At TandCity, we are committed to protecting your personal privacy and wish to inform you about how we collect and use your personal data in accordance with the Patient Data Act, the Dental Care Act, and the General Data Protection Regulation (“GDPR”). Below, you will also find information about your rights under applicable data protection legislation.
PATIENT
Patient Records
As a healthcare provider, we are obliged to keep patient records. The primary purpose of keeping patient records is to contribute to good and safe care for you as a customer/patient. The patient record contains information about your identity, as well as information related to your care, such as actions taken or planned treatments, etc. Our processing of your personal data in connection with record keeping is necessary to fulfill legal obligations incumbent upon us as a healthcare provider under the Patient Data Act, and to perform a task of public interest (providing healthcare).
Appointment Booking and Administration
As a patient with us, you have the option to book/cancel appointments digitally or by phone. When you interact with us as a customer/patient, we process your personal data to administer and confirm your booking/cancellation, send out appointment reminders, and administer your payment. The processing of personal data is necessary to fulfill the agreement(s) we have with you, to fulfill legal obligations incumbent upon us as a healthcare provider under the Dental Care Act, and to perform a task of public interest (providing healthcare). Please note that it is necessary for you to provide your personal data for us to
be able to administer the customer relationship.
Quality Assurance and Operational Follow-up
Within dental care, the quality of operations must be systematically and continuously developed and secured. Your personal data related to your care and administration may therefore be processed for this purpose. The processing of personal data is necessary to fulfill legal obligations incumbent upon us as a healthcare provider under the Dental Care Act, and to perform a task of public interest (providing healthcare).
Marketing
As a patient with us, you will have the opportunity to communicate via email, phone, and SMS for informational purposes. Our legal basis for this processing is a legitimate interest assessment.
Inquiries via Email and Web Forms
We process your personal data when you contact us via email and/or web forms to handle your inquiry, based on a legitimate interest assessment. We assess that we have a legitimate interest in processing your personal data to handle your inquiry. The personal data processed varies depending on the nature of the inquiry but normally includes contact details and
personal identity number (when justified).
SUPPLIER
Administer Supplier Relationships
When you interact with us as a supplier/representative of a supplier, we process your contact details to administer our supplier relationship. This processing is based on a legitimate interest assessment.
VISITORS TO OUR WEBSITE
Use of Our Web Pages and Contact Forms
We process your personal data when you use our web pages to provide the website securely and to improve our digital services. This processing is based on a legitimate interest assessment and, where applicable, with your consent. The following data will be processed:
- Information about the use of our website – such as visitor statistics regarding page response time
for pages, download errors, how you reached and left the service, as well as
delivery notices when we contact you. - Device information – e.g., IP address, language settings, browser settings,
time zone, operating system, platform, and screen resolution. - Geographical information – your geographical location.
For more information on cookies, please see our Cookie Policy.
RECIPIENTS AND CATEGORIES OF RECIPIENTS
Within dental care, strict confidentiality applies to information about patients’ health status and other sensitive data. Only authorized personnel may access confidential information, meaning that only personnel involved in the patient’s care and treatment, or who for other reasons need the information to perform their work within dental care, may access the data.
However, we may share your personal data with our suppliers of, among other things, patient record systems, IT, and dental materials to conduct and develop our operations and thereby provide quality and safe care. To the extent permitted or required by applicable legislation, we may share your personal data with authorities, courts, and other similar third parties.
Your personal data will always be processed within the EU/EEA, unless explicitly stated otherwise.
STORAGE PERIOD
We do not store personal data longer than necessary or required by law. Personal data in our patient record system is stored in accordance with the provisions of the Patient Data Act; a journal document is stored for at least ten years after the last entry was made in the document. In cases where your personal data is part of our accounting information, it is stored according to the Accounting Act for at least seven years.
YOUR RIGHTS
You have the right to insight into how we process your personal data and have the right to request information about the personal data processing. You have the right to have inaccurate personal data corrected, to have any superfluous personal data processing restricted, unfounded personal data processing erased, and also, in certain cases, to have personal data transferred to another controller. If you wish to file a complaint regarding our personal data processing, please contact the Swedish Authority for Privacy Protection, [email protected].
Should we process personal data about you based on your consent, we wish to inform you that you always have the right to withdraw your consent.
CONTACT US
TandCity, 559073–2557, is the data controller for the processing of your personal data as described above and is responsible for ensuring that our processing complies with the Patient Data Act, the Dental Care Act, GDPR, and other applicable data protection legislation. We are part of the Dentalum Group, which has an appointed Data Protection Officer. If you have questions about how we process your personal data or wish to exercise your rights, please contact us at [email protected]