Privacy Policy for Digitorum

Privacy Policy

Last updated: July 24, 2025

Privacy Policy

This Privacy Policy sets out the terms and conditions for the processing of personal data when using the website maintained by the Data Controller, Digitorum, available at http://digitorum.eu (hereinafter referred to as the Website). The Policy applies every time you visit the Website, regardless of the device you use (e.g., computer, mobile phone, tablet, TV, etc.).

You may contact Digitorum’s Data Protection Officer at: edu@digitorum.eu

By accessing or using the Website, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by its terms. If you do not agree with any part of this Policy, please do not use our Website, services, or content.

Data Processing Consent

By using the Website or its services, the Data Subject (you) agrees that the Data Controller may collect and process your personal data — either directly or indirectly — as necessary to manage and maintain the Website, and for the purposes outlined in this Privacy Policy, in accordance with your consent and applicable legal requirements.

Definitions

Data Subject – Any natural person whose personal data is collected and processed by the Data Controller, including but not limited to:

• Applicant – An individual expressing interest in healthcare services provided by the Data Controller or registering to receive such services.
• Patient – A person who has entered into a service agreement with the Data Controller for healthcare services (e.g., dentistry).
• Candidate – A person participating in or intending to participate in the personnel selection process conducted by the Data Controller.
• Participant (in training) – An individual attending or intending to attend training events organized by the Data Controller.
• Participant (in promotions) – A person engaging or intending to engage in contests, campaigns, or promotions organized by the Data Controller.
• Caller – An individual who contacts the Data Controller via publicly available telephone numbers, for registration or inquiries.

For the purposes of this Privacy Policy:

• Account means a unique account created for You to access our Service or parts of our Service.
• Affiliate means an entity that controls, is controlled by or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.
• Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Agreement) refers to Digitorum, Šeimyniškių str. 44, Vilnius LT09213, Lithuania.
• Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
• Country refers to: Lithuania
• Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.
• Personal Data is any information that relates to an identified or identifiable individual.
• Service refers to the Website.
• Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analyzing how the Service is used.
• Third-party Social Media Service refers to any website or any social network website through which a User can log in or create an account to use the Service.
• Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
• Website refers to Digitorum, accessible from https://digitorum.eu/
• You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Legal Compliance and Security

The Data Controller ensures that personal data is collected and processed in compliance with applicable European Union and Republic of Lithuania laws, including guidance from supervisory authorities. Reasonable technical and organizational measures are implemented to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

Children’s Privacy

Individuals under the age of 16 are not permitted to submit personal data through the Website without the express consent of a parent or legal guardian. If you are under 16, please obtain such consent before providing any personal information.

Legal Basis

This Privacy Policy is grounded in:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation, or GDPR),
• The Law on the Legal Protection of Personal Data of the Republic of Lithuania,
• And other applicable legal acts of the European Union and the Republic of Lithuania.

All terms used in this Policy shall be interpreted in accordance with definitions provided in the GDPR and relevant Lithuanian legislation.

Collecting and Using Your Personal Data

WHAT INFORMATION DO WE COLLECT ABOUT YOU?

Information provided directly by you.

Information on how do you use our website.
If you visit our website, we also collect information that reveals the peculiarities of using our services or automatically generated visitor statistics. Read more about Cookies.

Information from third-party sources
We may receive information about you from public and commercial sources (as far as that is permitted by applicable law) and associate it with other information we receive from you or about you. We can also receive information about you from third-party social networking services when you sign in, for example, through your Facebook network account.

Another information we collect
We may also collect other information about you, your device or your use of the content of our site with your consent.
You may choose not to provide us with certain information, but in such a case you may not be allowed to use our service.

PERSONAL DATA PROCESSING FOR THE REGISTRATION PURPOSES

The processing of Personal Data for Applicants, including Phone Callers, to the Data Controller for the purpose of registering for a doctor and / or other matters. The Data Controller processes the following Personal Data of Applicants, including Callers by phone:

Name;
Surname;
Date of birth;
Phone number;
E-mail address;
Health data (as much as the Data Subject submits voluntarily).

In case if the registration is carried out by the representative of the Applicant, the Data Controller shall manage the following data of that representative of the Applicant:

Name;
Surname;
Relation to the Data subject;
Phone number;
E-mail address.

The data of the Applicants are not forwarded to third parties.

PERSONAL DATA PROCESSING FOR JOB OPENINGS PERSONNEL SELECTION PURPOSES

The Data Controller processes the Personal Data submitted by the Candidate voluntarily for the purpose of personnel selection, to the extent that Personal Data have been provided.

The data are obtained directly from the Candidates submitting applications and / or third parties websites of job advertisers. These data are not forwarded to third parties.

Candidates’ data are processed by agreeing on the submission of their data and evaluating the submission of these data as an active consent to process his/her Personal Data for a specific staff selection (announced or otherwise known to the Candidate) and / or a pre-contractual request (Article 6 part 1, clauses a) and b) of the General Data Protection Regulation).

PERSONAL DATA PROCESSING FOR TEACHING REGISTRATION PURPOSES

Processing of Personal Data of those who are interested in the Data Controller organized teaching trainings or who intend to participate in the training. The Data Controller collects the following Data Subject data:

Name;
Surname;
Phone number;
E-mail address.

Data are obtained directly from the training Participants. The Personal Data of the learners are not transferred to the third parties.

PERSONAL DATA PROCESSING FOR PARTICIPATION IN TEACHING PURPOSES

Managing trainees involved in training. The Data Controller collects the following Data Subject data:

Name;
Surname;
Phone number;
E-mail address;
Specialty;
License details;
Checking account data.

Data are obtained directly from the training Participants. The Personal Data of the trainees can be transferred to the following third parties:

Lithuanian Dental Chamber;

An accounting services company (in relation to the internal accounting of the Data Controller).

The Personal Data of the Participants in the training shall be processed on the basis of the consent expressed in the submission of their data (Article 6 part 1, c. a) of the General Data Protection Regulation).

PERSONAL DATA PROCESSING FOR GAMES, PROMOTIONS, COMPETITIONS ORGANIZING PURPOSES

The Data Controller may process Personal Data for the purpose of playing games, promotions or competitions only with the consent of the Data Subject. The Data Controller may collect the following Personal Data of the Participants:

Name;
Surname;
Photo pictures;
Telephone;
E-mail.

Data is obtained directly from the Data Subjects participating in games, campaigns and / or contests. These data are not transferred to third parties, but can be made public through the Data Controller web site and / or the social network Facebook accounts that belong to the Data Controller. The Data Controller can post: name (or social networks registered Data Subject pseudonym), a picture.

Personal data are processed on the basis of the consent expressed in the submission of Personal Data (Article 6 part 1, c. a) of the General Data Protection Regulation).

PERSONAL DATA PROCESSING FOR DIRECT MARKETING PURPOSE

The Data Controller seeks with newsletter recipients to share only relevant news and other useful information. That is implemented in accordance with this Privacy Policy.

The Data Controller processes Personal Data for direct marketing purposes only with clearly expressed consent of the Data Subject. For the purpose of direct marketing, the following Personal Data of the clients and other Data Subjects are processed:

Name;
Surname;
Phone number;
E-mail address.

By sending a newsletter, the Data Controller can collect statistics on the behaviour of the Data Subject related to the use and content of the newsletter (for example, if the newsletter has been read, what links have been opened by the Data Subject).

Data Subject e-mail address can be used to serve ads on Facebook, Google, and other advertising platforms by tailoring the advertisement to the target audience.

According to Personal Data you submit for direct marketing purposes, your Personal Data may be profiled in order to offer tailor made individual solutions and suggestions. You can at any time cancel your consent to process Personal Data in an automated manner, including profiling, processing or contradiction (if applicable).

Personal data are received directly from Data Subjects. Personal Data may only be transferred by the Data Controller to third parties providing specialized services in order to send an e-mail, to tailor e-mails for the nature of advertising ordered through advertising platforms.

The Personal Data of customers and other Data Subjects are processed on the basis of the consent expressed in the submission of their data and consent to the processing of Personal Data for the purpose of direct marketing (Article 6 part 1, c. a) of the General Data Protection Regulation).

We inform you that the Data Subject has the right to decline or at any time cancel his/her consent to process his/her Personal Data for direct marketing purposes without specifying reasons for disapproval:
– By clicking on the “unsubscribe” link at the end of the newsletter or on the website; or
– By sending e-mail to edu@digitorum.eu.

Cancellation of consent does not affect the legality of consent-based data processing prior to the withdrawal of consent.

PERSONAL DATA PROCESSING FOR PERSONNEL, PATIENT SECURITY AND PROPERTY PROTECTION ASSURANCE (VIDEO MONITORING) PURPOSES

The Data Controller processes the image data of his staff and the Patients and other persons who have entered the video surveillance field in order to ensure their and property security (video surveillance).

Please be advised that your video data is captured by the Data Controller video surveillance system when you visit the Data Controller’s clinic in the reception and outdoors area around the clinic. Image data may only be transmitted to law enforcement agencies in accordance with the procedure provided for in the legal acts of the Republic of Lithuania.

Personal Data for the purpose of video surveillance are maintained on the basis of the Data Controller’s legitimate interest protection (Article 6 part 1, c. f) of the General Data Protection Regulation).

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

WHAT DO WE DO TO PROTECT YOUR INFORMATION?

Personal Data is protected against loss, unauthorized use and alteration. We have implemented organizational and technical measures to protect all information we collect for our service provision. We remind you that while we are taking appropriate action to protect your information, no website, online transaction, computer system or wireless connection is completely safe.

The Data Controller applies different terms for the storage of Personal Data, in accordance with the requirements of the law and taking into account the purposes for the processing of Personal Data.

Terms of Personal Data storage:

Purpose of Personal Data Processing	Storage Term
Registration for healthcare services	Until the date of the scheduled visit. If the Data Subject does not attend, data will be deleted within 7 days after the missed visit.
Phone call recordings	6 months from the date of the call, unless required longer by law.
Patient health data	15 years from the last visit (according to Lithuanian legal requirements for medical records).
Visit reminder communication	2 years after the last visit to the clinic.
Candidate data for recruitment	4 months after the recruitment ends. With candidate consent, CV and related data may be stored up to 2 years.
Training registration and participation	2 years from the date of the training event.
Games, promotions, competitions	1 year from the date of the event, unless a longer term is needed for legal claims.
Video surveillance	30 days, unless needed longer for incident investigation.
Direct marketing	5 years from the date of consent, unless withdrawn earlier or extended by the data subject.

Exceptions to the terms of retention may be determined to the extent that they do not violate the rights of the Data Subjects, comply with legal requirements and are properly documented.

After expiration of the deadlines, if they were not extended, the data will be destroyed in such a way that they cannot be reproduced.

YOUR RIGHTS

The Data Subject, whose data is processed by the Data Controller, shall have the following:

• To know (to be informed) about the processing of his/her data (right to know);
• To access his/her data and to find how they are processed (right to access);
• Require correction or, in the context of the purposes for processing Personal Data, supplement the incomplete Personal Data of a person (right to rectify);
• To destroy his/her data or suspend their processing (except storage) (right to destroy and right “to be forgotten”);
• The right to require the Data Controller to restrict the processing of Personal Data for one of the legitimate reasons (right to limit);
• The right to transfer data (right to transfer);
• Disagree on the processing of Personal Data when processed or intended to be processed for direct marketing purposes, including profiling, to the extent that it relates to such direct marketing;
• Submit a complaint to the State Data Protection Inspectorate of the Republic of Lithuania.

If you do not want your Personal Data to be processed for direct marketing purposes, you can e-mail us at edu@digitorum.eu and disagree that your Personal Data will be processed for direct marketing purposes without giving reasons for disapproval.

Any request or instruction related to the processing of Personal Data, the Data Subject has the right to submit to the Data Controller in writing in one of the following ways: by direct delivery at the address (Kalvarijų g. 128A-2, Vilnius); by post: Kalvarijų g. 128A-2, LT-08210 Vilnius; by e-mail: edu@digitorum.eu.

Upon receipt of such a request or instruction, the Data Controller shall, within one month from the date of the request, provide an answer and perform or refuse the actions specified in the request. If necessary, the specified period may be extended by another two months depending on the complexity and number of requests. In this case, the Data Controller shall inform the Data Subject about such extension within one month from the receipt of the request, together with the reasons for the delay.

The Data Controller may not create the conditions for Data Subjects to exercise the above rights, except to refuse to process Personal Data for direct marketing, in cases provided for by law, when it is necessary to ensure the prevention, investigation and detection of violations of criminal, official or professional ethics offenses, as well as the protection of the rights and liberties of the Data Subject or other persons.

Third-Party Websites and Services

Our Website may include links to third-party websites, advertisements, plug-ins, or services (e.g., social media platforms like Facebook) that are not operated or controlled by the Data Controller. Clicking on such links or using these services may allow third parties to collect or share data about you.

We are not responsible for the privacy practices, policies, or content of these third parties. We recommend reviewing the respective privacy policies of every third-party website or service you interact with.

If you voluntarily submit personal information via a third-party platform (e.g., Facebook login), you acknowledge that:

• You may be contacted by us using the provided contact details (e.g., phone or email);
• Such contact will be related only to the purpose for which your data was submitted;
• Data shared with us via third-party platforms will be handled in accordance with this Privacy Policy and relevant data protection regulations.

Cookies

When you visit our Website, we use cookies to enhance your user experience, provide relevant content, and understand website traffic and usage trends. Cookies are small text files stored on your device that help the Website recognize returning users and their preferences.

Types of Cookies We Use

Cookie Name	Description	Created When	Expiry	Data Used
wpcw_timezone	Sets the local user’s timezone	On website visit	On session end	User timezone
_ga, _gid, _gat	Google Analytics – tracks website usage	On website visit	On session end	Visitor behavior
pll_language	Remembers user’s language preference	On website visit	On session end	Language used
woocommerce_cart_hash, wp_woocommerce_session, woocommerce_items_in_cart	Tracks items in the shopping cart	On website visit	On session end	Product data in cart
wp-settings	Stores CMS preferences	On website visit	On session end	Admin settings

COOKIE PREFERENCE/SETTINGS

How to manage and delete cookies

When you use the browser to access the content we provide, you can configure your browser to accept all cookies, reject all cookies or notify when the cookie is downloaded. Each browser is different, so if you do not know how to change cookie preferences, look in its help menu. Your device’s operating system may have additional cookie controls. If you do not want the information to be collected using cookies, use the current easy-to-use procedure in most browsers that allows you to stop using cookies. To learn more about managing cookies, visit: http://www.allaboutcookies.org/manage-cookies/.

However, please note that in some cases, deleting cookies may slow down the speed of browsing the web, restrict the functionality of certain website features, or block access to the website.

Our website may contain links to other people’s, company’s or organization’s websites. We note that the Data Controller is not responsible for the content of such web pages or the privacy principles they use. So if you click on a link from the Data Controller website to access other websites, you should take a look at their Privacy Policy separately.

Retention of Your Personal Data

The Company will retain Your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

The Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

Delete Your Personal Data

You have the right to delete or request that We assist in deleting the Personal Data that We have collected about You.

Our Service may give You the ability to delete certain information about You from within the Service.

You may update, amend, or delete Your information at any time by signing in to Your Account, if you have one, and visiting the account settings section that allows you to manage Your personal information. You may also contact Us to request access to, correct, or delete any personal information that You have provided to Us.

Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.

Disclosure of Your Personal Data

Business Transactions

If the Company is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before Your Personal Data is transferred and becomes subject to a different Privacy Policy.

Law enforcement

Under certain circumstances, the Company may be required to disclose Your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

Other legal requirements

The Company may disclose Your Personal Data in the good faith belief that such action is necessary to:

• Comply with a legal obligation
• Protect and defend the rights or property of the Company
• Prevent or investigate possible wrongdoing in connection with the Service
• Protect the personal safety of Users of the Service or the public
• Protect against legal liability

Changes to this Privacy Policy

We may update Our Privacy Policy from time to time. We will notify You of any changes by posting the new Privacy Policy on this page.

We will let You know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the “Last updated” date at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, You can contact us:

• By email: edu@digitorum.eu