1. General Provisions

1.1. This privacy policy (hereinafter – the Policy) regulates main principles and rules regarding personal data collection, processing and storage at the website (hereinafter – the Website) owned by UAB “Reface”.

1.2. The Website is administrated by UAB “Reface”, address of registration: Vytenio str. 22-201, LT-03229 Vilnius, company code: 303235572, acting as a provider (hereinafter – the Provider) of website-related services.

1.3. The Provider can be contacted regarding Data Protection matters as follows:

Email: (Subject: Data Protection)

Address: Vytenio str. 22-201, LT-03229 Vilnius, Lithuania (Subject: Data Protection)

1.4. Before using the Website and its database You as a user of the Website and its database (hereinafter – the User) must thoroughly read and get acquainted with this Policy. By using services provided via the Website, you confirm that you agree to adhere to this Policy.

1.5. If You disagree with the Policy or a certain part of it You must not use the services of the Website and its database. Otherwise, it is presumed that You have got acquainted and unconditionally agreed to adhere to this Policy.

1.6. The provider does not take any risk or responsibility and is unconditionally exempt from it if You did not get fully acquainted with this Policy despite having an opportunity to do so.

1.7. Without prior warning, the Provider has the right to limit the use of the Website services if the User is using the Website in a way that violates this Policy, tries to compromise stability and safety of the website.

1.8. Provider follows these principles of data processing:

1.8.1. Personal data shall be collected in specified, explicit and legitimate purposes.

1.8.2. Personal data shall be processed accurately and fairly.

1.8.3. Personal data shall be consistently updated.

1.8.4. Personal data shall be kept for no longer than is necessary for the purposes for which the personal data are processed.

1.8.5. Personal data shall only be processed by the employees that have such right.

1.8.6. All information on the processed personal data is confidential.

1.9. By using the services of the third parties, third party terms and conditions may apply. Thus, by using services provided by third parties, it is recommended to get acquainted with terms and conditions they apply.

1.10. This Policy has been prepared in accordance to the Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter – the GDPR), the Act on Legal Protection of Personal Data of the Republic of Lithuania, other laws of the European Union and the Republic of Lithuania.

1.11. When the data is processed outside the Republic of Lithuania, other relevant legislation may be applicable, such as the Data Protection Act 1998 of the United Kingdom or the Health Insurance Portability and Accountability Act of the United States of America.

2. Personal data collection, processing and storage

2.1. By providing Your personal data You agree to the Provider controlling that data and processing it for purposes and by means and order laid out in this Policy and laws.

2.2. By providing personal data You give the Provider the right, for the purposes laid out in this Policy, to collect, store, accumulate, classify, use and process any or all personal data that You directly or indirectly provide by visiting the Website and using its services.

2.3. You are responsible for ensuring that the data provided in the form would be precise, correct and detailed. An input of incorrect data is considered to be a violation of the Policy. If the data provided changes You must immediately inform the Provider about it. The Provider shall under no circumstances be responsible for damages that may arise for the User and (or) third parties if the User provided incorrect and (or) undetailed personal data or did not request supplementation and (or) correction of data when it changes.

2.4. When You as a doctor submit to the Website`s database personal data of your patients You must ensure that you process their data lawfully and the patients are fully informed about such data transfer.

3. Personal data processing for the provision services

3.1. By carrying out its business activities, the Provider provides the Clients with services related to treatment plans, their preparation and ordering of special appliances, accessible via the Website. Therefore, according to Article 6 (b), (f) of the GDPR, it processes personal data as a data controller who aims to perform a contract to which the Client is a part of. Processing is also necessary for the legitimate interests pursued by the Provider.

3.2. For the abovementioned purposes, Service Provider processes these categories of clients` (doctors`) Personal Data:

3.2.1. Name;

3.2.2. Surname;

3.2.3. Country;

3.2.4. Phone number;

3.2.5. Email address;

3.2.6. The name of the institution in which the client is employed, company identification number, VAT number, address, zip code;

3.2.7. Credit card (if you choose a direct payment gateway).

3.3. For the abovementioned purposes, Service Provider processes these categories of Personal Data of the clients` patients:

3.3.1. Clinical evaluation;

3.3.2. Optical scan data of dental arches;

3.3.3. Computer tomography scan data.

3.4. Data is collected by receiving it from the doctors who use services laid down in paragraph 3.1. and Terms and Conditions.

3.5. Access to the database is granted by logging in by using a unique user name and password.

3.6. If you choose a direct payment gateway (to complete your order of Services), then the credit card data is stored. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted. All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our website and its service providers.

3.7. The database may also be accessed by IT service and server hosting providers acting as the data processors, with whom the Provider has concluded data processing agreements. 

4. Procedures and timeframes of personal data storage

4.1. By processing and storing personal data of the Users, Provider shall implement organizational and technical measures that would ensure the protection of personal data from an accidental or unlawful destruction, modification, disclosure and any other means of unlawful processing.

4.2. Data You provide may be accessed by medical staff involved in the Service process located in third countries outside the European Economic Area. In such case, they shall ensure that the legal regime of such third country is deemed to provide an adequate level of personal data protection, appropriate safeguards are applied and/or other suitable legal grounds detailed in the GDPR is present for such transfer.

4.3. Data of a User shall not be stored for longer than required by the purposes of personal data processing and according to the applicable legal acts. When the personal data becomes no longer necessary in relation to the purposes for which they were collected and/or the storage period ends, it shall be safely disposed.

5. Rights of the data subjects

5.1. You as a data subject shall at any time have the right to access his/her personal data processed by the Provider after making a request and receive information on how it is processed, exercise his/her right to rectify their incorrect, incomplete, inaccurate personal data, ask to suspend personal data processing actions when the data processing does not comply with laws and requirements of this Policy.

5.2. Insofar as the data processing is based on consent You shall have the right to subtract Your consent at any time with no effect to the lawfulness of processing based on consent before its withdrawal.

5.3. If You require to make a complaint on how the Provider treats Your Personal data You can get in touch with us via contacts provided in paragraph 1.3. for investigation of those matters.

5.4. If You are not satisfied by an answer of the Provider or think that it processed your Personal Data in a way that does not comply with the legal requirements You can make a complaint to the State Data Protection Inspectorate of the Republic of Lithuania.

6. Final provisions

6.1. Law of the Republic of Lithuania shall apply to the legal relationships related to this Policy.

6.2. Provider of the Website is not accountable for the damages, including damages resulting from interference of the Website usage, damage or loss of data arising from an act or omission by the User or third parties acting on behalf of the User, including incorrect input of data, other mistakes, conscious malicious behavior and other wrongful use of the Website. Provider shall also not be held responsible for any interference of the Website log in/usage and (or) damage resulting from them that arises from acts or omission of third parties not associated with the User, including issues with electricity, web access, etc.

6.3. The provider has the right to change this Policy in part or in full.

6.4. Changes of or additions to the Policy shall take effect from the date of their publication in the Website.

6.5. If a User continues to use the Website and its services after the Policy has been updated or changed, it is presumed that the User agrees to such additions and/or changes.