carry out the duties and rights of Northway clinic NMC in relation to the use of the police and other third parties where reasonably necessary for the prevention or detection of crime;
o ensure the legitimate interests of Northway clinic (performed video surveillance and telephone call recording);
o administer the Patients’ feedback on provided services, respond to Patients’ inquiries that they submit by phone or e-mail, also online;
o register the Patient with Northway clinic;
o contact the Patient when it is necessary for the provision of services/performance of the agreement (for example, to inform the Patient about the test results, the payment for services, etc.) and to send appointment reminders;
o contact the Patient for the provision of services covered by compulsory health insurance;
o carry out direct marketing when the Patient has given his/her explicit consent.

On what grounds will Northway process the Patient’s personal data?

Northway may process the Patient’s personal data on the following lawful grounds:

o when the Patient has explicitly consented to the processing of his/her personal data;
o processing of data is necessary in order to protect the vital interests of the data subject (i.e. Patient);
o processing is necessary for the establishment, exercise or defence of legal claims;
o processing is necessary in order to provide health care services or to manage health care systems in accordance with applicable legislation, including for compliance monitoring and training purposes;
o when it is necessary for purposes of Northway legitimate interests in ensuring the safety of Northway clinic premises and occupants (e.g. video surveillance) or to ensure the quality of services of Northway clinic (telephone call recording). Northway clinic does not process Patient’s special category personal data with regard to ensuring the safety of Northway clinic’s clinic premises and occupants.
o when the processing of personal data is required by the legal acts.

All the grounds for processing personal data are laid down in Article 6 of the GDPR and Article 9 (for special category personal data, such as health) and also in Data Protection Law.

If the Patient requires further information about the lawful basis for the Northway clinic’s processing activities it should contact the DPO. DPO contact details are set out above in this Policy.

How will Northway process the Patient’s personal data through direct marketing?

Northway will process Patient’s personal data for direct marketing on the consent of the Patient or based on the exceptions provided by the law (e.g. about similar services that were already provided to the Patient, if all legal conditions are met).

With the explicit consent of the Patient to use his/her data for direct marketing purposes, Northway acquires an opportunity to get to know the Patient, tailor offers to the Patient’s needs, and provide other benefits specially geared towards the Patient, such as personalized offers in newsletters, information on the latest services provided by Northway and other relevant notifications, as well as to offer services and/or ask an opinion on services.

During marketing activities, Northway processes the following personal data of the Patient: name, surname, age, gender, telephone number and e-mail address.

Northway also uses data profiling and distributes the Patient’s personal data, such as age and gender, and provides the Patient with relevant, interesting and useful offers and other information based on such data of the Patient. Northway performs profiling to provide the Patient only with relevant updates and notifications. The Patient will also receive general offers and information.

Northway may send notifications to the Patient to his/her e-mail and / or by telephone.

If the Patient no longer wants his/her data to be used for provision of personal offers, the Patient may withdraw his/her consent to Northway for direct marketing purposes at any time by opting out from marketing (or decline to give consent in the first place). Also, the Patient may object to profiling to the extent that it is related to such direct marketing. In this case, Northway will no longer be able to provide personalised offers and information useful to the Patient.

To whom may the Patient’s personal data be provided?

Northway may provide the Patient’s personal data:

o taking into account legal requirements: others healthcare institutions, as well as state and local government institutions, budgetary entities, healthcare regulators and supervisory authorities;
o in order to perform the agreement with the Patient, as well as to provide services properly: test laboratories, insurance companies with which the Patient has signed agreements;
o Northway may also engage certain processors to whom the Patient’s personal data may be transferred. Such processors may include: entities providing data centre services, other Northway group companies, entities providing call centre services, entities providing and maintaining software, entities providing email or other information technology infrastructure services, entities providing marketing services or other service providers whose services are related to the storage of the Patient’s personal data;
o in order to perform the agreement with the Patient as well as to provide services properly when the Patient is referred to partners of Northway – other healthcare institutions, in accordance with the conditions provided for in the agreement for the provision of personal health care services. Northway transfers the Patient’s personal data that is necessary for the provision of services and which Northway receives from the Patient during registration to these institutions.
o to BALTIC MEDICAL CENTRE LIMITED, a company registered in the United Kingdom, code of legal entity 07177056, registered address 121 Meridian Place Canary Wharf London E14 9FE, operating at Northway Clinic 13 Minnie Baldock Street Canning Town E16 1YE (NORTHWAY CLINIC London). The personal data received from Northway through the Website https://treatmentoverseas.co.uk/ with regard to health care provision will be transferred to NORTHWAY CLINIC (London), in order to provide the Patient with the health care services ordered. Such personal data includes Patient’s name, surname, personal identification number, contact information including telephone number, address, email address, payment information, National Insurance number, date of birth, gender, health information and next of kin information.

Where the personal data processing by the third parties is based on Northway instructions, Northway ensures that such processing of personal data by such third parties will be based on legitimate legal ground and will be performed in compliance with the GDPR requirements.

Will the Patient’s personal data be transferred to another country?

In providing the services, Northway, where necessary, may transfer Patient personal data to countries outside of the territory of Lithuania, including Patient’s country of residence, if different. Where Northway transfers Patient personal data outside the European Union or EEA (i.e. countries that are members of the EU together with Norway, Iceland and Lichtenstein) Northway shall ensure that all data is treated with the same security measures regardless of location, and in accordance with the requirements of GDPR, Data Protection Law, our standards, policies, regulatory and legal obligations. In such cases, when data will be transferred outside the European Union or EEA Northway will sign Standard Contractual Clauses approved by European Commission.

Northway undertakes to accept all necessary documentation and measures required for such personal data transfer to non-EU country.

Please ask the Data Privacy Officer if you would like more information about our arrangements for data transfers.

How long will Northway store the Patient’s personal data?

Northway will keep Patient personal data for as long as is necessary for the purposes set out in this Policy and to fulfil its legal obligations.

Your personal data will be stored for the periods specified below:

o the personal data processed for the purpose to conclude and execute an agreement with the Patient will be stored for 3 (three) years from the date of the end of the agreement with the Patient, unless longer storage period is required by the relevant laws;
o the personal data processed for the purpose to provide healthcare services, including data transfer to laboratories, where it is necessary to carry out tests for the provision of services will be stored for 3 (three) years from the date of the end of the agreement with the Patient, unless longer storage period is required by the relevant laws;
o the personal data processed for the purpose to implement the statutory duties of Northway clinic, including the provision of emergency medical assistance, contacting the Patients’ healthcare providers will be stored for 3 (three) years from the date of the end of the agreement with the Patient, unless longer storage period is required by the relevant laws;
o the personal data processed for the purpose to respond to the Patients’ queries or complaints will be stored for 3 (three) years from the date of the end of the agreement with the Patient, unless longer storage period is required by the relevant laws;
o the personal data processed for the purpose to carry out the duties and rights of Northway in relation to the use of our regulators and supervisory authorities, such as the State Health Care Accreditation Agency under the Ministry of Health, also in relation to the use of the state e. health information system will be stored for 3 (three) years from the date of the end of the agreement with the Patient, unless longer storage period is required by the relevant laws;
o the personal data processed for the purpose to carry out the duties and rights of Northway clinic in relation to the use of the police and other third parties where reasonably necessary for the prevention or detection of crime will be stored until the end of specific police or other institution investigation;
o the personal data processed for the purpose to ensure the legitimate interests of Northway clinic (performed video surveillance and telephone call recording), in case of performed video surveillance will be stored for 60 days from the receipt of personal data, in case of telephone call recoding will be stored for 60 days from the receipt of personal data;
o the personal data processed for the purpose to administer the Patients’ feedback on provided services, respond to Patients’ inquiries that they submit by phone or e-mail, also online will be stored for 6 months from the receipt of your inquiry or complaint, unless longer storage period is required by the relevant laws;
o the personal data processed for the purpose to register the Patient with Northway clinic will be stored for 3 (three) years from the date of the receipt of your information, unless longer storage period is required by the relevant laws;
o the personal data processed for the purpose to contact the Patient when it is necessary for the provision of services/performance of the agreement (for example, to inform the Patient about the test results, the payment for services, etc.) and to send appointment reminders will be stored for 3 (three) years from the date of the end of the agreement with the Patient, unless longer storage period is required by the relevant laws.
o the personal data processed for the purpose to contact the Patient for the provision of services covered by compulsory health insurance will be stored for 3 (three) years from the date of the end of the agreement with the Patient, unless longer storage period is required by the relevant laws.
o the personal data processed for the purpose to carry out direct marketing when the Patient has given his/her explicit consent will be stored until you unsubscribe or otherwise opt-out from receiving direct marketing messages. If you unsubscribe or otherwise opt-out, the data will be deleted immediately.

At the end of the above deadlines, your personal data will be deleted. The Patient’s data may be stored longer in specific cases provided for by the legal acts and when a dispute or complaint is under preparation or examination.
Please ask the DPO if you would like more information about personal data storages periods.

What rights does the Patient have?

Taking into account the restrictions established by law and under the conditions established therein, the Patient may have the right to:

o to be informed about his or her processed personal data, to request from Northway clinic access to the Patient’s personal data;
o require from Northway clinic rectification of incorrect, inaccurate or incomplete data;
o require the erasure of personal data or restriction of its processing, where there are legal grounds for doing so;
o object to the processing of his or her personal data;
o apply to the administration of Northway clinic for transferring the Patient’s personal data provided by the Patient himself to Northway clinic and processed in an electronic format to the Patient and/or other data controller;
o when the Patient’s personal data is processed with the consent of the Patient, the Patient always has the right to withdraw the given consent by filing a request to Northway clinic by contacts indicated in this Policy;
o when the Patient’s data is processed in violation of legal requirements, the Patient has the right to lodge a complaint with State Data Protection Inspectorate which contact details are as follows: L. Sapiegos g. 17, Vilnius, tel. (8 5) 271 2804, 279 1445, faks. (8 5) 261 9494, e-mail: ada@ada.lt.

Northway guarantees your right to access your personal data processed by Northway clinic and other rights belonging to you. If you would like to exercise your rights, you can contact the DPO.

Northway must exercise your rights and inform you about it or refuse to grant the request in writing, stating the reasons for the refusal, no later than within 30 days, except in cases provided by law, when such term may be extended.

For security purposes, Northway has the right to ask you to confirm your identity.

Northway will process your request free of charge, but it has the right to charge a reasonable fee if your requests are manifestly unfounded, repetitive or redundant.

Are measures of data protection applied?

Northway implements appropriate and GDPR compliant technical and organizational measures to protect information about you against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing.

Cookies

A cookie is a small piece of text sent to your browser by a Website while you are visiting it. It helps the Website to remember information about your visit.

The processing of personal data with the help of cookies is based on your explicit consent which you can revoke at any time. Northway informs you that in case you refuse to accept cookies, you may lose the ability to use the many features necessary to make the Website work properly.

Northway uses the following cookies:

 

Cookie name Purpose Expire / Term
   cookie_notice_accepted Records that cookie notice has been accepted

 

 1 month

 

You can delete all cookies stored on your computer, and in most browsers you can set cookies not to be saved. Please be aware that if cookies are disabled, you may lose the ability to use the many features necessary to make the website work as well. If you need more information about cookies, visit www.aboutcookies.org. On this website you may find detailed, independent information on how to disable cookies through your browser preferences and how to remove cookies that are already on your computer. In order to remove cookies from your mobile phone, you should find this information in the user guide for your phone.

Changes to Policy

Northway may, at its sole discretion, change, modify Policy, in part or in its entirety, at any time. Any changes to the Policy are effective from the date of their publication. You undertake to review this Policy periodically to become aware of any changes.

Contact

Questions, comments and requests regarding this Policy and data subjects’ personal data processed are welcomed and should be addressed to the DPO at the address above.

Data Protection Officer
Ms. Kristina Mateikienė
Phone (8-5) 264 4466
Email duomenuapsauga@northway.lt.

© Copyright 2021 Medical Tourism. All Rights Reserved.

Solution: Pixel House