• Cookie Mærket
Godt Smil
Godt smil - menu

Privacy policy for Godt Smil

PRIVACY POLICY AND INFORMATION ON PROCESSING OF YOUR PERSONAL DATA ON WWW.GODTSMIL.DK

1. Background and data controller

1.1) The data controller for your personal data is:

Godt Smil Administration
VAT no.: DK38324373
Ormhøjgårdvej 10B
DK-8700 Horsens

1.1.2) Our contact for enquiries regarding the processing of your personal data is Godt Smil Administration, which can be contacted on info@godtsmil.dk or on tel.: +45 70 29 40 20.  

1.2) This privacy policy informs you of your rights when we process your personal data. Moreover, it informs you how we collect, process, and disclose your personal data.

2. The purpose

2.1) The purpose of the collection, processing, and disclosure of your personal data is 1) to offer you the treatment agreed, 2) to handle payments for your treatments, and 3) to make some of your health data available to you and other health people who can legally collect your data (hereinafter referred to as ”the purpose”).

3. Personal data

3.1) Personal data is information that can identify you as a person. 

3.2) General data and civil registration number

3.2.1) We collect general data about you in order to offer you the treatment agreed. 

3.2.2) We collect data from your national health service medical card, including name, address, age, sex, and civil registration number. 

3.2.2.1) We collect your civil registration number in order to report your invoices to the Danish health insurance organisation ”Danmark”, to settle accounts with your insurance, and to report to public authorities, to the extent we are obliged to do so. 

3.2.3) In addition, we also collect your email address and cell phone number so that we can contact you and send you a reminder of your appointments at the clinic.

3.2.4) Furthermore, we also collect and keep a photo of you. The purpose of the photo is solely to determine your identity.

3.3) Health data (specific category of data/sensitive data)

3.3.1) We collect and process your health data in accordance with the GDPR Section 7, 3. We do so as we are subject to confidentiality, cf. the Danish health legislation: 

3.3.1.1) https://stps.dk/da/borgere/patienters-retsstilling/tavshedspligt.

3.3.2) We collect and process the necessary information about your health which you provide to us, and which we collect from the central database FMK-online (Det Fælles Medicinkort, i.e. the Shared Medicine Card). 

3.3.3) We also collect and process health data about you which we have obtained from examinations and treatments of you, including x-rays. 

3.3.4) With your prior oral consent, we also collect – if required with regard to your treatment – health data from other health people, such as your doctor etc.   

3.3.4.1.1.) Some of the data we collect about you is data which we assess to be necessary in order to treat you. If you do not provide us with the necessary data, we will not be able to treat you properly. 

3.3.5) We only process personal data about you which are relevant and sufficient in order to fulfil the purpose. The same shall apply in relation to the extent of the personal data we collect. We only collect the personal data we need in order to fulfil the purpose.

3.3.5.1) We do not use your personal data for any other purposes than the purpose stated.

3.3.6) To ensure the quality of your personal data we have adopted internal rules and laid down procedures for controlling and updating your personal data. 

4. With whom do we share your data?

4.1) We make the data in your medical files available to other health professionals so that they – with your consent – are able to collect the health data which we have collected and processed about you. 

4.1.1) When we disclose/make your personal data available to other health professionals, they/their employer shall become an independent data controller for the personal data provided. 

4.1.1.1) They shall observe their obligation to provide you with information so that you are aware of the purposes for which we process your personal data.  

4.2) In addition, we also share your personal data with our administration department that handles payments etc.  

4.3) We may also disclose your personal data in anonymised form for statistical or scientific purposes.

5. Storage

5.1) Physical materials containing your personal data are stored in a locked room, which is only accessible to staff with a strictly professional purpose.

5.2) Electronic materials containing your personal data are partly stored on our own server, partly with an external data processor for backup and regeneration purposes.

5.2.1) We continuously ensure that we and the data processor have taken the required technical and organisational precautionary measures. 

5.2.2) We are responsible to you in respect of storing your personal data with the data processor.

6. Deletion of your personal data 

6.1) We keep and process your personal data as long as you are registered as an active patient at our clinic/as long as we a obliged to keep your medical files.

6.1.1) If you have not received any treatment within the last 24 months, we will change your status from “active” to “former” patient. 

6.1.2) Finally, we mark your personal data for deletion when we are no longer obliged to keep your medical files. 

7. Security and protection 

7.1) We have established and maintain appropriate organisational and technical measures so that your personal data will not be accidentally or illegally deleted, deteriorated, or lost - and it will not be brought to the knowledge of any unauthorised third party or in any other way be misused or used in inconsistency with the GDPR. 

7.1.1) If we are subject to a security breach where we assess that there is a high risk of your personal data being misused, we will inform you of this security breach without undue delay. We will also inform you of the measures we have taken to reduce the risk of your data being misused.

7.2) We have internal rules and instructions which ensure that only staff members, including practitioners, with a strictly professional purpose have access to your personal data, including health data. 

8. Your rights 

8.1.1) You have the right to be informed of which personal data we have collected and which we hold and process about you. Moreover, you have the right to receive copies of the data, including having them transferred to another dental clinic. 

8.1.2) You have the right to require rectification of, to object to, or to restrict the processing of your personal data.  

8.1.3) You have the right to have your personal data deleted, cf. yet Section 5. 

8.1.4) You have the right to withdraw your consent wholly or partly.

8.2) If you wish to complain about our processing of your personal data, you can lodge a complaint to the Danish data protection authority Datatilsynet, Borgergade 28, DK-1300 Copenhagen K, on Tel.: +45 33 19 32 00 or on email: dt@datatilsynet.dk.

Your rights according to this privacy policy do not affect your rights according to the health legislation, including your right to gain a full insight into your medical files. 

 

 

Version 1.0 maj 2018 

Loading...