Privacy Policy
Last updated: April 1, 2026
1. Controller and Processor
Data Controller: The company that uses the Order Tracker system to manage its orders (hereinafter — the Client).
Data Processor: SIA Autopal, reg. No. 40203530521, legal address: Augusta Deglava iela 122 - 3, Riga, LV-1082, Latvia, which operates the system on behalf of the Client.
If you have questions about personal data processing, please contact your dental laboratory or write to info@autopal.lv.
2. What Data We Process
| Data Category | Examples | Purpose |
|---|---|---|
| User identification data | Name, surname, email, phone, username | Authentication, access control, communication |
| Patient data | Name, age, gender, contact information | Order identification and fulfillment |
| Dental data | Tooth number, material, color, work description | Order fulfillment (may include health data under GDPR Art. 9) |
| Clinic and dentist data | Name, address, contact information, registration number | Order management and invoicing |
| Order data | Order number, status, notes, comments, attachments | Service delivery |
3. Legal Basis for Processing
- Performance of a contract (GDPR Art. 6.1.b) — processing is necessary for service delivery.
- Legitimate interests (GDPR Art. 6.1.f) — system security, audit logs, error resolution.
- Legal obligation (GDPR Art. 6.1.c) — accounting and tax requirements.
- Explicit consent (GDPR Art. 9.2.a) — health data processing, where applicable.
4. Data Retention Period
Personal data is stored in the system for the duration of the Client's contract. After contract termination, data is exported to the Client and deleted within 30 days. Accounting data may be retained longer in accordance with Latvian legal requirements.
5. Data Subject Rights
Under the GDPR, you have the following rights:
- Right of access — request information about your processed data.
- Right to rectification — request correction of inaccurate data.
- Right to erasure — request deletion of your data ("right to be forgotten").
- Right to restriction — request restriction of data processing.
- Right to data portability — receive your data in a structured format.
- Right to object — object to processing based on legitimate interests.
To exercise your rights, contact your dental laboratory (the data controller) or write to info@autopal.lv.
6. Data Security
We have implemented appropriate technical and organizational measures to protect data:
- Data encryption in transit (HTTPS/TLS).
- Role-based access control (admin, lab manager, technician, dentist).
- Regular data backups.
- Audit log maintenance.
- Regular security updates.
7. Data Storage Location and Sub-processors
All data is stored on servers located in the European Union. Data is not transferred outside the EU/EEA without the data controller's written consent.
Sub-processors may be engaged to ensure system operation. A current list of sub-processors is available upon request at info@autopal.lv.
8. Cookies
The system uses only essential (functional) cookies:
- Session cookie — for user authentication and session management.
- CSRF cookie — for cross-site request forgery protection.
- Language cookie — to store the user's language preference.
We do not use marketing, analytics, or third-party cookies.
9. Data Breach Notification
In the event of a personal data breach, SIA Autopal will notify the data controller (Client) within 24 hours. The Client is responsible for notifying the Data State Inspectorate and affected data subjects in accordance with GDPR Articles 33 and 34.
10. Supervisory Authority
If you believe your data protection rights have been violated, you have the right to file a complaint with the Data State Inspectorate (Datu valsts inspekcija):
- Address: Elijas iela 17, Riga, LV-1050, Latvia
- Phone: +371 67223131
- Email: pasts@dvi.gov.lv
- Website: www.dvi.gov.lv
11. Changes to This Privacy Policy
We may update this privacy policy from time to time. Users will be notified of significant changes through the system or via email.