Last updated: 2025-10-23
This Privacy Policy explains how Kaumedika, UAB (the “Company”, “we”) collects, uses, stores, and shares personal data when you:
- visit our website,
- book services or appointments,
- communicate with us via email, phone, chat tools, or social media,
- complete and sign printed forms at the clinic (e.g., consent forms, health history, informed consent) before procedures.
This Policy applies regardless of device and collection channel (online or printed). We recommend reviewing it periodically; updates apply from the moment they are posted on our website.
- Data Controller: Kaumedika, UAB
- Company code: 307151659- Address: Jonavos St. 7, LT-44263 Kaunas
- Data protection email: info@spadenta.lt
- Phone: +370 620 2722
- Website: https://spadenta.lt/
- Data: first/last name, email, phone, service type, appointment date/time, branch, additional info (e.g., complaints), health history, medical records, allergies, medications, informed consent content, signature.
- Sources: online forms, email/phone, chat tools, printed documents completed and signed before procedures.
- Legal basis: contract (GDPR Art. 6(1)(b)); legal obligation under healthcare laws (GDPR Art. 6(1)(c)); for special (health) data—explicit consent and/or necessity for healthcare purposes (GDPR Art. 9(2)(a), 9(2)(h)).
- Retention: up to 2 years for general service records from the last appointment; medical records per applicable healthcare legislation. Printed records may be stored physically and/or scanned.
- Data: communication content, contact details, call recordings (if applicable), call metadata.
- Legal basis: legitimate interests (GDPR Art. 6(1)(f)) or consent (GDPR Art. 6(1)(a)) for recordings.
- Retention: call recordings up to 6 months; other correspondence up to 5 years after case closure.
- Data: name, email, phone, interactions with messages (opens, clicks).
- Legal basis: consent (GDPR Art. 6(1)(a)) or legitimate interests where permitted (GDPR Art. 6(1)(f)).
- Retention: up to 5 years or until consent is withdrawn.
- Data: IP address, browser, OS, page views, unique identifiers, choices in the cookie banner.
- Legal basis: strictly necessary cookies—legitimate interests (GDPR Art. 6(1)(f)); analytics/marketing—consent (GDPR Art. 6(1)(a)).
- More details in the “Cookies” section.
- Data: documents and evidence required to bring claims or defend rights.
- Legal basis: legal obligation and legitimate interests (GDPR Art. 6(1)(c), 6(1)(f); GDPR Art. 9(2)(f)).
- Retention: until proceedings end and, if necessary, up to 10 years thereafter.
- Recipients (controllers): public authorities, law enforcement, courts, notaries—as required by law.
- Processors: IT infrastructure and hosting providers, CRM/booking systems, email/newsletter services, analytics and advertising platforms, document repositories, accounting, IT support.
- Transfers outside the EEA: appropriate safeguards applied (EU SCC, recognized mechanisms such as the Data Privacy Framework). Details available upon request.
- Business transactions: reorganizations, mergers, or sales may involve data transfer; adequate protection ensured.
- Measures: access controls, encryption, SSL/TLS, backups, staff training.
- Printed records: stored in restricted-access areas or locked archives; when digitized, paper may be securely destroyed under formal procedures.
- Note: no system is absolutely secure—please protect your login credentials and use unique passwords.
- Right to be informed and to access (GDPR Arts. 12–15).
- Right to rectification (GDPR Art. 16).
- Right to erasure (“right to be forgotten”) (GDPR Art. 17), where applicable.
- Right to restrict processing (GDPR Art. 18).
- Right to data portability (GDPR Art. 20).
- Right to object (GDPR Art. 21).
- Right to withdraw consent at any time (where applicable), without affecting the lawfulness of processing before withdrawal.
- Complaints: State Data Protection Inspectorate. Send rights requests by email; we respond within 1 month (extendable by 2 months).
- Strictly necessary—for website functionality.
- Functional—to remember your preferences.
- Analytics—for statistics and performance.
- Marketing—for personalized ads.
Necessary cookies are set automatically; other categories require your consent. The cookie banner lists specific cookies, lifetimes, and controls (e.g., withdraw consent).
Our website may contain links to third-party sites or social networks. We are not responsible for their privacy practices; please review their policies.
- General booking and service data: up to 2 years.
- Medical records and consents (printed/electronic): per applicable healthcare legislation.
- Call recordings: up to 6 months.
- Marketing/newsletters: up to 5 years or until consent withdrawal.
- Inquiries/complaints: up to 5 years after closure.
- Legal documents: during proceedings and, if necessary, up to 10 years thereafter.
We may update this Policy. Material changes will be posted on the website and, where necessary, communicated directly.
- Email: info@spadenta.lt
- Address: Jonavos St. 7, LT-44263 Kaunas
- Phone: +370 620 2722
- Website: https://spadenta.lt/