Privacy notice
Dentme Sverige AB, reg. no. 559494-2764 ("Dentme", "vi", "our" or "us") respects and protects your privacy. This privacy notice ("Privacy notice") aims to describe how Dentme as a data controller processes your personal data in accordance with the General Data Protection Regulation ("GDPR") and other applicable data protection legislation. This Privacy Notice also describes the rights you have under the GDPR and how you can enforce them.
1. Who is covered by this Privacy Notice?
This Privacy Notice applies when Dentme, as a data controller, processes personal data belonging to:
1.1. you who are an existing or potential customer of Dentme,
1.2. you are a representative, contact person, agent or other employee of an existing or potential supplier or partner of Dentme,
1.3. you who visit our website and/or use our platformhttps://dentme.com/, and
1.4. you contacting us via our website, email, telephone, social media accounts or otherwise.
The provisions of this Customer Privacy Notice also apply, mutatis mutandis, to you as an employee using our services under a contract between Dentme and your employer. References to "employees" and "employers" also include any other authorized beneficiary using our services under a contract entered into between Dentme and a business customer.
2. Contact details of the data controller
Dentme is the data controller for the processing of your personal data as described in this Privacy Notice. As data controller, we are responsible for ensuring that our processing of your personal data is carried out in accordance with the GDPR and other applicable data protection legislation, e.g. the Patient Data Act in relation to our customers.
If you have any questions about this Privacy Notice, our processing of your personal data or if you wish to exercise any of your rights, please contact us atdataskydd@dentme.com or via the contact details provided below.
Dentme Sverige AB,org.nr: 559494-2764
Address: Hwi 163-U Billo, 106 46, Stockholm
E-mail:info@dentme.com
3. How do we collect your personal data?
We process personal data provided by you when you contact us via e.g. email, phone, our social media accounts or if you enter into a contract with us on behalf of yourself or your employer (i.e. the Business you represent). If, in accordance with the Patient Data Act, you, as a customer, have agreed to consolidated medical records, we may also obtain personal data about you from another healthcare provider.
If your employer has signed an agreement with us, in addition to the information you have provided, we may also receive information about you from your employer when you use our services under this agreement.
We may also receive information from your employer if your employer is a (potential) supplier or partner of Dentme.
If your employer is a (potential) supplier or (potential) partner of Dentme, Dentme may collect your personal data from publicly available sources such as your employer's website.
When you visit and interact with our website, we may collect information such as IP address, browser type, time zone settings, and information about how you use our website from your device. We collect this data from your device by using cookies, server logs, pixels and similar technologies ("Cookies").
4. If you do not provide your personal data
If you are a (potential) customer or a representative, contact person, agent or other employee of a (potential) supplier or business partner, we process information about you in order to enter into a contract with you or with the Business you represent. To enter into a contract, you need to provide us with certain personal data. Providing personal data is of course voluntary, but if you do not provide the necessary information, we will not be able to enter into a contract with you or the Business you represent, nor will we be able to administer the relationship with you or the Business you represent.
If you use our services as an employee under a contract that your employer has concluded with us, we will also need certain personal data about you in order to provide our services.
5. Summary of treatments carried out
5.1. Customer contracts
The purpose of the processing:We process your personal data to be able to provide our services and to enter into an agreement with you as a customer and to be able to administer the customer agreement including the customer relationship. This includes, for example, processing personal data to deliver and improve our services to you and to be able to invoice and communicate regarding the agreement or payment.
Categories of personal data:First and last name, Phone number and email address, Your social security number, Bank account number and payment details (for Customers)
This treatment refers to:Customers, Potential customers
Legal basis:Performance of a contract. We process your personal data in order to fulfill the customer contract with you.
Balancing of interests. If you are using our services as an employee under a contract that your employer has entered into with us, we process your personal data on the basis of our legitimate interest in providing the services under the contract.
Storage period:Your personal data will be processed for the duration of the contractual relationship (as agreed either with you directly or with your employer provided that you use our services through this contract) and up to twelve (12) months from the end of the contractual relationship, unless there is a legal requirement for a longer retention period. For personal data that needs to be retained under the Accounting or Patient Data Act, see sections 5.11 and 5.12.
5.2.Supplier and partner agreements
The purpose of the processing:We process your personal data in order to enter into a contract with the supplier or partner you represent and to administer the contract and the supplier relationship or cooperation.
Categories of personal data:First and last name, Employer/company name and your professional title, Company phone number and email address
This treatment refers to:Representatives of suppliers and partners, Representatives of potential suppliers and partners
Legal basis:Balancing of interests. The processing is necessary for our legitimate interest to enter into a contract with the Business you represent and to administer the contract and the supplier relationship or collaboration. We have assessed that our interest outweighs your right not to have your personal data processed for this purpose.
Storage period:Your personal data will be processed for the duration of the contractual relationship with the Business you represent and up to twelve (12) months from the end of the contractual relationship, unless there is a legal requirement for a longer retention period. For personal data that needs to be retained under the Accounting Act, see section 5.11.
5.3.Care documentation
The purpose of the processing:We process your personal data in order to keep patient records and other documentation necessary for your care.
Categories of personal data:First and last name, Your social security number, Health-related information, such as medical history, diagnosis, medication and planned measures
This treatment refers to:Customers
Legal basis: Legal obligation. The processing of your personal data is necessary to fulfill our legal obligations under the Patient Data Act.
Storage period:We will keep your personal data for as long as necessary to provide good care and to comply with our legal obligations. For personal data that needs to be retained under the Patient Data Act, see section 5.12.
5.4.Quality assurance
Purpose of the processing: We process your personal data in order to systematically and continuously develop and ensure the quality of care.
Categories of personal data:First and last name, Your social security number, Phone number and email address, Health-related information, such as medical history, diagnosis, medication and planned measures
This treatment refers to:Customers
Legal basis:Legal obligation. The processing of your personal data is necessary to fulfill our legal obligations under the Dental Care Act.
Storage period:We will keep your personal data for as long as necessary to provide good care and to comply with our legal obligations. For personal data that needs to be retained under the Patient Data Act, see section 5.12.
5.5. Marketing and promotion
The purpose of the processing:We process your personal data to send you direct marketing communications by email to promote our services and our business.
Categories of personal data:First and last name, e-mail address
This treatment refers to:Customers
Legal basis:Balancing of interests. The processing of your personal data is necessary for our legitimate interest to market our services and activities to you via email. We have assessed that our interest outweighs your right not to have your personal data processed for this purpose.
Storage period:Your personal data will be retained for the duration of the contractual relationship and up to twelve (12) months from the end of the contractual relationship, provided that you have not objected to our processing of your personal data for this purpose.
5.6. Notifications
The purpose of the processing:We process your personal data in order to
send you confirmations, reminders and other messages.
Categories of personal data: First and last name, Telephone number and e-mail address
This processing relates to: Customers
Legal basis:Balancing of interests. The processing of your personal data is necessary for our interest in sending you personalized messages, such as confirmations, reminders and other communications. We have assessed that our interest outweighs your right not to receive your personal data treated for this purpose.
Storage period:Your personal data will be processed for the duration of the contractual relationship and up to twelve (12) months from the end of the contractual relationship, unless there is a legal requirement for a longer retention period.
5.7.Support
The purpose of the processing:We process your personal data in order to be able to answer any questions or otherwise communicate with you who contact us via our website or our platform, email, phone, SMS or via our company social media accounts.
Categories of personal data:First and last name, Telephone number and e-mail address, Your correspondence with us
This processing relates to: Customers, You who contact us
Legal basis:Balancing of interests. The processing of your personal data is necessary for our interest in answering any questions or otherwise communicating with people who contact us in various ways. We have assessed that our interest outweighs your right not to have your personal data processed for this purpose.
Storage period:Your personal data will be retained for up to three (3) months unless circumstances dictate otherwise and we need to retain your data for a longer period of time in order to follow up on correspondence, such as in the case of ongoing cases or if we need to retain the data for any other purpose in this Privacy Notice.
5.8.Website administration
The purpose of the processing:We process your personal data to provide, administer and maintain our website to you as a website visitor, e.g. to remember whether you choose to consent or refuse the use of cookies on our website. This purpose is linked to Necessary Cookies. For more information, see ourcookie policy.
Categories of personal data:IP address
This treatment refers to:Website visitors
Legal basis:Balancing of interests. The processing of your personal data is necessary for our interest in ensuring website functionality, i.e. to provide, administer and maintain our website. We have assessed that our interest outweighs your right not to have your personal data processed for this purpose.
Storage period:See ourcookie policy for more information on how long we process your personal data for this purpose.
5.9.Website analysis
The purpose of the processing:We process your personal data to [gain an understanding of how you and other website visitors use our website in order to further improve and develop our website]. This purpose is linked to Analytical cookies. For more information, see ourcookie policy.
Categories of personal data:IP address, Browser, Time zone, Date and time of visit, Page navigation, Clicks of pages, links and videos
This treatment refers to:Website visitors
Legal basis:Consent. We process your personal data for the stated purpose on the basis of your consent.
Storage period:See ourcookie policy for more information on how long we process your personal data for this purpose.
5.10.Website analysis
The purpose of the processing:We process your personal data to [gain an understanding of how you and other website visitors use our website in order to further improve and develop our website. This purpose is linked to Marketing Cookies. For more information, see ourcookie policy.
Categories of personal data:IP address, Browser and browser settings, Time zone, Date and time of visit, Page navigation, Clicks of pages, links and videos
This treatment refers to:Website visitors
Legal basis:Consent. We process your personal data for the stated purpose on the basis of your consent.
Storage period:See ourcookie policy for more information on how long we process your personal data for this purpose.
5.11.Bookkeeping
The purpose of the processing:We may need to process your personal data to fulfill our legal obligations under the Accounting Act. This may involve reference data in invoices where the invoices constitute accounting material or personal data in a contract or other documentation that constitutes a voucher for an accounting entry that needs to be saved under the Accounting Act.
Categories of personal data:First and last name,
Employer/company name and your job title, Company phone number and email address, Your social security number, Bank account number and payment details
This treatment refers to:Customers, Representatives of suppliers and partners
Legal basis:Legal obligation. The processing of your personal data is necessary to fulfill our legal obligations under the Accounting Act.
Storage period:We keep your personal data for as long as required by law. According to the Accounting Act, accounting information must be stored for seven (7) years from the end of the calendar year in which the financial year to which the information belonged ended.
5.12.Patient data
The purpose of the processing:We may need to process information about you to fulfill our legal obligations under the Patient Data Act.
Categories of personal data:First and last name, Your social security number, Health-related information, such as medical history, diagnosis, medication and planned measures
This treatment refers to:Customers
Legal basis:Legal obligation. The processing of your personal data is necessary to fulfill our legal obligations under the Patient Data Act.
Storage period:We keep your personal data for as long as required by law. According to the Patient Data Act, personal data contained in medical records must, as a general rule, be saved for at least ten (10) years after the last information was entered in the document.
5.13. Restructuring
The purpose of the processing:If Dentme is to be restructured (e.g. split into several different businesses) or if a third party wishes to acquire Dentme or our customer database, Dentme will disclose your personal data to the acquiring company. This may also happen in the event of a merger or if Dentme is liquidated or goes bankrupt. In such cases, the acquiring company will continue to process your personal data for the same purposes as set out in this Privacy Notice, unless you are informed otherwise in connection with the transfer. Some personal data will also be shared with other companies as part of the process to enable a restructuring, sale or liquidation. In such cases, they have committed to confidentiality.
Categories of personal data:First and last name,
Employer/company name and job title, Company phone number and email address, Your social security number, Bank account number and payment details
This treatment refers to:All categories of registered persons
Legal basis:Balancing of interests. The processing of your personal data is necessary for our interest to enable the restructuring, sale or liquidation of Dentme or our assets. We have assessed that our interest outweighs your right not to have your personal data processed for this purpose. However, this requires that the acquiring or potentially acquiring company carries out similar activities to Dentme; however, this does not apply to a transfer to a receiver in case Dentme goes bankrupt.
Storage period:If Dentme ceases to exist or if Dentme
customer database is transferred to an acquiring company, we will delete your personal data as long as we do not need to keep it to comply with legal requirements.
5.14.Dispute
The purpose of the processing:We may need to process your personal data to defend our interests in the event of a dispute, such as to establish, exercise or defend legal claims, for example in the event of a payment dispute.
Categories of personal data:First and last name,
Employer/company name and your professional title, Company phone number and email address, Your social security number, Bank account number and payment details, Other relevant information you have provided
This treatment refers to:(Potential) customers, (Potential) representatives of suppliers and partners
Legal basis:Balancing of interests. The processing of your personal data is necessary for our interest in establishing, exercising or defending legal claims. We have assessed that our interest outweighs your right and interest not to have your personal data processed for this purpose.
Storage period:Your personal data will be kept for as long as necessary to enable us to defend our interests in the event of a dispute. For example, for the duration of the dispute and until it is finally settled.
6. Balancing of interests
Where Dentme has identified "balancing of interests" as the legal basis in section 5, this means that we have assessed that we or a third party have a legitimate interest in the processing. You can find information on what the identified legitimate interest is in the tables for each purpose in section 5.
In addition to identifying the legitimate interest, we have also balanced this interest against your interests or fundamental rights and freedoms that require the protection of personal data. We can only base the processing on a balancing of interests if we have carried out this balancing and concluded that our interests or those of a third party outweigh your interests or fundamental rights and freedoms.
7. automated decision-making
We do not use automated processes to make decisions that significantly affect you.
8. How long do we keep your personal data?
We will only retain your personal data for as long as it is needed for the purposes for which we collected it under this Privacy Notice, unless there is a legal requirement to retain it for a longer period. When we no longer need to keep your personal data, we will delete it from our systems, databases and backups unless we have a legal obligation to keep your personal data for a longer period. See more about the specific retention periods in the tables for each purpose in section 5.
9. What categories of recipients can we share your personal data with?
Dentme may disclose your personal data to the following categories of recipients. For a detailed list of the recipients to whom we have disclosed data, please contact us using the contact details provided in section 2.
9.1. Data processors
Dentme may engage actors to process your personal data on our behalf as data processors. Such parties may only process your personal data in accordance with our instructions. We enter into data processing agreements with these actors and ensure that a high level of protection is ensured to protect your personal data. We use the following types of data processors:
IT and system providers - Dentme may share your personal data with IT and system providers to manage the necessary operation, technical support and maintenance of our IT services.
Marketing and Communications Agencies - Dentme may share your personal data with marketing and communications agencies engaged to assist Dentme with marketing communications to customers and potential customers. For example, Dentme may share your personal information with Klaviyo, Inc. to send marketing communications.
Accounting firm - Dentme may share your personal data contained in invoices and accounting information with our accounting firm, which has been engaged in order for Dentme to fulfill its obligations under the Accounting Act.
9.2. Independent data controllers
Dentme may share personal data with parties that are independent controllers. Independent controllers means that an actor independently determines the purposes and means of the processing of personal data (i.e. the means of processing personal data). When sharing with these actors, each actor's privacy notice applies to the processing of personal data they carry out and they have an obligation to inform you about the processing.
Authorities and the judiciary - we may in some cases need to disclose data to courts, crime prevention authorities and investigative authorities (e.g. the police) in accordance with the law or in the context of legal proceedings. In some cases, we may also need to disclose data to other parties in the context of legal proceedings or similar. Such disclosure is based on a balance of interests as a legal basis or to fulfill a legal obligation under law.
External advisors - we may share your personal data with external advisors such as accounting firms or law firms as required by law or to obtain advice. These actors usually act as independent data controllers and disclosure is usually based on a balance of interests as a legal basis.
Acquiring company - if Dentme is to be restructured (e.g. split into several different businesses), or if a third party wishes to acquire Dentme or our customer database, Dentme will disclose your personal data to the acquiring company. This may also happen in the event of a merger or if Dentme is liquidated or goes bankrupt (in such cases to the liquidator). In such cases, the acquiring company will continue to use your personal data for the same purposes as set out in this Privacy Notice, unless you are informed otherwise in connection with the transfer. This assumes, however, that the acquiring company is engaged in similar activities as Dentme. Some personal data will also be shared with other companies as part of the process to enable a restructuring, sale or liquidation of Dentme or our assets. This is further described in section 5.13.
Social media - if you contact Dentme via our corporate social media accounts, the social media platforms will process your personal data in accordance with their respective privacy notices as independent data controllers.
Cookies - if you visit our website, we may collect and share your personal data with other parties, such as Meta and TikTok. These parties usually act as independent data controllers. This is described in more detail in sections 5.9 and 5.10.
Other healthcare providers. If you, as a Dentme customer, seek care from a healthcare provider other than Dentme, this other healthcare provider may have access to your medical record at Dentme, provided that the medical record is relevant for that healthcare provider to be able to provide you with care and provided that you have consented to it. For more information on electronic health records and your rights in dental care, see section 11.8.
10. Where do we process your personal data?
Dentme aims to process your personal data within the EU/EEA. In certain circumstances, we may need to transfer your personal data to a country outside the EU/EEA ("Third Country"). In case of a transfer to a Third Country, Dentme will always ensure that the same high level of protection applies also when the data is transferred to a Third Country.
Please contact us via the contact details provided in section 2 for more information on our transfers or to obtain a copy of the relevant documentation regarding the safeguards in place. You can also consult the website of the Data Protection Authority for more information on what is required under the GDPR for transfers to Third Countries and appropriate safeguards.
Adequate level of protection for transfers outside the EU/EEA
We may transfer your personal data to recipients in countries that the European Commission has decided ensure an adequate level of protection. This means that the European Commission has assessed that the level of protection in this country is equivalent to that in the EU/EEA and that it is therefore possible to transfer personal data to such a country without taking additional security measures. You can find more information on which countries are covered by adequacy decisions on the European Commission website. The European Commission has decided that the United States ensures an adequate level of protection provided that the recipient is subject to the EU-US Data Privacy Framework ("DPF"). Dentme may transfer your personal data to the US and in such cases ensures that the receiving party (the data importer) is certified under the DPF, if no other adequate safeguards are in place.
Appropriate safeguards for transfers outside the EU/EEA
If your personal data is transferred to a Third Country outside the EU/EEA that is not subject to an adequacy decision by the European Commission or certified under the DPF, we will ensure that appropriate safeguards are in place. Appropriate safeguards may be that the party transferring the personal data to a Third Country (the data exporter) and the party importing personal data into a Third Country (the data importer) have entered into the European Commission's standard contractual clauses for international transfers or that other safeguards have been put in place. In case these safeguards are not sufficient, we may ensure that additional contractual, technical or organizational measures are also taken to ensure a substantially equivalent level of protection as in the EU for the personal data transferred to the Third Country. You can find more information on the European Commission's Standard Contractual Clauses on the website of the European Data Protection Supervisor.
11.Your rights
11.1.Our responsibility for your rights
Dentme, as data controller, is responsible for ensuring that your personal data is processed in accordance with applicable data protection legislation and for enabling you to exercise your rights under the GDPR and the Patient Data Act. You can find more information about your rights in the sections below and on the website of the Data Protection Authority. You can contact us at any time using the contact details provided in section 2 of this Privacy Notice to exercise your rights. If you wish to exercise any of your rights, please do not forget to specify which right is being requested.
11.2.Your rights of access, rectification, erasure and restriction
Under the GDPR, you have certain rights in relation to the data we process about you which are described below. Some of these rights apply under certain conditions, which you can read more about below. You have the right to request the following rights.
Access to your personal data ("register extract"). To enable you to check whether your personal data is being processed and whether the processing is lawful, you have the right to request an extract from the register. This means that you have the right to obtain confirmation as to whether we are processing your personal data and, if so, to receive a copy of the personal data we process about you free of charge. If you are only interested in a specific type of data or data processed for a specific purpose (e.g. direct marketing), please indicate this in your request. The extract from the register will also provide you with information about the processing, such as why we are processing your personal data, how long the personal data will be stored (if possible), to whom your personal data have been or will be disclosed, etc. For any additional copies you request, we are entitled to charge a reasonable administration fee to cover our administrative costs. If you make a request in electronic format, such as by email, we will provide you with the information in a commonly used electronic format, unless you request otherwise.
Correction or completion of your personal data. If we process personal data that is inaccurate, you have the right to request its rectification. We will also, on our own initiative, correct or delete data that we discover to be inaccurate. You also have the right to complete incomplete personal data by providing a supplementary statement.
Erasure of your personal data. In some cases, you have the right to have your personal data erased. This applies in the case that:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed,
- we process your personal data based on your consent and you withdraw your consent, unless there is another legal basis for processing the personal data,
- we process your data for direct marketing purposes and you object to this processing,
- you object to our processing of your data based on a balance of interests or on grounds of public interest and we have no legitimate grounds for processing that override your interests, rights and freedoms,
- we have processed the personal data unlawfully
- we have a legal obligation to delete the personal data.
There are exceptions to the right to erasure. There may be legal requirements or other compelling reasons why we cannot delete your personal data. An overriding reason may be, for example, to establish, exercise or defend ourselves against legal claims, or, for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes.
Restriction of processing. This means that we temporarily restrict the processing of your personal data so that it is only processed for certain limited purposes. We will inform you before ending the restriction of processing. You have the right to request restriction when:
- you consider your data to be inaccurate and you have requested rectification under point 11.2(b), while we are investigating the accuracy of the data,
- the processing is unlawful and you do not want the data to be deleted,
- we, as the controller, no longer need to process the personal data for the purposes of the processing but you need it to establish, exercise or defend a legal claim; or
- you have objected to the use under section 11.3, pending verification whether our legitimate grounds outweigh your legitimate grounds.
We will take all reasonable steps to notify all recipients who have received personal data under Section 9 if we have rectified, erased or restricted access to your personal data after you have requested us to do so, unless this is impossible or would involve a disproportionate effort. Upon your request, we will inform you to whom we have disclosed personal data.
11.3.Your right to object to our processing of your personal data
You have the right to object to the processing of your personal data that is carried out on the basis of a balance of interests or public interest as a legal basis (see section 5). You must provide reasons for your objection that relate to your particular situation. If you object to processing, we will only continue processing if we have compelling legitimate grounds to continue processing which override your specific grounds, other interests, rights and freedoms or if the processing is necessary for the establishment, exercise or defense of legal claims.
11.4.Your right to object to direct marketing including profiling
If you do not want us to process your personal data for direct marketing purposes, including profiling carried out for direct marketing purposes, you always have the right to object to such processing including profiling by contacting us. Once we have received your objection, we will stop processing your personal data for this purpose. In case you receive marketing mailings from us, you can also click on our unsubscribe link which you will find at the bottom of each mailing.
11.5. Your right to withdraw your consent
If we process your personal data on the basis of your consent as a legal basis (see section 5), you have the right to withdraw your consent at any time by contacting us. We are then not entitled to continue the processing in question unless there is another legal basis for the processing. You can find our contact details in section 2 of this Privacy Notice.
Marketing mailings
If you wish to withdraw the consent you have given us to receive our marketing emails or text messages, you can choose between contacting us to withdraw your consent or clicking on our unsubscribe link at the bottom of each email.
Cookies
Have you given your consent to the placement of cookies on our websitehttps://dentme.com/ you can withdraw your consent by clicking on the icon in the bottom right corner of our website and then clicking on "decline".
11.6.Your right to data portability
You have the right to data portability when we process your personal data by automated means and if we base our processing of your personal data on the legal basis of consent or for the performance of a contract you have entered into with us. Your right to data portability means that you have a right to obtain part of your personal data in a structured, commonly used and machine-readable format and to transmit those personal data to another controller. You may also request that we transfer your personal data directly to another controller provided that such direct transfer is technically feasible.
11.7.Your right to lodge a complaint with the relevant supervisory authority
You always have the right to lodge a complaint with the relevant supervisory authority if you consider that our processing of your personal data infringes the GDPR. This applies in particular in the Member State of your habitual residence, place of work or where the infringement took place. The supervisory authority in Sweden is the Swedish Data Protection Authority (IMY). You can contact IMY viaimy@imy.se or via the contact details provided on the IMY website.
11.8. Your rights in dental care
As a Dentme customer, you have certain rights in dental care as
of patient, which are described in the following.
Coherent health and social care documentation. Coherent health and social care documentation is an electronic system that allows a health or social care provider to give or receive access, through direct access or other electronic disclosure, to data held by other health or social care providers. As a patient, you have the option to object to data being made available to other health or care providers through such documentation.
Read your medical record. If you want to access your patient record, please contact Dentmes customer service via the chat on our website or by emailing us atinfo@dentme.com. Once we have processed your request, we will make your medical record copy available to you in a secure message via "My accounts" onDentme.com. You will receive an email notification when the copy is ready to be read. If you have any particular preferences about how you want to receive the record, please let us know when you request your copy.
Blocking data in certain cases. As a patient, you have the right in certain cases to block medical record data from electronic accessibility to healthcare professionals from other units or care processes within Dentme's operations. The healthcare professional may then not access the data in question, unless the conditions for emergency access under the Patient Data Act are met. However, blocked data can be associated with risks. If a professional is prevented from having access to potentially available and adequate information about an individual patient that is of importance for good and appropriate care, there is a risk of qualitatively poorer care.
Log extract. As a patient, you have the right to receive, upon request, information about what direct and electronic access to personal data about you has occurred (i.e. a so-called "log extract"). This means that you have the right to know if and when someone has read your medical record.
Claim for damages. In case of processing of personal data in violation of the GDPR and regulations supplementing the GDPR, you may be entitled to damages. See Article 82 of the GDPR and Chapter 7, Section 1 of the Act (2018:218) with supplementary provisions to the EU General Data Protection Regulation for more information.
National or regional quality register. In the health sector, there are quality registers that are used to systematically and continuously develop and ensure the quality of care. You have the right to have your data erased from such a register at any time, including the right to object to the processing even after it has started.
12.We protect your personal data
You should always feel safe when we process your personal data. We have put in place both technical and organizational security measures, including access restrictions and regular internal controls, to protect your personal data against, for example, unauthorized access, alteration and loss. In the event of a data breach that could significantly affect you or your personal data, such as a risk of fraud or identity theft, we will contact you to explain what has happened and advise you on how to reduce the risk of potentially harmful effects.
Furthermore, the confidentiality provisions in Chapter 6 of the Patient Safety Act (2010:659) apply to Dentme's activities. This means that anyone who is or has been a member of our healthcare staff may not unauthorizedly disclose what he or she has learned about an individual's state of health or other personal circumstances in the course of his or her work. This duty of confidentiality applies unless you as a patient have given your consent for information to be disclosed or if there is legal support for the disclosure of information.
13.Cookies and similar technologies
We use cookies on our website and in our services to, among other things, improve your experience with us and customize our services to your needs and preferences. In ourcookie policy we explain in more detail how we use cookies and the choices you have made about our cookies. See ourcookie policy for more information.
14.Changes to this Privacy Notice
Dentme may change this Privacy Notice. In the event of a change, you will be clearly informed of the change and what it means for you in good time before the amended version takes effect. This is provided that the change is not merely linguistic or editorial but involves a fundamental change to the processing itself or in case the change is not a fundamental change but we consider it relevant and affects you. If a change to the processing of your personal data requires consent, you will be notified of this and given the opportunity to give your consent.
You can always find the latest version of the Privacy Notice on our website and we indicate the date of the last update at the top of the Privacy Notice.
This Privacy Noticeupdated by September 5, 2025.