This notice informs you about our processing of personal data: the purposes, scope, level of protection, duration of processing and the data subject's rights in our processing of personal data. We are very cooperative and will be happy to answer any questions you may have about data protection!

1. Terminology Used

2. Version Management

3. Information Relating to Each Data Processing Process and Purpose

4. Descriptions of Personal Data Processing Processes, Purposes of Data Processing and Legal Grounds

4.1. Personal Data Processing Associated with Site Visiting (Opening)

4.2. Cookies

4.3. Data Receipt for the Purpose of Ensuring Data Subject Registrations and Exchange of Information on them

4.4. Other Key Data Processing Carried out by the Controller (General Information, Detailed Information is Available Upon Writing a Data Subject Request)

5. Other Information

1.1. Controller, also we: SIA DOVGIL (Reg.No. LV40103528516, legal and actual address: Vidrižu iela 22b, Saulkrasti, Saulkrastu novads, LV -2160, Phone: +37126825777, email: office@dovgil.com

1.2. Website: The website https://dovgil.com/ maintained by the Controller.

1.3. Personal Data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, based on an identifier. For example, an identifier can be the name, surname, identification number, identifier in information systems or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the person concerned;

1.4. Data subject, also You: a living natural person, whose Personal Data the Controller processes to achieve a certain purpose; for example, the Data subject is a visitor of the Website or, in the context of the services provided - a client;

1.5. Personal Data Processing: any operations with the Personal Data of the Data subject, including but not limited to data collection, data storage, data transfer, data modification, data usage and data deletion;

1.6. Purpose of data processing: the goal intended to be achieved by the Controller by processing the Personal Data of the Data subject;

1.7. Regulation: Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), applied in the Member States since May 25, 2018;

1.8. Accountability Principle – The Controller's ability to demonstrate that it has complied with the requirements of the Regulation in the processing of Personal Data.

2.1. This new version of the privacy notice has clarified the nuances associated with the Controller's data processing, in particular, the purposes of Personal Data processing and legal grounds. No other significant changes that would alter the extent of the Data Subject's rights or freedoms have been made.

3.1. Data Processing Operators (Data Recipients):

3.1.1. Controller's employees, in accordance with their job duties, arising from the employees' employment relations with the Controller;

3.1.2. External service providers, with whom the Controller has contractual relations, establishing the order of personal data protection - it stipulates that the Data Subject's Personal Data can only be processed in accordance with the instructions given by the Controller and may not be used for other Data Processing purposes;

3.1.3. State and municipal institutions, including law enforcement agencies, in accordance with regulatory enactments, ensuring the fulfillment of legal obligations and transferring Personal Data upon request, as well as in situations where data transfer is related to the Controller's legitimate interests, for example, to initiate, implement or defend legal claims;

3.1.4. In special cases, about which the Data Subject will be additionally informed during the data collection or acquisition process, a joint controller may also be involved in data processing - in situations where the Controller's Data Processing purpose also applies to another organization;

3.1.5. Third parties in situations where data receipt is in the clear legitimate interest of these third parties or the Controller, for example, but not limited to, when entering a territory with restricted access, the vehicle and its driver's data are transferred for access; The Controller may place links to offers or resources of third parties on the Website, but in this case, you should familiarize yourself with the data processing conditions of the relevant third party independently before transferring data to the third party. Links to third-party resources on the Website should not be considered as your data processing!

3.2. Type of Data Processing: The Controller, while processing Personal Data, uses technical resources and information systems, however, in each situation where a decision needs to be made with respect to the Data Subject, it is always made by a human, and the Controller does not perform automated decision-making in the sense of the Regulation;

3.3. Data transfer to a third country (a country that is not a member of the European Union or the European Economic Area): The Controller, while processing personal data, typically does not transfer data to a country that is not a member of the European Union or the European Economic Area. However, in individual cases, data transfer to a third country may occur in order to ensure the fulfillment of existing or necessary contractual obligations or with the specific consent of the Data Subject, or in other specific exemption situations. Data Subjects will be specifically warned before any specific situation where, based on consent or using other legal grounds for data transfer, data will be transferred to a third country.

3.4. Right to file a complaint:

3.4.1. In each situation where the Data Subject believes that the Controller, by processing Personal Data, has violated his rights, the Data Subject has the right to complain to the supervisory authority of his choice. For the Controller operating in the territory of the Republic of Latvia, the leading supervisory authority is the Data State Inspectorate (website address - www.dvi.gov.lv);

3.4.2. The Data Subject also has a separate right for illegal data processing and other cases where the Data Subject has reason to believe that his rights have been violated, to go to court, observing the provisions of the Civil Procedure Law;

3.5. Rights of the Data Subject: In the cases provided for in the Regulation, you as a Data Subject have certain rights, which the Controller provides to the extent possible. In accordance with the Controller's status - dental practice, you have rights that also arise from the Patient Rights Act! Please note! In some cases, one of your rights as a Data Subject may not be legally or practically implemented, however, in any situation, you will receive a reasoned response from the Controller within the deadlines specified in the Regulation, which depending on the situation is one or three months from the date of submission of the application. The rights that the Data Subject has in accordance with the Regulation are:

3.5.1. Access to personal data - You as a Data Subject have the right to request confirmation from us whether we process your Personal Data, and, in cases where it is processed, to request access to the processed Personal Data. To exercise the aforementioned rights, please submit a written (note, here and below, written means also equivalent to writing (for example, signed electronically with a secure electronic signature) application).

3.5.2. Personal data correction - If you believe that the information we process about you is incorrect or incomplete, you have the right to ask us to correct your data. To exercise the aforementioned rights, please submit a written request; Important! In the case of an existing contract, data update may also be your duty, for non-fulfillment of which sanctions may be applied, in accordance with the relevant contract!

3.5.3. Withdrawal of consent - In cases where we process your personal data based on your consent, you have the right to withdraw your consent to personal data processing

at any time. To exercise the aforementioned rights, please submit a written request. Please note that withdrawal of consent does not affect data processing that was performed before the withdrawal of consent, as well as the relevant Data Processing may have created rights for our legitimate interest or a legal obligation based on legal norms, therefore we will continue to process your personal data for other related purposes;

3.5.4. Objection to processing based on legitimate interests - You have the right to object to such Personal Data processing, which we carry out based on our legitimate interests (the legal basis for such Personal Data processing - in accordance with point (f) of Article 6(1) of the Regulation). To exercise the aforementioned rights, please submit a written request. Please note! We will continue to process your data even if you have objected to it if we have motivated reasons (for example, active litigation) to continue data processing, however, you will receive a reasoned response in any case.

3.5.5. Data deletion - You have the right to request us to delete your personal data, but this does not apply to cases where we have been granted the rights or obligations to retain data by law, as well as in situations where data processing is clearly necessary for the fulfillment of contractual obligations. To exercise the aforementioned rights, please submit a written request;

3.5.6. Restriction of processing - You have the right to request us to restrict the processing of your Personal Data. To exercise the aforementioned rights, please submit a written request;

3.5.7. Data portability - You have the right to receive or further transfer your personal data to another data controller (so-called "data portability"). This right includes only the data you have provided to us, based on your consent or contract, and in cases where the processing is performed with automated means. To exercise the aforementioned rights, please submit a written request to us.

3.6. We observe the data protection principles reinforced by the Regulation in our activities, in particular the accountability principle:

3.6.1. When collecting your personal data, we act as a conscientious and careful landlord should, and process data only for the achievement of specific purposes, not transferring data to any other person, except when there is a situation provided by law or established by a contract, which is appropriately documented;

3.6.2. We regularly evaluate the collected and stored, as well as obtained and transferred Personal Data and ensure that data categories and data storage are in accordance with the necessity to achieve the relevant purposes;

3.6.3. We are oriented towards cooperation, therefore, upon receiving justified objections, suggestions or other types of information from the Data Subject, we will make the appropriate corrections in Personal Data processing, as well as in the binding documentation and other processes related to Personal Data processing, for example, in menus on the Website;

3.7. To ensure fair and transparent data processing, we encourage the Data Subject to observe that:

3.7.1. In every case of Personal Data provision, it is the Data Subject's obligation to provide only valid and true personal data and only such data that are appropriate and necessary for the fulfillment of data processing purposes, for example, according to the previously indicated field values or the relevant request;

3.7.2. In case, during mutual cooperation or within a reasonable period of time thereafter, the relevant Data Subject's data (any data category, for example, name, surname, address, etc.) change, the Data Subject has an obligation to inform the Controller about changes in the relevant data category;

3.8. Communication: if you as a Data Subject have any questions about your Personal Data processing, please contact the Controller using the previously indicated Controller's contacts.

4.1.1. Process: The Controller processes Personal Data to ensure the operation of the Website and the Controller's ability to manage the processes taking place on the Website, including, collects and stores technical information about the connection (for example, IP address of the connection, date and time of the connection);

4.1.2. Purpose and Legal basis: The legitimate interest of the Controller (point (f) of the first paragraph of Article 6 of the Regulation) to maintain the Website, carry out the commercial activities of the Controller in the information society, inform interested parties about important events in the Controller's activities and cooperation opportunities, and ensure the security of the Website - to detect, evaluate, identify and prevent technical problems or illegal actions by third parties;

4.1.3. Note! Given the fact that anyone (including a child or a person with limited capacity to act) can visit the Website, and the actions of any individual can harm the interests of the Controller, the Controller does not verify the age of the specific visitor of the Website, but stores technical information about the connection and events related to the specific connection to the Website. The storage period does not exceed 10 years, as the Controller's claim rights may vary, therefore the Controller applies the longest limitation period specified in regulatory enactments. Parents or relevant representatives appointed in accordance with the law are responsible for the illegal actions committed by a child or a person with limited capacity to act.

General information:

4.2.1. What is a cookie? Cookies are small data files that are downloaded to the user's device when the content of a specific website is downloaded using the website. The need for cookies is, on the one hand, to technically ensure the operation of the website, but on the other hand, to better understand the user experience and the use of content on the website. According to the description provided below, cookies are grouped by their functional significance into functionally necessary ones, i.e., those without which it is practically impossible to ensure the operation of the Website, and those without which the Website will operate, but one of the parties - the Website visitor or the Controller, will not be able to fully obtain or understand the experience or statistics of using the Website. The main difference between the aforementioned groups of cookies is that any cookies that are not functionally necessary are downloaded to the user's device only if the user has consented to the use of non-functional cookies.

4.2.2. The necessity and functions of cookies:

4.2.2.1. Functional cookies - functionally and technically necessary cookies without which full-fledged operation of the Website would not be possible. Websites do not have their memory, and they do not maintain session states, i.e., if the user browses different sections of the website, the user is not recognized as the same user; cookies allow the website to recognize the user. The main function of cookies is to allow the web server to receive information about the user's session thus optimizing the user experience in using the Website. Functional cookies also include those cookies that ensure the operation of the cookie mechanism itself, i.e., the Controller has no other option to obtain the user's consent or non-consent to download other cookies than by using a cookie management tool. Since cookies are required for the operation of the cookie management tool, while consent management is a requirement of regulatory enactments in the case of non-functional cookies, cookies for the operation of the cookie management tool are considered to be cookies necessary for the operation of the Website. Detailed list of functional cookies:

4.2.2.2. Non-functional cookies - these are necessary to help analyze the use of the website, for example, to understand visitor activity on the website. The website uses so-called third-party analytical cookies, with which information is collected, stored, and analyzed using the visitor behavior analysis service provided by Google Analytics. This gives the Controller the opportunity to analyze visitors and accordingly adjust the website so that the website's operation is as effective as possible, some examples of the benefits of using Google Analytics are:

a) To obtain so-called "demographic" data, thus understanding the profile of the website visitors over a certain period of time and, for example, accordingly adapting various informational campaigns to the necessary target audience;

b) To ascertain content and visit data, i.e., which sections of the website visitors have visited most often and which sections they have spent the most time on - this allows for a better understanding of the website structure, as well as planning how best to present important information to the public so that it reaches the target audience as effectively as possible;

c) To find out from which sources the user flow comes from, thereby adjusting the relevant advertising campaigns.

4.2.2.3. Non-functional cookies are used only if the Data Subject has given consent, activating the corresponding element of the website - a pop-up notification when starting to use the website. Important! Since all non-functional cookies are third-party, consent to these cookies simultaneously means the transfer of user session data to the third party! Given the specificity of the Website, the Data Subject, with one consent, agrees to all non-functional cookies.

4.2.2.4. The following non-functional cookies are used on the website:

4.2.3. Additional information about analytical cookies: Analytical cookies use the Google Inc. analytics service, which is provided in accordance with the terms of service of Google Inc. [link to https://policies.google.com/terms?hl=en] and the terms of service of Google Analytics [link to https://www.google.com/analytics/terms/us.html]. The aim is to evaluate the actions of website visitors and prepare a summary report on their behavior for the benefit of the controller. The possibility of identifying the data subject is reduced to a minimum, but the aforementioned activities do not provide full data anonymization.

4.2.4. Cookie management:

4.2.4.1. Functionally necessary cookies are automatically set on the user's end device. They can be deleted, but cookies necessary for the functioning of the website will be set again when continuing to use the website, and possibly as a result of deletion, the website may stop working correctly;

4.2.4.2. Non-functional cookies will only be installed on the user's end device after consent to the use of such cookies. Revocation of consent requires an action – deleting the relevant cookies from the user's browser, which due to the diversity and differences of browsers is not a standardized process and the user needs to know the nuances of the used browsers or use the help (“Help”) section of the relevant browsers. If the user has not consented to the use of non-functional cookies, they will not be installed on the user's end device. If this has still happened, it is a software error and we ask you to inform us (the Controller) immediately! Important! To fully revoke consent, it is also necessary to delete the stm_gdpr_cookie, which stores your given consent to use non-functional cookies!

4.2.4.3. Other possibilities to manage cookies:

a) The visitor has the right to change the browser settings to refuse new cookies, disable (delete) existing ones or additionally inform the visitor about a new cookie being sent to the visitor's device each time. More information is available at: http://www.allaboutcookies.org/. Important! A persistent cookie ban can cause problems when browsing individual websites.

b) Everyone also has the option to refuse to use Google Analytics analytical cookies by downloading and installing the Google Analytics Opt-out Browser Add-on [link - https://support.google.com/analytics/answer/181881]. This add-on communicates with Google Analytics JavaScript (ga.js) to indicate that information about the respective website visit should not be sent to Google Analytics. Note! The Controller warns that the use of the mentioned tool is entirely the user's responsibility and it takes place in accordance with the license terms of the tool owner.

4.3.1. Process: The data subject as a patient or a patient's representative makes an appointment using the functionality built into the website.

4.3.2. Purpose of data processing: Management of patient appointments, the legal basis according to Article 6(1)(f) of the Regulation, to ensure efficient operation of the Controller.

4.3.3. The information indicated in the registration is necessary to organize the work of dental care professionals and to manage patient flow.

4.3.4. An associated purpose of data processing is to inform patients about their appointments using the indicated contact methods - email and/or mobile phone, including to inform and warn the data subject about planned or occurred changes in connection with the appointment.

5.1. This informative notice may be changed as necessary. The current version of the informative notice is published on this Website.

5.2. Last updated on July 27, 2023

5.3. Note! If you find that the Website is fully or partially non-functional, operates incorrectly, requests atypical actions (for example, but not limited to, installation of software or its parts on the visitor's computer), please contact the Controller immediately.

5.4. The Controller has the right to make changes to this notice. If any of the Data Subject's rights are or may be significantly affected by changes, the new version of the notice includes references to the specific changes.