top of page

PRIVACY POLICY

 

1.1. The Privacy Policy (hereinafter - the Policy) is a document that provides information to natural identifiable persons (hereinafter - the Data Subject) as the Controller - RehaThink Ltd. processes the Data Subject's personal data if they visit the website maintained by the Controller www.rehathink.com, where the registration form is filled in, communicates with the Manager using contact telephone numbers or other online forms (e-mail) for paper-based communication (applications, complaints) or has attended educational events (courses) organized by the Manager.

 

1.2. The policy describes measures to ensure that the interests and freedoms of the data subject are protected, while ensuring that their data is processed fairly, lawfully and in a way that is transparent to the data subject.

 

1.3. The policy applies to the processing of data of naturally identifiable persons, regardless of the form and / or environment in which the natural person provides personal data (by registering for courses, communicating by telephone, telephone, orally, etc.).

 

1.4. In the event that the Policy is amended, all changes, as well as historical versions of the Policy, may be obtained by contacting the Manager.

 

1.5. The policy will be published on the Manager's website - www.rehathink.com.

 

1.6. When processing personal data for purposes other than those specified in this Policy, the Controller shall inform the data subject separately of the individual measures of their processing, subject to the provisions of Article 13 of the Regulation. In this Policy, the controller has separated the processing of data in order to fulfill, in particular, the conditions of Article 14 of the Regulation, ie personal data are not intentionally obtained from the data subject

 

 

 

2. MANAGER

 

2.1. The controller of personal data processing is SIA “Rehathink” (unified Reg.No. 43603086222, address: Jelgava, Upeņu iela 6, LV-3008, phone: +421 948 264 480, e-mail address: rehathink@gmail.com, website : Www.rehathink.com (the "Manager").

 

 

 

3. APPLICABLE LAW

 

3.1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) ( hereinafter referred to as the Regulation).

 

3.2. Personal Data Processing Law.

 

3.3. Other regulatory enactments in force in the Republic of Latvia in the field of personal data processing and protection, including regulatory enactments regulating the rights of the Data Subject, information society services, etc.

 

 

 

4. PURPOSES OF THE PROCESSING OF PERSONAL DATA

 

To identify the data subject;

 

Preparation and conclusion of the contract;

 

To provide a learning process;

 

For the development of new fields of study;

 

Advertising and distribution of services or for commercial purposes;

 

For direct marketing purposes (corporate advertising messages are delivered directly to potential customers, without the mediation of other mass media);

 

Customer service;

 

For the examination and processing of objections;

 

Billing administration;

 

Debt recovery and recovery;

 

Maintenance and improvement of websites;

 

Statistics and performance analysis;

 

Planning and accounting;

 

For measuring efficiency;

 

For conducting market and public opinion research;

 

Preparation of reports;

 

As part of risk management activities.

 

 

 

5. WHAT PERSONAL DATA DOES THE PROCESSOR PROCESS?

 

5.1. The categories of personal data processed by the Manager depend on the services of the Manager used by individuals.

 

5.1.1. When the Data Subject receives the services of the Controller, in accordance with the requirements of regulatory enactments, the Controller is obliged to process the data subject's identification information and information confirming the Data Subject's compliance with the courses (physiotherapy student or physiotherapist with a bachelor's or master's degree). In this case, in order to fulfill the purpose of RehaThink services, the controller may process the following amounts of personal data, which include: name, surname, personal identification number, contact information, residential address, education.

 

5.1.2. When communicating in writing with the Manager, the content and time of the communication may be saved, as well as information about the communication tool used (address, e-mail address, telephone, No., skype username, etc., address information specified in the e-registration system);

 

 

 

6. WHAT IS THE LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA?

 

6.1. The processing of data for the purpose of providing RehaThink's services is carried out on the basis of Article 6 (1) (b) (c) of the Regulation and Article 9 (2) (h) of the Regulation. In some cases, this is done to safeguard the legitimate interests of the Manager and third parties (for example, to investigate complaints about the quality of service provision, to follow up, to improve service provision, and to provide evidence against possible claims).

 

6.2. The processing of data during the audio recording of telephone conversations is performed with the aim to ensure and improve the quality of services provided by the Manager and the protection of the legal interests of the Manager. Audio recording of telephone conversations is based on Re

 

6.2. The processing of data during the audio recording of telephone conversations is performed with the aim to ensure and improve the quality of services provided by the Manager and the protection of the legal interests of the Manager. Audio recordings of telephone conversations are made on the basis of Article 6 (1) (f) of the Regulation and Article 9 (2) (h) of the Regulation, i.e .:

 

6.2.1. To safeguard the legitimate interests of the controller and third parties (for example, to investigate complaints about the quality of customer service and to provide evidence of possible claims).

 

6.5. The storage and accounting of incoming and outgoing correspondence (e-mails, postal letters, e-registration) is carried out on the basis of Article 6 (1) (b) (c) and (f) of the Regulation, with the aim of ensuring compliance with the obligations specified in regulatory enactments. , that is, to list correspondence in accordance with the controller's nomenclature and the requirements of the Archives Act, as well as to ensure that the controller's legitimate interests are respected, for example to investigate complaints about the quality of service and to provide evidence against possible claims.

 

6.6. The controller shall carry out an analysis of the website, the history of social network visits in order to carry out market research, the analysis of the views of data subjects and the recognition of its brand or brands based on Article 6 (1) (f) of the Regulation.

 

 

 

7. WHAT IS THE PERIOD OF PROCESSING PERSONAL DATA?

 

7.1. The controller shall take into account the following circumstances when selecting the criteria for the storage of personal data:

 

7.1.1. whether the term for storage of personal data has been determined or follows from the regulatory enactments of the Republic of Latvia and the European Union;

 

7.1.2. for what period of time the relevant personal data need to be stored in order to ensure the realization and protection of the legitimate interests of the Controller or a third party;

 

7.1.3. until the consent of the person to the processing of personal data has been revoked and there is no other legal basis for the processing of the data, for example in order to fulfill the obligations binding on the Controller;

 

7.2. Audio recordings of telephone conversations intended to ensure and improve the quality of the services provided by the Controller and the protection of the controller's legal interests shall be kept for a period not exceeding fifteen days, unless the audio recording reflects allegedly unlawful conduct or interests. In this case, the audio recording in question can be retrieved and stored until the legal interest is served.

 

7.6. Records of incoming and outgoing communications (e-mails, letters) in order to ensure that the legitimate interests of the Controller are respected will be kept for a period not exceeding two years, unless the communication in question reflects potentially unlawful conduct or conduct likely to assist the Controller or third parties to safeguard their legal interests. In this case, the document in question may be kept until the legal interest has been secured.

 

7.7. The controller carries out an analysis of the visit history in order to carry out a market study and an analysis of the views of the data subjects, as well as an analysis of the reputation of its brand or the brands it represents. To achieve this goal, these cookies will be stored until you clean your terminal. Read more here: https://www.aboutcookies.org/.

 

7.8. At the end of the storage period, personal data will be permanently deleted, unless there is an obligation to store them in accordance with regulatory enactments.

 

 

 

8. WHO HAS ACCESS TO THE INFORMATION AND TO WHOM IS IT DISCLOSED?

 

8.1. The controller is obliged to provide information on the processed personal data:

 

8.1.1. law enforcement authorities, the court or other state and local government institutions, if it follows from regulatory enactments and the relevant institutions have the right to the requested information, if it has had to be specifically requested;

 

8.1.2. if the personal data must be transferred to the relevant third party within the framework of the concluded contract in order to perform any function necessary for the performance of the contract (for example, within the framework of accounting).

 

8.1.3. in accordance with a clear and unambiguous request of the Data Subject;

 

8.1.4. protection of legitimate interests, for example, by applying to a court or other state institutions against a person who has violated the legitimate interests of the Controller.

 

8.2. Recipients of personal data may be authorized employees of the Controller, Processors, law enforcement and supervisory authorities.

 

8.3. The controller will issue personal data of natural persons only in the necessary and sufficient amount, in accordance with the requirements of regulatory enactments and objective circumstances justified by the specific situation.

 

8.4. The personal data specified in this Policy is not intended to be transferred to a third country (a country that is not a member of the European Union or the European Economic Area).

 

 

 

9. HOW IS THE DATA SUBJECT INFORMED ABOUT THE PROCESSING OF PERSONAL DATA?

 

9.1. The data subject is informed about the processing of personal data specified in this Policy using a multi-level approach, which includes the following methods:

9.1.2. by calling the contact numbers indicated by the Manager, the data subject is informed about the performance of the audio recording, inviting to get acquainted with additional information in this policy or asking the employee of the Manager who is being called;

 

9.1.3. Notices with this Privacy Policy are posted using the Manager's e-Environment Application Forms.

 

9.1.4. by visiting the website, the Data Subject may get acquainted with the statement about which cookies are used, as well as is invited to get acquainted with this Policy;

9.2. The policy is publicly available on the Manager's website at www.rehathink.com

 

10. RIGHTS OF THE DATA SUBJECT

 

10.1. The data subject has the right to request access to his / her personal data from the Controller and to receive clarifying information on what personal data about him / her is held by the Controller, for what purposes the Controller processes these personal data, categories of recipients of personal data to disclose, unless the regulatory enactments allow the Controller to provide such information in a specific case (for example, the Controller may not provide the Data Subject with information on relevant state institutions that are drivers of criminal proceedings, subjects of operational activities or other institutions for which the regulatory enactments prohibit disclosure); information on the period for which the personal data will be stored or the criteria used to determine that period.

 

10.2. If the Data Subject considers that the information available to the Controller is out of date, inaccurate or incorrect, the Data Subject has the right to request the correction of his or her personal data.

 

10.3. The data subject has the right to request the deletion of his or her personal data or to object to the processing if the person considers that the personal data have been processed unlawfully or are no longer necessary for the purposes for which they were collected and / or processed. forgotten ”).

 

10.4. The personal data of the data subject may not be deleted if the processing of personal data is necessary:

 

10.4.1. to protect the Manager's property;

 

10.4.3. for the Manager or a third party to raise, implement or defend legitimate (legal) interests;

 

10.5. The Data Subject has the right to request that the Controller restrict the processing of the Data Subject's personal data if one of the following circumstances exists:

 

10.5.3. The controller no longer needs personal data for processing, but they are needed by the Data Subject to raise, enforce or defend lawful claims;

 

10.5.4. The data subject has objected to the processing until it has been verified that the legitimate reasons of the controller do not outweigh the legitimate interests of the data subject.

 

10.6. If the processing of the Data Subject's personal data is restricted in accordance with Article 10.5 of the Policy. Such personal data, with the exception of storage, shall be processed only with the consent of the Data Subject or for the purpose of raising, enforcing or defending lawful claims, or for the protection of the rights of another natural or legal person or important public interest.

 

10.7. Before lifting the restriction on the processing of personal data of the Data Subject, the Controller shall inform the Data Subject.

 

10.8. The data subject has the right to submit a complaint to the Data State Inspectorate if it considers that the controller has processed his or her personal data unlawfully.

 

10.9. The data subject may submit a request for the exercise of his or her rights in the following way:

 

10.9.1 .. in the form of electronic mail, signing it with a secure electronic signature. In this case, the data subject is presumed to have identified himself or herself by submitting a request signed with a secure electronic signature. At the same time, the Controller reserves the right to request additional information from the data subject in case of doubt, if it deems it necessary.

 

10.9.3. via mail. In this case, the reply will be prepared and sent by registered mail, thus ensuring that unauthorized persons will not be able to receive the item. At the same time, the Controller reserves the right to request additional information from the data subject in case of doubt, if it deems it necessary.

 

10.10. The data subject is obliged to specify in his request, as far as possible, the date, time, place and other circumstances that would help to fulfill his request.

 

10.11. Upon receipt of a written request from the Data Subject for the exercise of his / her rights, the Controller shall:

 

10.11.1. verifies the identity of the person;

 

10.11.2. assess the request and proceed as follows:

 

10.11.2.2. If additional information is required to identify the Data Subject requesting the information, the Controller may request additional information from the Data Subject in order to be able to correctly select the information (eg photographs) in which the Data Subject is identifiable.

 

10.11.2.3. If the information is deleted or the person requesting the information is not a Data Subject or the person is not identifiable, the Controller may reject the request in accordance with this Policy and / or the laws and regulations in force in the Republic of Latvia.

 

11. HOW IS PERSONAL DATA PROTECTED?

 

11.1. The controller shall ensure, continuously review and improve personal data protection measures to protect the personal data of natural persons against unauthorized access, accidental loss, disclosure or destruction. To ensure this, the Manager uses appropriate technical and organizational requirements, including the use of firewalls, intrusion detection, analysis software, and data encryption.

 

11.2. The controller carefully checks all service providers who process personal data of natural persons in the name and on behalf of the controller, as well as assesses whether the cooperation partners (processors of personal data).

 

11.3. In the event of a personal data security incident, if it poses the highest possible risk to the data subject's rights and freedoms, the Controller will notify the Data Subject concerned, if possible, whether the information will be published on the Controller's website or in any other way possible.

 

 

 

Document Creator / Developer Group Representative:

SIA REHATHINK 10.08.2020.

 

CONFIRMED

With the board of SIA RehaThink

August 10, 2020

bottom of page