Privacy Policy

This is Hammasterveyspalvelut Tyni Oy’s Privacy Policy on the processing of clients’ personal data.
The personal data controller is obliged by the General Data Protection Regulation (GDPR) to inform the data subjects in intelligible language and consistent form. This Privacy Policy complies with the informing requirements stated in the data protection legislation.

1. Register name

Hammasterveyspalvelut Tyni Oy‘s client register

2. Data controller

Hammasterveyspalvelut Tyni Oy
business id FI29953155
Kaunismäenkatu 31
FI-70800 KUOPIO
Finland
info@ilarityni.com

3. Data controller’s contact details

Data protection officer Ilari Tyni
info@ilarityni.com
+358 44 029 0890

4. Purpose of processing personal data and the justification of the register

The purposes of processing personal data are the following:

  • To manage client relationships and provide services to clients
  • To bill clients
  • To arrange and perform clients’ dental care
  • To develop, offer, and market Hammasterveyspalvelut Tyni Oy‘s products and services
  • To plan, develop, and analyze Hammasterveyspalvelut Tyni Oy‘s business activities and to compile its statistics

5. Data collected in the register

The client register may contain the following personal data:

  • Name
  • Address
  • Email address
  • Telephone number
  • Other necessary contact details

The client register may also contain the following data:

  • Information or details provided by the data subjects themselves, e.g. client feedback, messages, photos or other details
  • Details on insurances, occupational healthcare or related contracts, sports clubs or other such details related to the data subject

6. Data subjects’ rights

Data subjects are entitled to the following rights, which they can exercise by sending a request by email to info@ilarityni.com or by mail to Hammasterveyspalvelut Tyni Oy, Kanavanranta 4 A 6, FI-70840 KUOPIO, Finland

Right of access to data
Data subjects have the right to review their personal details.

Right to correct the data
Data subjects have the right to request rectification of false or incomplete data.

Right to object
Data subjects have the right to object to the processing of their data if they believe their data are being processed against regulations.

Right to prohibit direct marketing
Data subjects have the right to prohibit the use of their personal data for direct marketing purposes.

Right to erasure
Data subjects have the right to request erasure of their data if data processing is not necessary. The request will be reviewed and then erased. If data erasure is not possible, the data subject must be given justification for continuing the data processing.
It should be noted that the controller may have a legal or other legitimate right to refrain from erasing the data upon request. The Controller is obliged to keep accounting records for the period specified in the Finnish Accounting Act (chapter 2, section 10). Currently, the period is ten years. To comply with the above, any data relating to accounting may not be erased during the legal ten-year period.

Withdrawing consent
If data processing is based exclusively on the data subjects’ consent, instead of, e.g., the client relationship or membership, they have the right to withdraw their consent.

Right to appeal
Data subjects have the right to make an appeal to the data protection ombudsman, and they may request that the controller limit the processing of their data until the appeal is resolved.

Right to file a complaint
Data subjects have the right to file a complaint to the data protection ombudsman if they believe the controller violates or has violated current data protection regulations.
Contact details of the data protection ombudsman: tietosuoja.fi

7. Regular data sources

The primary sources of data are:

  • Data subjects themselves together with actions related to client relationships, utilizing services, communications and client interaction
  • Third parties providing identification, verification, address records, updating, credit control, and other services
  • Hammasterveyspalvelut Tyni Oy‘s partners, such as collaborating dental practices, if the data subject has agreed to data disclosure

8. Regular data disclosure

As a general rule, the data are not disclosed to third parties.
In the case of data disclosure for marketing or credit control purposes, the controller guarantees that the data processing complies with the current data protection regulation and is appropriate in every aspect. In contracts complying to the EU General Data Protection Regulation, data processing may be outsourced to a third party that provides services to and operates for Hammasterveyspalvelut Tyni Oy in purposes necessary to providing dental care, such as dental laboratory services, for clients. Personal data are not transferred outside the EU or EEA.

9. Duration of processing

Personal data are processed for as long as the client relationship is valid. The duration depends on the regulations for storing accounting material and patient records, also.

10. Personal data processors

Both the controller and its employees act as processors of personal data. The controller may partially outsource the data processing to a third party. In such a case, the controller guarantees with contractual measures that the data are processed in accordance to the data protection regulation and in an appropriate manner in every aspect.

11. Transfer of data outside the EU area

Personal data are not transferred outside the EU or EEA.

12. Automated decision-making and profiling

The controller does not utilize the data for automated decision-making or profiling.

13. Data register protection principles

No manual data are retained. Any material created manually is digitized and stored electronically in the accounting system in accordance with the time period specified in the Finnish Accounting Act. The personal data are stored in Hammasterveyspalvelut Tyni Oy’s electronic system and protected by protection software. Entering the data storage system requires credentials; user ID and password. The network and the hardware used for storing the data register are protected with appropriate technical solutions.

14. Modifications

This Privacy Policy was compiled April 1, 2021.

The controller may modify and update this Privacy Policy due to changes in legislation, for example. The types of modifications and dates of updates are indicated in the Privacy Policy. If significant changes are made, the controller will inform the data subjects of the changes by reasonable measures, such as email.