Toothies privacy policy
1 Introduction
The Toothie Group ("Toothie", "we", "us") knows the importance of privacy for our patients and website visitors and therefore we always strive for a high level of security. Our goal with this policy is that we will in a clear and transparent way describe to you how we collect, use, display, and store your information so that you feel confident that your personal information is in safe custody. We also describe your rights and how you can enforce them and how you can get in touch with us if you have further questions about our personal data processing. Toothie handles personal data in accordance with the General Data Protection Regulation (GDPR) and this personal data policy describes how we fulfill these obligations.1.1. Application
This policy applies to the processing of personal data that takes place within the Toothie International AB Group (corporate identity number 559189-6401). The Toothie Group is under the Toothie brand and consists of the company Toothie care AB (corporate identity number 559144-0424). This company is a separate person responsible for personal data in the legal sense but shares routines regarding the processing of personal data in daily operations. In this policy, we thus refer to all companies within the Group when we hereinafter refer to "Toothie" / "we /" us ".1.2. Basic concepts
The Data Protection Ordinance uses the following terms, the meaning and application of which also apply to this personal data policy. Personal data: any information relating to an identified or identifiable natural person (hereinafter referred to as a data subject), an identifiable natural person being a person who can be directly or indirectly identified specifically with reference to an identifier such as a name, identification number, location information or online -identifiers or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the natural person. Processing: an action or combination of actions concerning personal data or sets of personal data, whether or not they are performed automatically, such as collection, registration, organization, structuring, storage, processing or modification, development, reading, use, disclosure by transmission, dissemination or provision otherwise, adjustment or amalgamation, restriction, deletion or destruction. Personal data controller: a natural or legal person, public authority, institution or other body which alone or together with others determines the purposes and means of the processing of personal data; if the purposes and means of processing are determined by Union law or the national law of the Member States, the controller or the specific criteria for his appointment may be laid down in Union law or in the national law of the Member States. Personal data assistant: a natural or legal person, public authority, institution or other body that processes personal data on behalf of the personal data controller. Third party: a natural or legal person, public authority, institution or body that is not the data subject, the personal data controller, the personal data assistant or the persons under the direct responsibility of the personal data controller or personal data assistant are authorized to process personal data. Personal data incident: a security incident that results in accidental or unlawful destruction, loss or alteration or unauthorized disclosure of or unauthorized access to the personal data transmitted, stored or otherwise processed.2. Toothies processing of personal data
2.1. Personal data responsibility for collected data
We process personal data concerning the patients and website visitors at www.toothie.se. Toothie care AB (corporate identity number 559144–0424), with address Ängeviken 632, 471 91 Klövedal, is responsible for personal data processing at the following workplaces: Toothie c / o Happident Polhemsplatsen, Polhemsplatsen 1, 411 11 Gothenburg2.2. Where do we collect personal information from?
We collect personal information from (i) yourself (eg that you provide directly via our websites or at our clinics), (ii) other company within the Toothie Group (eg to administer and enable more efficient care) , (iii) relatives and other close relatives (eg in connection with an accident or other emergency), (iv) authorities such as the Swedish Social Insurance Agency (eg in connection with compensation cases) and (iv) automatically generated data from you (via cookies or similar technology if you visit any of our websites).3. Patients
3.1. Provide our dental services, including ensuring proper patient care
To provide our dental services (eg handle appointments and calls, offer you appointments with our dental teams, prescribe medicines and provide you with care) and to ensure proper clinical treatment and follow-up, we collect and process your personal data provided by you. to us. Upon arrival at one of Happident's clinics, you will be asked to identify yourself so that we can secure your identity.| Categories of personal data | Legal reason |
| Identity information, including social security number Contact information Health information Booking information Image material | Agreement. The treatment is necessary to fulfill our agreement with you as your dental care provider. Processing of social security numbers is necessary with regard to the purpose of the processing. Any special categories of personal data, e.g. health information, we process when it is necessary to provide our health care services. |
| Retention period: Your personal information is retained during our contractual relationship with you for this purpose and for a period of at least ten (10) years after the last information was entered in the document, to fulfill our obligations regarding record keeping according to the Patient Data Act. |
3.2. Keep a patient record to ensure good care etc.
In connection with us providing you with care, including when communicating with you, we will process your personal data when keeping a patient record. According to the Patient Data Act, we are obliged to keep patient records, e.g. in order to ensure safe and good care for you as a patient.| Categories of personal data | Legal reason |
| Identity information, including social security numberContact informationHealth information | Legal obligation. The treatment is necessary to fulfill our legal obligation to keep a patient record. Processing of social security numbers is necessary with regard to the purpose of the processing. Any special categories of personal data, e.g. health information, we process when it is necessary to provide our health care services. |
| Retention period: Your personal data is retained for this purpose for at least ten (10) years after the last information was entered in the document, in order to fulfill our obligations regarding record keeping according to the Patient Data Act. |
3.3 Quality assured, follow up and develop our business
We will process your personal data in order to systematically and continuously develop, follow up and ensure the quality of our business, which e.g. may include evaluations, administration, planning and production of statistics and other types of follow-up linked to our services.| Categories of personal data | Legal reason |
| Identity information, including social security numberContact informationHealth information | Legitimate interest. The treatment is necessary to satisfy our legitimate interest in quality assurance, follow-up and development of our business. Processing of social security numbers is necessary with regard to the purpose of the processing. Any special categories of personal data, e.g. health information, we process when it is necessary to provide our health care services. |
| Retention period: Reports at an overall level that do not contain any personal data and statistics are saved for the time being. |
3.4 Manage and respond to legal requirements
In order to handle and meet legal requirements, e.g. in connection with a dispute or a legal process, we must, where applicable, process your personal data.| Tasks | Legal reason |
| All information necessary to handle and respond to the legal requirement. | Legitimate interest. The processing is necessary to satisfy our legitimate interest in handling and responding to legal claims, for example in a dispute and legal proceedings. Any processing of social security numbers is necessary with regard to the purpose of the processing. Any special categories of personal data, e.g. health information, we process whether it is necessary to establish, assert and defend legal claims. |
| Retention period : Personal data is retained for the time necessary to handle and meet the legal requirement. |
3.5 Fulfill legal obligations
We process your personal data in order to fulfill legal obligations that apply to us, e.g. concerning accounting and auditing.| Tasks | Legal reason |
| All information collected and necessary to fulfill the respective legal obligation. | Legal obligation. The processing is necessary to fulfill legal obligations that apply to us. |
| Retention period : Personal data is retained for the time necessary for us to be able to fulfill the legal obligations that apply to us. |
3.6 Handle and answer complaints and other questions
We process personal data concerning you as a patient or as a relative of one of our patients that you have provided to us, in order to handle and answer any complaints relating to our business and care, and to be able to handle and answer other questions and feedback you have provided to us.| Tasks | Legal reason |
| Identity information Contact information Your communication | Legal obligation. The processing is necessary to fulfill legal obligations that apply to us regarding the handling and handling of complaints from you. Legitimate interest. The processing is necessary to satisfy our legitimate interest in handling your feedback and answering your questions (which are not covered by our obligation to answer complaints as above). |
| Retention period : Personal data is retained for the time necessary for us to be able to fulfill the legal obligations that apply to us. |
3.7 Recording conversations for educational purposes
Provided that you give your consent, we can save audio recordings from conversations with you as a patient for educational purposes, e.g. to be able to improve and develop our business. In these cases, we will ensure that information in the audio recording that reveals or that can be traced to you as an individual is deleted / censored before we use such material for educational purposes.| Tasks | Legal reason |
| Identity information Health informationSound recording | Consent. The treatment takes place with the support of your consent. Any special categories of personal data, e.g. health information, is processed only with the support of your express consent. |
| Retention period : Personal data for this purpose is retained for a period of one (1) year from the time of recording or earlier in the event that you return to the consent given. We do not currently plan to record conversations for educational or other purposes. Maybe in the future and in that case maybe good to have this writing. |
4. Users of the Website and the Toothie Application
The person responsible for the processing of personal data that belongs to the website visitors who visit Toothie's website ( www.toothie.se ) is Toothie care AB, which has a central personal data responsibility, in its capacity as group owner. The person responsible for the processing of personal data that takes place when using the Toothie application is Toothie care AB. See also section 3 above which describes how we process your information in your role as a patient.4.1 Handle inquiries and feedback
If you make a request or provide feedback to us via our website and / or the Toothie application, we process your personal data in order to process your request and respond to your message.| Categories of personal data | Legal reason |
| Your communicationIdentity informationContact informationHealth information | Legitimate interest . The processing is necessary to satisfy our legitimate interest in handling your request. Any special categories of personal data, e.g. health information, we process whether it is necessary to establish, assert and defend legal claims. |
| Retention period: Your personal data is retained for this purpose for a period of three (3) months from the time we responded to your request. |
4.2 Provide offers and other communication
We process your personal data to provide you with offers about our products and services. You can unsubscribe from our mailings at any time by clicking on the unsubscribe link in the mailing or by contacting us.| Categories of personal data | Legal reason |
| Identification Contact | Legitimate interest . The processing is necessary to satisfy our legitimate interest in submitting offers to you about our products and services. |
| Retention period: Your personal information is retained for this purpose until you unsubscribe from the newsletter. |
4.3 Evaluate and follow up the use of our website
In order to evaluate and follow up the use of our website and the Toothie application, we process your personal data, e.g. in connection with the collection of visitor statistics and user trends on our website and in the Toothie application.| Categories of personal data | Legal reason |
| User-generated dataIdentity data | Legitimate interest . The processing is necessary to satisfy our legitimate interest in evaluating and following up the use of our digital channels. |
| Retention period: Reports at an overall level that do not contain any personal data and statistics are stored until further notice or until they are deleted. |
4.4 Improve your experience on our website and in the Toothie application
In order to improve your experience on our websites and in the Toothie application and to provide you with tailored content when applicable, we will process your personal data.| Categories of personal data | Legal reason |
| User-generated dataIdentity data | Legitimate interest . The processing is necessary to satisfy our legitimate interest in improving our websites and applications. |
| Retention period: Reports at an overall level that do not contain any personal data and statistics are stored until further notice or until they are deleted. |
4.5 Manage and respond to legal requirements
In order to handle and meet legal requirements, e.g. in connection with a dispute or a legal process, we must, where applicable, process your personal data.| Tasks | Legal reason |
| All information necessary to handle and respond to the legal requirement. | Legitimate interest. The processing is necessary to satisfy our legitimate interest in handling and responding to legal claims, for example in a dispute and legal proceedings. |
| Retention period : Personal data is retained for the time necessary to handle and meet the legal requirement. |
4.6 Fulfill legal obligations
We process your personal data in order to fulfill legal obligations that apply to us, e.g. concerning accounting and auditing.| Tasks | Legal reason |
| All information collected and necessary to fulfill the respective legal obligation. | Legal obligation. The processing is necessary to fulfill legal obligations that apply to us. |
| Retention period : Personal data is retained for the time necessary for us to be able to fulfill the legal obligations that apply to us. |
4.7 Manage and protect IT systems and services
To manage and protect our IT systems and services, e.g. for logging, troubleshooting, backup, change and problem management in systems and in connection with any IT incidents, we process, if necessary, your personal data.| Categories of personal data | Legal reason |
| All information listed above. | Legitimate interest . The processing is necessary to satisfy our legitimate interest in managing and protecting our IT systems and services. |
| Retention period : Your personal data is retained for the same period as stated in relation to the respective stated purpose of the processing of your personal data above. Personal data in logs is retained for troubleshooting and incident management for a period of 13 months from the time of the log event. |
5. Disclosed by personal data
5.1 Personal data assistants
In cases where it is necessary, we share your personal data with companies that are so-called personal data assistants for us. A personal data assistant is a company that processes the information on our behalf and according to our instructions. We have personal data assistants who help us with:- Medical Record
- Finance System
- Bank Payments
- IT Support
- Medical third party
- Customer satisfaction survey
- marketing
5.2 Independent data controller
We also share your personal data with certain companies that are independently responsible for personal data. The fact that the company is independently responsible for personal data means that we are not the ones who control how the information provided to the company is to be processed. Independent personal data controllers with whom we share your personal data are:| Receiver | purpose | Legal basis for the transfer |
| Other clinics and laboratories we collaborate with | To administer and enable efficient care and otherwise communicate with other clinics we collaborate with. | Express consent. The treatment takes place only with the support of your express consent. |
| Companies that offer payment solutions | Make payments to be able to offer you our services. | Agreement. The treatment is necessary to fulfill the agreement with you. |
| Agencies | We may provide necessary information to authorities if we are required by law to do so. | Legal obligation. The processing is necessary to fulfill legal obligations. |
| External advisors | We can provide necessary information to external advisors, e.g. auditing firms, law firms or other law firms if we are required by law to do so or to handle or respond to legal claims. | Legal obligation and legitimate interest . The processing is necessary to fulfill legal obligations or to satisfy our legitimate interest in handling and responding to legal requirements. |
| Courts, counterparties, insurance companies, etc. | To handle and respond to legal requirements, we may transfer information to other parties. | Legitimate interest and legal obligation. The processing is necessary to satisfy our legitimate interest in dealing with and responding to legal requirements and to fulfill legal obligations. |
| Law enforcement agencies, e.g. police | We may share personal information with law enforcement agencies, e.g. the police if we are required by law to do so. | Legal obligation . The processing is necessary to fulfill our legal obligations. |
| Potential buyers and sellers | We may share information with potential buyers and sellers if we were to sell all or part of the business or in a merger. | Legitimate interest. The processing is necessary to satisfy our legitimate interest in carrying out the sale or merger. |
| marketing partners | We share your personal information with marketing partners in order to enable such external parties to provide you with relevant marketing. | Consent . The treatment is necessary to provide you with relevant marketing. |
6. Your rights as registered
6.1 Agreement, Legal obligation, Consent or Balance of interests
There are several different legal grounds that give Toothie the right to handle your personal information. Fulfilling an agreement that has been drawn up is a legal basis. Others may be to fulfill a legal obligation (eg under the Patient Data Act or the Accounting Act), obtaining consent or through a balance of interests. If Toothie has obtained consent, you can revoke your consent at any time, in whole or in part. In the case of your most recent consent, Toothie will only process data accordingly. A balance of interests means that Toothie's processing of your personal data is only permitted if our interest in processing the personal data is considered to outweigh your interest in privacy protection.6.2 Right to information
This personal data policy describes how your personal data is processed at Toothie and it is always available at www.toothie.se. You will receive information about the processing both when information about you is collected and when you request it yourself. In addition, there are certain occasions when special information is to be given to you and this is if a data breach or the like occurs (a so-called personal data incident) and there is a risk of, for example, identity theft or fraud.6.3 Right of access (so-called register extract)
You have the right to request, free of charge, an extract of which of your personal data that Toothie has registered. This extract also contains information on how this personal data is processed, for what purposes the personal data is processed, how long it will be stored and to which recipients personal data has been disclosed. Keep in mind that if we receive a request for access, we may ask for additional information to ensure the efficient handling of your request and that the information is provided to the right person.6.4 Right to rectification
You always have the right to turn to Toothie, as the person responsible for personal data, to have your information corrected. It also means that you have the right to supplement with such personal data that is missing and that is relevant with regard to the purpose of the personal data processing. If information is corrected at your request, Toothie must ensure that third parties to whom your information has been disclosed receive information about the correction. However, this does not apply if it proves impossible or involves an overburdening effort.6.5 Right to delete
You have the right to contact Toothie and request that the information concerning you be deleted. The data must be deleted in the following cases:- If the data are no longer needed for the purposes for which they were collected.
- If the processing is based on your consent and you revoke the consent.
- If the processing takes place for direct marketing and you object to the data being processed.
- If you oppose the processing of personal data after a balance of interests and there are no justifiable reasons that outweigh your interest.
- If the personal data has been processed illegally.
- If deletion is required to fulfill a legal obligation.
6.6 Right to restriction
You have the right to request that our processing of your personal data be restricted. If you dispute that the personal data we process is correct, you can request a limited processing for the time we need to check whether the personal data is correct. If we no longer need the personal data for the stated purposes, but you do need them to be able to establish, assert or defend legal claims, you can request limited processing of the data from us. This means that you can request that we not delete your information. If you have objected to a balance of interests of legitimate interest that we have made as a legal basis for a purpose, you can request limited processing for the time we need to check whether our legitimate interests outweigh your interests in having the data deleted. If the processing has been restricted according to any of the above situations, we may only, in addition to the actual storage, process the data to establish, assert or defend legal claims, to protect someone else's rights or if you have given your consent.6.7 Right to data portability
If our right to process your personal data is based either on your consent or fulfillment of an agreement with you, you have the right to request that the data concerning you and that you have provided to us be transferred to another personal data controller (so-called data portability). A prerequisite for data portability is that the transfer is technically possible and can take place automatically.6.8 The right to object to a certain type of treatment
You always have the right to avoid direct marketing and to object to any processing of personal data based on a balance of interests. In cases where we use a balance of interests as a legal basis for a purpose, you have the opportunity to object to the processing. In order to continue to process your personal data after such an objection, we need to be able to show a compelling justified reason for the processing in question that outweighs your interests, rights and freedoms. Otherwise, we may only process the data to establish, exercise or defend legal claims.6.9 Right to complain to the supervisory authority
If you believe that Toothie is processing information about you in violation of the Data Protection Ordinance, you have the right to submit a complaint to the Swedish Data Inspectorate. The Data Inspectorate takes note of all complaints and assesses whether supervision should be initiated and then informs you who made the complaint. The Data Inspectorate must announce whether or not to initiate supervision within three months of receiving the complaint. If you as a complainant are not notified within that time, you can turn to the court to request notification.7. Third country transfers
Toothie does not transfer personal data to third countries, ie. countries outside the EU / EEA.8. Automated decision making (including profiling)
You as a patient and customer can feel confident that we at Toothie do not use automated decision-making in the business.9. Protection of information
Toothie takes technical and organizational measures to ensure that your data is stored and processed safely and securely without the risk of the data being manipulated, destroyed or unauthorized persons accessing it. Toothie has documented procedures regarding user privacy, availability of information and confidentiality with regard to applicable legislation.10. Data Protection Officer
Toothie processes health data in daily operations and these are classified as sensitive personal data. We are therefore obliged to appoint a data protection officer who, among other things, has the task of monitoring compliance with the rules in the regulation and other data protection rules, informing and advising various parties in our business regarding the processing of personal data and being available to registrants who can contact the representative to exercise their rights as registered. We have appointed a data protection representative for all companies within the Group and it is Therese Odengard, active within Toothie International AB. You can reach our data protection representative via email: therese@gofloss.se11. Responsibility
The CEO has the overall responsibility for the content of this policy and that it is implemented and complied with by the business.12. Change of personal data policy
Toothie reserves the right to change this Privacy Policy. The latest version of the policy is always available on our website www.toothie.se. In the event of updates that are of crucial importance for our processing of your personal data, you will be informed.13. Contact us with questions about data protection
If you have any questions or comments regarding this personal data policy or our personal data processing, or if you want the information we have about you to be changed or deleted, you can contact us via the contact information below:| Privacy Manager: | Toothie care AB |
| corporate: | 55559144-0424 |
| corporate: | gdpr@gofloss.se |
| Phone number: | |
| Address: | Toothie care AB Danderydsgatan 26 114 46 Stockholm |
| Data Protection: | Therese Odengård |
| mail address: | therese@gofloss.se |
14. Further information on categories of personal data
See the table below for more information on which categories of personal data we process.| Category | Examples of tasks |
| User-generated data | Visitor and click history |
| Your communication | Content in your communication, e.g. emails |
| Identification | Name, social security number, username / login information |
| Contact details | Address, telephone number, e-mail address |
| health information | Past and present oral health, medical history, information on illness, physiological or biomedical condition |
| reservation information | Calls for examination / treatment, other booking information |
| FACTS | Pictures about you, e.g. X-ray images. |
| sound recordings | Audio recording from conversations with you, e.g. via our app. |
Try Toothie today!
- Video call with dentist
- Free for everyone 0-24 years old
- Open every day 007:00-22:00
Get the app