Privacy and cookies policy

General Information

TY Tannklinikk AS respects your privacy and will process personal data in accordance with the current privacy regulations, including the Norwegian Personal Data Act of 2018, which incorporates the EU General Data Protection Regulation 2016/679 (GDPR). Through this document, we aim to inform you about which personal data we collect and process through your use of our website and dental services, how the data is processed, what our website uses cookies for, how you can prevent the use of cookies, and information about your rights under the
applicable privacy regulations.

TY Tannklinikk AS is responsible for processing your personal data under this privacy policy. Our
contact information is:

TY Tannklinikk AS (Org.nr 996 342 301)

Olav Tryggvasons gate 24, 7011 Trondheim

Phone: +47 72 60 60 30

Email: midtbyen@tytannklinikk.no

When, Why, and What Types of Personal Data Do We Process?

We collect and process personal data about our customers who use our services and visitors to our website. In general, we collect and process your personal data to provide information about and offer you our dental services. This may include personal information such as your name, phone number, birth number, address, etc. We only process your personal data to the extent necessary to fulfill the purpose of the processing.

We collect and process your health information, which is considered a special category of personal data according to GDPR Article 9. We do this in connection with your dental care and to fulfill our legal obligations as healthcare providers.

If we collect or receive your personal data from third parties, which may include both public and private institutions, we will inform you unless the collection is required by law, notification is impossible or disproportionately difficult, or if we know that you are already aware of the data collection.

We collect and process this personal data based on your explicit consent (GDPR Article 6(1)(a)), to enter into and fulfill an agreement with you (GDPR Article 6(1)(b)), based on our legitimate interest in providing you with the best experience on our website and services, and based on our legitimate interest in handling legal claims (GDPR Article 6(1)(f)), as well as to fulfill our legal obligations (GDPR Article 6(1)(c)). The processing of special categories of personal data, such as health data, is done because we provide healthcare services to you in accordance with the Health Registry Act, the Patient Record Act, and the Health Personnel Act (GDPR Article
9(2)(h)).

Contact Forms and General Inquiries

Our website features a contact form for submitting appointment requests. When you submit a request, personal data such as your name, email, phone number, and date of birth are required to allow us to contact you appropriately (name, email address, and phone number) and schedule an appointment, as well as determine your eligibility for discounts or reimbursements (date of birth). We will also process any other information you choose to share with us through the contact form or by email.

We will use the personal data to send appointment reminders via SMS and any other necessary information about your appointment, or to respond to your inquiries. We will only use the information you provide for the necessary contact and communication purposes; it will not be used for marketing or any other purposes.

We process the personal data based on your explicit consent (GDPR Article 6(1)(a)), to fulfill an agreement with you (GDPR Article 6(1)(b)), or based on our legitimate interest in responding to your inquiries (GDPR Article 6(1)(f)).

The content of the form is sent to us via email through the American company SendGrid. SendGrid does not retain the content of the email after it has been sent, but your phone number will be logged for 30 days. This is for the purpose of identifying and correcting errors in the email delivery system.

Dental Services

In connection with your dental treatment, including preparations for, conducting, and following up on your appointments, we will collect and process personal data about you. This will include your name, phone number, address, birth number, and health information about you. This information is necessary for us to provide our dental services, make accurate diagnoses, provide the right treatment and follow-up, and fulfill our legal obligations under health laws, including our obligation to maintain medical records (Health Personnel Act § 39). We will only process your health data to the extent necessary for your treatment.

We process your personal data based on your explicit consent (GDPR Article 6(1)(a) and Article 9(2)(a)), to fulfill an agreement with you (GDPR Article 6(1)(b)), based on the necessity of processing to fulfill our legal obligations under health laws (GDPR Article 6(1)(c)), and based on the provision of healthcare services to the patient in accordance with the Health Registry Act, the Patient Record Act, and the Health Personnel Act (GDPR Article 9(2)(h)).

Job Applications

You are welcome to apply for a position with us. During recruitment for new positions, we will process personal data such as CVs, applications, interview notes, and reference checks, which will contain personal information.

The legal basis for processing personal data during recruitment is that it is necessary to take steps before potentially entering into an employment contract with the applicant (GDPR Article 6(1)(b)). If we conduct further investigations beyond contacting the references provided, such as background checks, this will be based on our legitimate interest in ensuring the right candidate is selected for the position (GDPR Article 6(1)(f)).

Visits to Our Social Media Pages

When you visit our social media pages, such as our Instagram page, the social media platform may collect and process your personal data and use cookies. We recommend that you read the provider’s privacy policy for more information on how these providers process your personal data.

Sharing Personal Data with Third Parties

We do not share your personal data with others unless you consent to the sharing (GDPR Article 6(1)(a)), or if there is a legal basis for sharing. Examples of such legal grounds include the need to fulfill an agreement with you (GDPR Article 6(1)(b)), a legal obligation that requires us to disclose your personal data (GDPR Article 6(1)(c) and GDPR Article 9(2)(h)), or if it is justified by our legitimate interests to share the information (GDPR Article 6(1)(f)).

We use subcontractors or service providers to collect, store, or otherwise process personal data on our behalf ("sub-processors"). In such cases, we have entered into agreements to safeguard information security at all stages of the processing.

We may use providers or process personal data outside the EEA. In such cases, the transfer and processing outside the EEA (third countries) will always comply with GDPR Chapter V, including being subject to a lawful transfer basis to ensure the protection of your personal data. You can contact us for information on the basis used for such  transfers.

We share relevant and necessary information about users of our website with our provider Talkto, which develops our website. We also share necessary information with our IT provider, Thevenin. When using the contact form on our website, the content is sent via email through the American company SendGrid. SendGrid does not store the content of the email after it has been sent, but your phone number will be logged for 30 days for troubleshooting email delivery issues. To comply with our legal obligation under the Health Personnel Act § 39 to keep records, we use the electronic records system provided by Opus Dental (Opus Cloud) and Plandent (Romexis software), where your personal data is stored and processed. In addition, we are connected to the Norwegian Health Network, which we use to securely and legally communicate and exchange personal data and patient information where required.

We use Google Analytics for statistical purposes. You can read more about our use of Google Analytics under "About Cookies."

Information Security

All processing of personal data is secured with the necessary technical and organizational measures.

We handle information to ensure it is accurate, available, and managed in accordance with the sensitivity of the data. We also use various security technologies and procedures to protect personal data from unauthorized access, use, or disclosure. Risk assessments are conducted for the processing of personal data.

Our personnel who may have access to your personal data are subject to confidentiality.

We have entered into data processing agreements with all our providers who process personal data, ensuring that they meet the same security standards we apply to our own processing of personal data.

We limit access to personal data to the personnel or third parties who need to process the data on our behalf. These parties are subject to confidentiality obligations.

We have established routines for handling information security breaches and privacy breaches, and if a breach poses a risk to the privacy of the affected personal data, we will notify the Norwegian Data Protection Authority as soon as possible and no later than 72 hours after discovering the breach. If the breach is likely to pose a high risk to the privacy of the individuals affected, we will also notify those individuals.

Your Rights

You have the following rights in connection with the personal data we process about you:

• Access: You have the right to know what personal data we have stored about you and the right to access that personal data.
• Rectification and Erasure: The information we have about you should be accurate and up-to-date. If you discover an error, we encourage you to contact us to correct the information. You may also contact us if you wish for the information to be deleted. We will accommodate a request to delete personal data as much as possible, but we may not be able to do so if we still need the data.
• Restriction of Processing: You have the general right to ask us to stop processing your personal data, for example, if you believe we are processing your personal data unlawfully, and you do not want us to delete the data according to our procedures until the matter has been clarified.
• Data Portability: For information you have provided to us, which is necessary to fulfill an agreement with us and processed automatically (i.e., not manually), you can request to receive your personal data in a structured, commonly used, and machine-readable format or have it transferred to another provider.
• Right to Object: You have the right to object to our processing of your personal data if this is justified by specific circumstances on your part.
• Right to Complain: If you disagree with how we process your personal data, you have the right to file a complaint with the Norwegian Data Protection Authority. However, we encourage you to contact us first to clarify any issues.
• Processing Based on Consent: If we process personal data based on your consent, you can withdraw that consent at any time. The easiest way to do this is by using the method provided when you gave consent or by contacting us

To exercise your rights, please contact us via email or phone using the contact information
provided at the beginning of this policy. We are required to facilitate your rights free of charge
and within 30 days. If it takes longer than this, you will be notified.

How Long Do We Retain Your Personal Data?

We will not retain your personal data longer than necessary to fulfill the purpose of the processing and comply with our legal obligations. For health data, there are specific regulations regarding retention and deletion, which we are required to follow. These are outlined in the Patient Records Act § 25, the Health Personnel Act §§ 42, 43, and 44, and the Patient Record Regulations §§ 15 and 17.

About Cookies

General Information

We use cookies on our website. You can choose whether to accept or decline the use of cookies when you visit our website.

Cookies are a standard technology that most websites use. A cookie is stored on your computer and can be used to save settings you make on the website or to help us understand how visitors use the site. Over time, we use this knowledge to offer you a better experience on your next visit or to improve our marketing efforts.

Most modern web browsers, such as Chrome, Firefox, Safari, and Edge, are set to accept cookies automatically. If you do not wish to accept cookies at all, you must change the settings in your browser. Note that this setting may cause many websites not to function optimally

Cookies on our website are used for the following purposes:

• Necessary: Setting up third-party scripts (Google Tag Manager), remembering your
  GDPR choices, storing technical settings on the site.
• Analytics (Optional): Registering anonymized visitor statistics, which helps us improve
  the website and identify the information visitors are searching for (Google Analytics 4).
• Marketing (Optional): Displaying maps on the website (Google Maps).

You can enable/disable the optional categories via the cookie settings. All third-party features we use comply with privacy regulations.

Change or Block Cookies

If you wish to make changes or disable cookies, you can change your browser settings to block
all or selected cookies.

To find out how to do this, you can follow the instructions provided by nettvett.no.

If you choose to block cookies, we cannot guarantee that our website will function as intended,
and we cannot be held responsible if errors occur.

Cookies Used on Our Website

On our website, we use the following tools and associated cookies: