Godt Smil’s Data Protection Act and Cookie Policy

Privacy Policy for Patients

1. Introduction

1.1 At Godt Smil Tandlægerne (hereinafter “we,” “us,” or “our”), your privacy is our top priority. We appreciate your trust in providing us with your personal information. We do not take it for granted, and in this privacy policy, we inform you about the personal information we collect about you, why the information is collected, how we use it, and how we protect it.

1.2 The privacy policy applies to you as a patient when you receive treatment at one of our clinics. The clinic that has provided treatment to you is responsible for the processing of your personal information. This means that the respective clinic collects information about you in connection with your treatments at the clinic and ensures that your personal information is processed in accordance with applicable data protection laws.

2. Information we collect

2.1 When you are a patient at one of our clinics, we record various personal information about you that is necessary to provide proper treatment and maintain records. This mainly includes the information available on your health card, FMK-online (the common medication card), and information we obtain through our examinations and treatment of you:

2.2 General personal information:

(A) Identity information: Name, address, and date of birth.
(B) Contact information: Phone number and email.
(C) Photo.

2.3 Confidential personal information:

(D) Social security number.

2.4 Special personal information:

(E) Health information: X-rays, dental impressions, dental scans, medical records, test results, and information about any prescribed medication.

3. How we use your personal information

3.1 We process your personal information for the purpose of:
(i) Providing proper treatment and fulfilling our legal obligations under the Authorization Act, the Journal Recording Order, and the Health Act.

(ii) Managing your payment for the treatment.

(iii) Reporting to the Danish Health Insurance, your insurance provider, or the public authorities as required by law.

(iv) Verifying your identity.

(v) Scheduling dental appointments for you, including reminders and service notifications.

(vi) Making your medical records available to other healthcare professionals.

(vii) Tailoring our online content.

4. Voluntary Provision

4.1 We collect your personal information directly from you. However, in addition to the health information we obtain during your treatment and with your consent or as required by Section 41(2) of the Health Act, we may receive health information about you from other healthcare professionals, such as your doctor, specialist dentist, and others.

4.2 You are not obligated to provide us with your personal information, but the consequence of not doing so is that we will not be able to fulfill the purposes mentioned in section 3.

5. Automated individual decisions, including profiling

5.1 Your personal information is not subject to automated processing.

6. Legal basis for processing your personal information

6.1 For each purpose, you can see below the legal basis on which we process your personal information:

7. Sharing of your personal information

7.1 Disclosure of your health information and other sensitive personal information will generally only occur with your prior consent. Exceptionally, disclosure and retrieval of health information may occur without your consent when necessary for the current treatment of the patient, considering your interests and needs, according to Section 41(2) of the Health Act. If we disclose your health information to healthcare professionals, they or their employer become the data controller for the received personal information and must fulfill their obligation to provide information to you regarding the purposes for which they process your information.

7.2 Additionally, we may disclose your personal information, registered for billing purposes, including reporting to authorities or insurance companies with payment intermediaries, as necessary to process payments and for auditing purposes. We may also disclose your personal information to our attorney and debt collection partner for the collection of unpaid debts or other ongoing cases.

7.3 We may also share your email with Facebook Custom Audiences and Facebook Lookalikes for branding and marketing our products. In this context, we send a non-reversible hashed email address to Facebook, which presents you with sponsored links in your feed on their platform. You have the right to object to our processing of your email for this purpose. If you do so, we respect your objection and will no longer process your email for this purpose. You can also object to Facebook by disabling “Facebook Custom Audiences and Lookalike Audiences.” You can follow the instructions here and read more about how Facebook processes your personal information.

7.4 We do not transfer your personal information to countries outside the EU/EEA. However, Facebook has its parent company located in the United States, which may indirectly pose a risk of Facebook accessing your email. However, we have ensured that your email is hashed (encrypted) and have entered the European Commission’s Standard Contractual Clauses with Facebook as the basis for any transfer.

8. Responding to legal inquiries and preventing harm

8.1 We may access, retain, and share your personal information to respond to a legal inquiry (such as search warrants, court orders, subpoenas, or similar), or if necessary to detect, prevent, or prosecute fraud or other illegal activities, protect ourselves, you, or other patients, including as part of an investigation.

9. Retention of your personal information

9.1 We retain personal information about you for as long as we need to fulfill the purposes mentioned in section 3. According to the Journal Recording Order, we are required to keep your records for at least 10 years from the date of the last entry. If you choose to change dentists, we will transfer your records to your new dentist, who will then assume the responsibility of retaining your records. In unusual cases described in the Journal Recording Order, we may keep your records for a longer period than mentioned above.

9.2 Personal information used for payment administration is generally retained for the current calendar year and 5 years after you made the payment, in accordance with the Accounting Act.

10. Security and protection

10.1 We have established and maintain appropriate technical and organizational measures to prevent accidental or unlawful deletion, deterioration, loss, unauthorized access, disclosure, misuse, or use of your personal information in violation of applicable data protection laws.

10.2 If there is a personal data breach with a considerable risk of misuse of your personal information, we will promptly notify you of the breach. We will also inform you of the actions we have taken to mitigate the risk of misuse of your information.

10.3 We have internal rules and instructions to ensure that only our employees with a legitimate purpose have access to your personal information, including health information.

11. Recording of phone calls


We want to record and store phone calls with our patients for the purpose of documenting any agreements made and to train our staff to provide you with the best possible service.

Legal basis

We record and store phone calls to document what has been said during the phone call based on Article 6(1)(f) of the General Data Protection Regulation.

We only record phone calls when consent has been given for the purpose of training our staff. You can withdraw your consent at any time, and we will no longer store the conversation. Your withdrawal will not affect the lawfulness of the processing that took place before your consent was withdrawn. You can withdraw your consent by writing to info@godtsmil.dk.

Categories of personal information

We record and store the categories of personal information provided during the conversation, including name, address, email address, CPR number, and health information.

Retention period

Recordings for documentation purposes are deleted after 3 years, unless a dispute arises where we need to document what was said and agreed upon for a longer period in that specific case.

The recordings are only used for training purposes for 3 months from the time the conversation took place.

Your rights

You have the right to request access, rectification, or erasure of your personal information at any time.

You also have the right to object to the processing of your personal information and to request the restriction of its processing.

You can exercise these rights by writing to info@godtsmil.dk.

We are subject to the Health Act and are therefore obliged to retain certain information about you for defined periods of time. This type of information will not be deleted.

You can find more information about our general processing of personal information on this page.

12. Your rights

12.1 Under the Health Act, you have the right at any time to access the information we register and process about you. If you believe that we have recorded incorrect information about you, you can ask us to correct the information. We may not delete information in your medical record, but if you believe that there is an error in the record, you can ask us to add your comments.

12.2 Under applicable data protection legislation, you have certain rights, including the right to access your personal information, the right to have incorrect information corrected, the right to have information deleted (NOTE: see above regarding the medical record), the right to restrict information, the right to data portability, the right to object to the processing of personal information, including automated individual decision-making (profiling).

12.3 If our entire or partial processing is based on your consent, you can withdraw your consent at any time. If you choose to withdraw your consent, it does not affect the lawfulness of our processing of your personal information based on your previously given consent and up until the time of withdrawal. Therefore, the withdrawal of your consent only takes effect from that point onwards.

12.4 If you wish to lodge a complaint about our processing of your personal information, you can do so with the Danish Data Protection Agency (Datatilsynet), phone: 33 19 32 00 or via email: dt@datatilsynet.dk.

12.5 Supervision of the rules in the healthcare legislation is conducted by the Danish Patient Safety Authority (Styrelsen for Patientsikkerhed). You can find the contact information for the authority at www.stps.dk.

Cookies and Privacy Policy


When you visit our website, information about you is collected and used to customize and improve our content and to enhance the value of the ads displayed on the site. If you do not want information to be collected, you should delete your cookies (see instructions in Danish) and refrain from further use of the website. Below, we have elaborated on the information collected, its purposes, and the third parties who have access to it.


The website uses “cookies,” which are text files stored on your computer, mobile device, or similar, with the purpose of recognizing it, remembering settings, performing statistics, and targeting ads. Cookies cannot contain malicious code such as viruses.
It is possible to delete or block cookies. See instructions: https://minecookies.org/cookiehandtering (in Danish).

If you delete or block cookies, ads may become less relevant to you and appear more frequently. You may also risk that the website does not function optimally and that there is content you cannot access.

The website contains cookies from third parties, which may include:

Frequent third parties in digital advertising (in Danish)

If you have any questions beyond this, you are welcome to contact us via our contact form (in Danish) og by using the information below:

This website is owned and operated by:

Ormhøjgårdvej 10B
8700 Horsens
Telephone: 70 29 40 20

Email: info@godtsmil.dk

Last updated in July 2023