I. BASIC CONCEPTS

Personal data - any information related to a private person from which his identity can be determined, such as name, surname, residential address, facial image, personal identification number, etc.

Data subject - a natural person who owns personal data.

Data controller - a legal or natural person who, alone or together with others, determines the goals and means of processing personal data. If the purposes of data processing are determined by laws or other legal acts, the data controller and/or the procedure for his appointment may be determined in those laws or other legal acts.

Data processor - a person (both legal and physical) authorized by the data controller to perform data processing work. The data processor acts in accordance with the instructions of the data controller.

Data processing - any action performed on personal data, such as collecting, recording, storing, grouping, combining, changing, publishing, searching, deleting.

Automatic data processing - data processing actions carried out by electronic means, i.e. by various means of information and communication: computers, telephones, tablets, smart watches, video recorders, cameras, voice recorders, video cameras.

Special categories of personal data - data related to a natural person's racial or ethnic origin, political, religious, philosophical or other beliefs, membership in trade unions, health, sex life, as well as information about a person's criminal record.

Recipient of data - legal or natural person to whom personal data is provided.

Provision of data - disclosure of personal data by transmission or otherwise making them available (except for publication in public information media).

Consent - a voluntary statement of the will of the data subject to process his personal data for a purpose known to him. Consent to process special personal data must be expressed clearly - in writing, equivalent to it or in another form that undoubtedly proves the will of the data subject.

Direct marketing - activity aimed at offering goods or services to individuals by mail, telephone or other direct means and/or asking for their opinion on the offered goods or services.

Third party - a legal or natural person, excluding the data subject, data controller, data processor and persons who are directly authorized by the data controller or data processor to process data.

Internal administration - activities that ensure the independent functioning of the data controller (structural management, personnel management, management and use of available material and financial resources, administration of paperwork).

II. GENERAL PROVISIONS

1. The rules for processing patients' personal data (hereinafter - the Rules) determine the main personal data managed by UAB "Subkortikalinės implantacijos ir periodontologijas institutas", registered office 302666203, Savanorių pr. 11a - 84, LT-44208 Vilnius (hereinafter - SIPI or the Data Controller) (patients) management, including their storage, goals, principles, rights of data subjects, personal data protection implementation measures and other issues related to personal data management.
2. SIPI, when processing personal data of patients, is guided by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27/04/2016 on the protection of natural persons in the processing of personal data and on the free movement of such data and which repeals Directive 95/46/EC (OJ 2016 L119 , p. 1) The General Data Protection Regulation (hereinafter - GDPR), the Labor Code of the Republic of Lithuania (hereinafter - DK), the Law on Legal Protection of Personal Data of the Republic of Lithuania (hereinafter - the Law), other legal acts regulating the processing of personal data, and the Rules .
3. The purpose of the rules is to provide the basic technical and data security organizational measures for processing personal data, implementing the rights of the Data subject.
4. UAB GERVIŲ KLINIKA, taking care of the Data Subject's privacy and valuing the Data Subject's trust, undertakes to protect the Data Subject's privacy and to use the provided information exclusively for the purposes specified in these Rules, not to disclose this information to any third parties without the Data Subject's consent, with the exception of UAB GERVIŲ KLINIKA's partners who provide with the Data Subject services related to the proper execution of the ordered services, as well as except in cases where the data is transferred to specialists and/or experts to the extent necessary to achieve the purpose provided for in Clause 6.7 of the Rules. UAB GERVIŲ KLINIKA may also transfer the personal data of the Data Subject to third parties who act as Data Controllers on behalf of UAB GERVIŲ KLINIKA. Personal data can be provided only to those Data Processors with whom UAB GERVIŲ KLINIKA has signed relevant contracts or cooperation contracts contain provisions discussing the transfer/provision of personal data and the Data Processor ensures adequate protection of transferred personal data. It is considered that the Data Subject is informed about it, agrees with it and UAB GERVIŲ KLINIKA does not assume responsibility for damage arising from the use of the Data Subject's data by third parties to the extent permitted by the relevant laws. In all other cases, the personal data of the Data Subject may be disclosed to third parties only in accordance with the procedure provided by the legal acts of the Republic of Lithuania. UAB GERVIŲ KLINIKA may transfer the data subject's personal data to government or law enforcement authorities upon their request and only if this is provided for in accordance with applicable laws.
5. The terms used in the rules are understood as they are defined in GDPR, DK, the Law and other legal acts.

III. PURPOSES OF PROCESSING PERSONAL DATA

1. UAB GERVIŲ KLINIKA processes patients' personal data for the following purposes:
2. 1. Internal administration;
3. 2. Conclusion and performance of healthcare contracts;
4. 3. Electronic communication monitoring in order to protect against malicious programs and business-damaging activities in the electronic space;
5. 4. For issuing invoices and other financial documents;
6. 5. For direct marketing purposes;
7. 6. For crime prevention detection and legal purposes;
8. 7. For the purposes of legal defense (at the pre-trial stage of the dispute and in court proceedings);
9. 8. For audit.
10. After obtaining the voluntary consents of the subjects of personal data (patients), their personal data may be processed for other purposes specified in those consents.

IV. PRINCIPLES OF PERSONAL DATA MANAGEMENT OF PATIENTS

1. GERVIŲ KLINIKA UAB processes personal data of patients in accordance with the following principles:
2. 1. Patients' personal data are processed in a legal, fair and transparent manner (principle of legality, fairness and transparency);
3. 2. Patients' personal data are collected for established, clearly defined and legitimate purposes and are not further processed in a manner incompatible with those purposes (principle of purpose limitation);
4. 3. Patients' personal data are only those that are needed to achieve the purposes for which they are processed (principle of reducing the amount of data);
5. 4. Patients' personal data are accurate and updated when necessary (principle of accuracy);
6. 5. Patients' personal data are kept in such a form that the identity of the person can be determined no longer than is necessary for the purposes for which the patients' personal data are processed (principle of limitation of storage duration);
7. 6. Patients' personal data are processed in such a way that adequate security of patients' personal data is ensured by applying appropriate technical or organizational measures, including protection against unauthorized or illegal data processing and against accidental loss, destruction or damage (principle of integrity and confidentiality) ;
8. 7. Personal data of patients is processed in accordance with the principles set out in this section of the Rules.

V. RIGHTS OF DATA SUBJECTS

1. UAB GERVIŲ KLINIKA when processing patients' personal data, data subjects have the following rights:
2. 1. After submitting a document confirming the identity of the person, he has the right to familiarize himself with the personal data of the Data Subject contained and processed by UAB GERVIŲ KLINIKOJE and to receive information from which sources and which personal data of the Data Subject were collected, for what purpose they are processed and to whom they are provided. UAB GERVIŲ KLINIKA, upon receiving the Data Subject's request in writing (registered mail or e-mail), provides the requested data in writing (registered mail or e-mail) no later than within 30 calendar days from the date of receipt of the Data Subject's request or indicates the reasons for refusing to fulfill such a request . The answer is provided to the Data Subject in the same form in which the request was received, unless the Data Subject's request expresses a wish to receive information in another way.
3. 2. Demand to correct incorrect, inaccurate or incomplete data, 9-3- Demand to delete your personal data or limit the processing of your personal data, when personal data is processed without complying with the requirements of legal acts;
4. 3. Do not consent to the processing of their personal data, except to the extent that it is necessary to process the data in the performance of UAB GERVIŲ KLINIKA's legal duties, as well as in other cases established by legal acts;
5. 4. Demand that their personal data be transferred to another data controller or submitted directly to the personal data subject in a form convenient for the latter (applies to personal data provided by the data subject himself and processed by automated means on the basis of a contract or consent);
6. 5. Submit a complaint to the supervisory authority;
7. 6. To withdraw the given consent (if personal data is processed on the basis of consent).

VI. UAB GERVIŲ KLINIKOS PROCEDURE FOR FULFILLING OBLIGATIONS

1. UAB GERVIŲ KLINIKA processes personal data of patients on the following basis:
2. 1. Conclusion and performance of healthcare contracts;
3. 2. Legitimate interest of UAB GERVIŲ KLINIKA in the performance of health care contracts;
4. 3. Based on the consent of individuals;
5. 4. When it is necessary to process data in order for UAB GERVIŲ KLINIKA to fulfill its legal obligations established by legal acts;
6. When the storage period for patients' personal data is reached, these data are destroyed or transferred to the archive in accordance with the procedure established by legal acts. The terms of storage of personal data processed for other purposes are determined respectively in Annex no. 1.
7. Every employee of UAB GERVIŲ KLINIKA, who processes personal data of patients, must:
8. 1. Sign a confidentiality pledge/agreement;
9. 2. Process personal data strictly in accordance with GDPR, the Law, other legal acts, instructions and these Rules;
10. 3. Keep personal data confidential. Must adhere to the principle of confidentiality and keep secret any information related to personal data that he has become familiar with in the course of his duties, unless such information is made public in accordance with the provisions of applicable laws or other legal acts. The employee of UAB GERVIŲ KLINIKA must comply with the principle of confidentiality even after the end of the employment relationship;
11. 4. Not to disclose, not to transfer and not to create conditions for getting to know personal data by any means to any person who is not authorized to process personal data;
12. 5. In order to prevent accidental or illegal destruction, alteration, disclosure of personal data, as well as any other illegal processing, you must store documents and data files properly and securely and avoid making unnecessary copies. Copies of UAB GERVIŲ KLINIKOS documents containing personal data must be destroyed in such a way that these documents cannot be reproduced and their contents cannot be recognized;
13. 6. Immediately notify the manager of UAB GERVIŲ KLINIKA or the responsible person appointed by him about any suspicious situation that may pose a threat to the security of personal data and take measures to avoid such a situation;
14. 7. Employees who automatically process personal data or from whose computers it is possible to access areas of the local network where personal data are stored must use passwords. Passwords must be changed periodically, as well as when certain circumstances arise (for example, when an employee changes, when there is a threat of hacking, when there is a suspicion that the password has become known to third parties, etc.). An employee working on a particular computer can only know his password;
15. 8. The employee responsible for computer maintenance must ensure that personal data files are not "visible" (shared) from other computers, and antivirus programs are updated periodically;
16. 9. The employee responsible for computer maintenance makes copies of the data files on the computers. If these files are lost or damaged, the responsible employee must restore them within a few working days at the latest;
17. 10. The employee loses the right to process personal data when the employee's employment or similar contract with UAB GERVIŲ KLINIKA ends, or when the manager of UAB GERVIŲ KLINIKA cancels the appointment of the employee to process personal data;
18. 11. Documents of data subjects and their copies, financing, accounting and reporting, archival or other files containing personal data are stored in locked cabinets or safes. Documents containing personal data must not be kept in a visible place accessible to all.
19. In order to ensure the protection of patients' personal data, UAB GERVIŲ KLINIKA implements or plans to implement the following measures for the protection of patients' personal data:
20. 1. Administrative (establishing the procedure for organizing the work of various fields of activity, familiarizing the staff with personal data protection, etc.);
21. 2. Technical and software protection (administration of service stations, information systems and databases, maintenance of workplaces, UAB GERVIŲ KLINIKA premises, protection of operating systems, protection against computer viruses, etc.);
22. 3. Protection of communications and computer networks (filtering of shared data, programs, unwanted data packets (firewalling), etc.);
23. Personal data protection technical and software measures must ensure:
24. 1. Installation of storage for copies of operating systems and databases, determination of copying techniques and compliance control;
25. 2. Continuous data processing (processing) process technology;
26. 3. The strategy of resuming system activity in unforeseen cases (management of contingencies);
27. 4. Physical (logical) separation of the program testing environment from work mode processes;
28. 5. Authorized use of data, their inviolability.
29. Data processors used by UAB GERVIŲ KLINIKOS or third parties used by UAB GERVIŲ KLINIKA to provide the ordered services must guarantee the necessary technical and organizational measures for the protection of patients' personal data and ensure that such measures are followed. Inform UAB GERVIŲ KLINIKAS about the intention to enter into contracts with auxiliary data processors and obtain the prior written consents of UAB GERVIŲ KLINIKAS regarding their appointment.

VII. PROCEDURE FOR IMPLEMENTATION OF THE RIGHTS OF DATA SUBJECTS

1. UAB GERVIŲ KLINIKA implements the rights of data subjects established in the Rules, except for cases established by law, when it is necessary to ensure state security or defense, public order, prevention, investigation, detection or prosecution of criminal acts, important economic or financial interests of the state, violations of official or professional ethics prevention, investigation and detection, protection of the rights and freedoms of data subjects or other persons.
2. Data subjects may contact the administration of UAB GERVIŲ KLINIKOS or the appointed data protection officer with complaints, notifications, requests (hereinafter - Request) regarding issues related to the processing of personal data, including questions regarding the implementation of the rights of data subjects enshrined in the Rules.
3. The response to the data subject regarding his Request is provided in writing, in the shortest possible terms, but no later than within 30 (thirty) calendar days from the date of receipt of the Request. In exceptional cases requiring additional time, UAB GERVIU KLINIKA, after notifying the data subject in writing, has the right to extend the deadline for submitting the requested data up to 60 (sixty) calendar days from the date of submission of the Request. If the Request is related to the request of the data subject to correct, destroy, delete, limit the processing of his personal data, the answer is given to him and appropriate measures are taken in the shortest possible time, but no later than within 10 (ten) working days from the date of receipt of such Request.
4. UAB GERVIŲ KLINIKA refuses to satisfy the Request with a reasoned answer, when the circumstances specified in the GDPR and other legal acts are established, by informing the data subject in writing within the terms indicated above.

VIII. TRANSFER OF PERSONAL DATA OF DATA SUBJECTS

1. UAB GERVIŲ KLINIKA provides the personal data of patients processed in accordance with these Rules to third parties in the cases established by law (e.g. to institutions with state powers: VMI, SODRA, Commission for the Determination of Harm to Patients' Health, other competent institutions, institutions, organizations, as well as specialists or experts both, to the extent necessary to achieve the purpose provided for in Clause 6.7 of the Rules and such transfer is necessary in order to obtain evidence in a legal dispute.). Personal data of patients without the consent of a separate data subject can also be submitted to a pre-trial investigation institution, a prosecutor or a court for administrative, civil, criminal cases before them, as evidence, as well as in the performance of mandatory professional civil liability insurance contracts by UAB GERVIŲ KLINIKAI, as well as in other cases established by law.
2. UAB GERVIŲ KLINIKA has the right to use data processors to manage personal data managed by UAB GERVIŲ KLINIKA. In this case, the requirements of GDPR, Rules and other mandatory legal acts apply to data processors.
3. UAB GERVIŲ KLINIKA uses (may use) the following data processors for processing the personal data of patients specified in the rules: persons or companies providing accounting services, companies providing information technology services, companies providing advertising and marketing services, companies creating, providing, supporting and developing software, companies providing information technology infrastructure services, companies providing communication services.
4. UAB GERVIŲ KLINIKOS has the right to use other processors for processing the personal data of the patients specified in the Rules. UAB GERVIŲ KLINIKA can give the data processor the right to use other data processors (sub-processors). UAB GERVIŲ KLINIKA has the right to use service providers to whom the personal data of data subjects or a certain part of them may be disclosed, as far as this is necessary to provide the services according to the contract.

IX. BASIC REQUIREMENTS FOR TECHNICAL AND ORGANIZATIONAL MEASURES FOR SECURING PATIENT PERSONAL DATA

1. UAB GERVIŲ KLINIKA applies measures to prevent unauthorized access or unauthorized use of the Data Subject's data. UAB GERVIŲ KLINIKA ensures that the data provided by the Data Subject is protected against any illegal actions: illegal alteration, disclosure or destruction of personal data, identity theft, fraud, and that the level of personal data protection meets the requirements of GDPR and legal acts of the Republic of Lithuania. The data storage and processing databases used by UAB GERVIŲ KLINIKOS are protected from unauthorized access via computer networks.
2. UAB GERVIŲ KLINIKA uses appropriate business systems and procedures that allow to protect and defend the personal data of patients entrusted to SIPI by the Data subject. UAB GERVIŲ KLINIKA uses security systems, technical and physical measures that limit access to the Data Subject's personal data and their use on the servers of UAB GERVIŲ KLINIKA. Only the treating doctor or treating doctors and their assistants and/or employees of UAB GERVIŲ KLINIKOS with administrative powers have the right to access the personal data of patients.
3. Personal data of patients are processed manually and automatically using personal data processing tools installed at UAB GERVIŲ KLINIKOS.
4. Technical and organizational measures for ensuring the security of patients' personal data are applied in order to protect the personal data of data subjects from personal data security violations.
5. The technical and organizational measures for ensuring the security of patients' personal data are determined taking into account the GDPR, the requirements of the Law, the recommendations of the supervisory authority for the protection of patients' personal data, the requirements of other legal acts and the Rules. Technical and organizational measures for ensuring the security of patients' personal data can be, and if an increased risk is detected, they must be reviewed, changed and/or supplemented with new measures.
6. In the event of a breach of personal data security, the manager of UAB GERVIŲ KLINIKOS is immediately informed. When the rights and freedoms of data subjects may be in serious danger due to a breach of personal data security, UAB GERVIŲ KLINIKA shall notify the supervisory authority and specific data subjects for whom the personal data security breach has occurred, no more than 72 hours after the breach became apparent. or may have a negative impact and/or cause negative consequences, damage. The content of the notification to the supervisory authority must meet the requirements of Article 33, Paragraph 3 of the GDPR. If the supervisory authority is not notified of a breach of personal data security within 72 hours, the reasons for the delay shall be attached to the notification.
7. All employees of UAB GERVIŲ KLINIKOS who, by the nature of their work functions, have access to personal data managed by UAB GERVIŲ KLINIKOS and process them for the purposes provided for in the Rules and/or to whom this personal data becomes known for any other reasons, as well as all persons (employees of legal entities , representatives), who are used for the processing of personal data specified in these Rules, must:
8. 1. To comply with the basic principles of personal data processing and confidentiality and security requirements established in the Law, these Rules and other legal acts;
9. 2. To take measures to prevent accidental or illegal destruction, alteration, disclosure of personal data, as well as any other illegal processing, to protect personal data;
10. 3. Not to disclose, not to transfer and not to create conditions for getting to know personal data by any means to persons who do not have the right to do so;
11. 4. Immediately notify the manager of UAB GERVIŲ KLINIKOS or the person appointed by him about any suspicious situation that may pose a threat to the security of personal data processed by UAB GERVIŲ KLINIKOS;
12. 5. Comply with other requirements set forth in the Rules and legal acts governing the protection of personal data.

X. COOKIES AND THEIR USE

1. Personal data can be collected automatically when the Data Subject visits the UAB GERVIŲ KLINIKOS website, since the Internet Protocol address of the Data Subject must be recognized by the UAB GERVIŲ KLINIKOS server.
2. UAB GERVIŲ KLINIKOS website also uses data analysis management tools - cookies.
3. By using the UAB GERVIŲ KLINIKOS website, the Data Subject agrees that the cookies mentioned in these Rules will be stored on the Data Subject's computer (device).
4. Cookies are small amounts of data that a website places on the Data Subject's computer. Web pages have no memory. When the Data Subject browses different Internet pages, the Data Subject will not be recognized as the same user. Cookies allow the web page to recognize the Data Subject's browser. The main purpose of cookies is to remember the Data Subject's choices, for example, the preferred language of the website. Cookies also help the Data Subject to be recognized when returning to the same website. They help to personalize the website. Cookies cannot be used to run programs or transmit viruses to your computer. Cookies are assigned only to the Data Subject and can only be read by the web server of the domain that sent the cookie to the Data Subject. One of the most important purposes of cookies is to provide a convenient function to save the Data Subject's time. For example, if the Data Subject uses the website for personal needs or browses the website, cookies will help the website to remember specific information on subsequent visits. This makes it easier to present relevant content, easier to navigate the website, etc. Upon returning to the website, the Data Subject can find his/her previously provided information and thus can more easily use the functions of the website already adapted.
5. The purpose of these management tools is to ensure the quality of browsing the website, to help UAB GERVIŲ KLINIKOS learn about the attendance of the UAB GERVIŲ KLINIKOS website and its individual parts, to understand the user flows of the UAB GERVIŲ KLINIKOS website, to improve the UAB GERVIŲ KLINIKOS website, the services provided online and to better meet the needs of visitors .
6. Every time when visiting the website of UAB GERVIŲ KLINIKOS, the Data Subject can accept or refuse the use of cookies, but in this case UAB GERVIŲ KLINIKA cannot guarantee the quality of browsing the website. Most Internet browsers automatically accept cookies, but if the Data Subject wishes, they can easily modify the browser to not accept them. Thus, the Data Subject has the possibility to delete part or all of the cookies from his computer at any time, or to block them using the Internet browser on his computer. After blocking cookies, for technical reasons, some parts of UAB GERVIŲ KLINIKOS website may not work or work improperly for the Data subject.
7. No personal data of the customer is stored with the help of cookies.
8. No information is provided to any third parties during the recording of necessary cookies.

VI. USE OF SITE INDICATORS

1. UAB GERVIŲ KLINIKA sometimes uses not only cookies, but also website indicators. It is a tiny graphic image of just one pixel that enters the Data Subject's computer as part of a web page or as an HTML electronic message. Directly or through other service providers, UAB GERVIŲ KLINIKA uses these images as internet advertising or on third-party websites in order to find out whether the user to whom the advertisement is displayed makes an order, analyzing user movement and aiming to optimize the offered services.
2. UAB GERVIŲ KLINIKA may include web page indicators in promotional e-mails or informational messages in order to determine whether the e-mails have been opened. Some website indicators may be added by third-party service providers to determine the effectiveness of UAB GERVIŲ KLINIKOS advertising campaigns or e-mail communication. Websites can use the indicator to place a persistent cookie on the Data Subject's computer. It will then be able to recognize the Data Subject's computer every time they visit certain pages or send e-mails and collect anonymous information about the visits to such pages. UAB GERVIŲ KLINIKA prohibits the use of website indicators to collect or access personal information.

XI. RESPONSIBILITY

1. The Data Subject must provide UAB GERVIŲ KLINIKAI with complete and correct personal data of the Data Subject and inform about relevant changes in the Data Subject's personal data. UAB GERVIŲ KLINIKA will not be liable for damage caused to the Data Subject and/or third parties due to the Data Subject providing incorrect and/or incomplete personal data or not properly and timely informing about their changes.
2. UAB GERVIŲ KLINIKA is not responsible for connection failures, due to which users of UAB GERVIŲ KLINIKA's website and other persons cannot access the website or use the services.
3. UAB GERVIŲ KLINIKA cannot fully guarantee that the functioning of the UAB GERVIŲ KLINIKOS website will be uninterrupted and without any interruptions and errors, that the UAB GERVIŲ KLINIKA website will be completely protected from viruses or other harmful components. The Data Subject is informed that any material that the Data Subject reads, downloads or otherwise receives using the UAB GERVIŲ KLINIKOS website is obtained exclusively at the discretion and risk of the Data Subject, and only the Data Subject is responsible for the damage caused to the Data Subject and the Data Subject's computer system.
4. If the Data Subject is a registered user of the UAB GERVIŲ KLINIKOS website (when UAB GERVIŲ KLINIKA provides such an opportunity), the Data Subject assumes all risk and responsibility for the actions of third parties on the UAB GERVIŲ KLINIKOS website, performed using the Data Subject's login data, and undertakes to fulfill all obligations , undertaken using the Data Subject's login data.

XII. CHANGE OF RULES

1. UAB GERVIŲ KLINIKA has the right to partially or completely change the Rules by notifying about it on the website http://www.dantis.eu, vilniusdental.lt, etc., and by presenting these rules in a place accessible to the patient on the premises of UAB GERVIŲ KLINIKA;
2. Additions or changes to the rules take effect from the date of their publication;
3. If the Data Subject does not agree with the new version of the Rules, the Data Subject has the right to refuse to use the services provided by UAB GERVIŲ KLINIKOS.

XIII. VIDEO SURVEILLANCE

1. The image in the premises of UAB GERVIŲ KLINIKOS is monitored and preserved in order to ensure the safety of UAB GERVIŲ KLINIKOS, UAB GERVIŲ KLINIKOS employees, personal property and the public.
2. The image is monitored 24 hours a day, 7 days a week.
3. The image is monitored in the common areas of UAB GERVIŲ KLINIKOS, except for the WC. In the workplace, the image can be monitored when, due to the specifics of the work, it is necessary to ensure the safety of persons, property or the public, and in other cases when other methods or means are insufficient and/or inappropriate to achieve the listed goals.
4. Video surveillance equipment is installed in such a way that, taking into account the established purpose of video surveillance:

the image would be observed in no larger part of the room or territory than is necessary;
no more video data than necessary would be collected.

1. Information about the monitored image is provided in the information tables, which indicate the name, code, and telephone number of the legal entity of the data controller.
2. Video recordings are stored for up to 60 days, depending on the storage capacity of video recording devices, and then destroyed (deleted).

XIV. FINAL PROVISIONS

1. Subjects of the data managed by UAB GERVIŲ KLINIKOS have the right to submit questions, suggestions and comments at any time by sending them by e-mail. by mail to UAB GERVIŲ KLINIKOS data protection officer: Živilė Gulla - Katauskė, e-mail p.: gulla.zivile@gmail.com, tel. No. +370 654 01803. Regarding the provision of information related to the processing of personal data and consultations of data subjects, please contact the indicated personal data protection officer of UAB GERVIŲ KLINIKOS.
2. The rules are reviewed in the event of changes in the conditions of personal data processing and/or legal requirements and are updated as necessary.
3. The employees of UAB GERVIŲ KLINIKOS and personal data processors employed by UAB GERVIŲ KLINIKOS are familiarized with the Rules by signing or in another equivalent way and thereby undertake to comply with them and other legal acts setting the requirements for personal data processing.
4. Violation of the requirements set forth in the rules is considered a gross violation of work duties and/or the contract between UAB GERVIŲ KLINIKOS and the employee and/or personal data processor, for which the enforcement measures provided for in legal acts are applied.
5. Employees of UAB GERVIŲ KLINIKOS, engaged personal data processors and other responsible persons, who have the right to access personal data managed by UAB GERVIŲ KLINIKOS and/or authorized to process them, adhere to the principle of confidentiality and time secrecy of personal data managed by UAB GERVIŲ KLINIKOS or other information related to these data , which they learned in the performance of their duties, except in cases where such information is public according to the requirements of legal acts. The obligation to protect the information specified in this point remains after the start of other duties, termination of employment or other contractual relationships.