Skip to main content

Registers

HYGGA OY’S CUSTOMER AND DIRECT MARKETING DATA FILE PRIVACY POLICY

  1. Data controller

Hygga Oy (hereinafter referred to as “Hygga”, “we”, “our”, “us”) processes the personal data of its customers for the purposes of managing customer relations and communications and for direct marketing.

In addition to the data of our private customers, Hygga may also process the personal data of representatives of our current or potential institutional customers and cooperation partners as part of this data file.

It is important to us at Hygga that you understand how we process your personal data. Below you can find more information on the processing of your personal data.

Please note that this Privacy Policy only applies to personal data processed by Hygga in its capacity as data controller.

  1. Contact information

Contact details of the data controller:

Hygga Oy

Business ID 2345414-4
Address: Kampinkuja 2, 00100 Helsinki, Finland
Telephone: +358 (0)9 58 400 300
Email: info@hygga.fi
hyggasolutions.com

Hygga’s data protection officer:

Salla Hårdh, tietosuoja@hygga.com

  1. Collected data
  • First and last name
  • Email address
  • Postal address
  • Telephone number
  • Campaign history
  • Invoices and billing information
  • Consent, objections and other information related to direct marketing
  • Consent related to recall contacting
  • Other information provided by the customer (e.g. interest in services provided by Hygga other than basic dental healthcare).
  • For representatives of institutional customers or partners: organisation, position and other information pertaining to the institutional customer or partner.
  • Information on sending, opening and clicking on advertisement e-mails sent to customers and partners.

We may also process customer and marketing data for the purposes of managing customer relations, communications and marketing.

The personal data of institutional customer representatives is only used for the purposes of communications and marketing directed at the institution.

  1. How do we collect personal data?

The data processed in accordance with this Privacy Policy is collected from the data subjects or their guardian or legal representative.

Data of representatives of institutional customers or partners may also be collected from the organisation that the representative works for or represents.

During a customer relationship, we may also collect data pertaining to campaign history, for example. Personal data may also be collected from public and private registers.

  1. Purposes and legal basis of data processing

Customer and marketing data may also be used for the following purposes:

Customer communications and customer relations management (legal basis of processing: performance of a contract and legitimate interest)

The personal data of customers is used for the purposes of managing, maintaining and developing the relationship between Hygga and the Customer.

Direct marketing (legal basis of processing: legitimate interest)

We process personal data in order to communicate information about services to our Customers. Personal data may be used for marketing and electronic direct marketing carried out by Hygga. You have the right to prohibit direct marketing.

Improving quality and analysing trends (legal basis of processing: legitimate interest)

We may process personal data related to the use of our services in order to improve their quality, for example by analysing different trends related to the use of our services. We may also use personal data for customer satisfaction surveys to ensure that our service meets your needs. For this purpose, we only use data that cannot be used to identify a person when possible.

Complying with our legal obligations (legal basis of processing: legal obligation)

In certain situations, Hygga may process data for the purpose of management of and compliance with its legal obligations. This includes situations such as processing of data for the purpose of complying with accounting obligations.

Processing of claims and legal procedures (legal basis of processing: legitimate interest)

Hygga may process personal data in connection with legal claims, debt collection and legal proceedings. We may also process personal data to prevent fraud and misuse of our service, as well as for reasons related to information, system and online security.

Legal basis of processing

Hygga processes personal data primarily to fulfil its contractual obligations to you or the organisation you represent, and to comply with its legal obligations. In addition, we also process personal data based on our legitimate interest to manage, maintain and develop our business operations and to create and maintain our customer and partner relations. When processing your personal data on the basis of our legitimate interest we check our legitimate interest against your right to privacy.

  1. Duration of storage

We store the personal data of our Customers only for the legally required duration or for as long as necessary in order to carry out the intended purposes specified above. The duration of storage depends on the nature of the data and the purpose of processing. The maximum duration of storage is different on a case-by-case basis.

  1. Transfer of personal data outside the European Economic Area

Hygga stores your personal data primarily within the European Economic Area.

However, in some situations we may transfer personal data to be processed outside this area. In such cases, we shall take measures to ensure a sufficient level of protection for your personal data in the location where it is processed. We shall ensure a sufficient level of data protection for personal data transferred to countries outside the EEA by signing agreements with our service providers that are in compliance with the standard clauses set out by the European Commission or other similar arrangement, such as a Privacy Shield arrangement.

  1. Processors of personal data

We will not disclose your personal data to parties outside the Hygga organisation, with the exception of the following grounds:

Legal grounds

We may disclose personal data to parties outside the Hygga organisation if access to said personal data is necessary, on reasonable grounds, for (i) compliance with applicable legislation, regulations or court decisions; (ii) the detection, prevention or other processing of fraud, money laundering, terrorism financing or issues related to information security or technical difficulties; or (iii) the protection of the property or safety of Hygga or its customers, or purposes carried out in the public interest in compliance with legislation.

Authorised service providers

We may transfer personal data to service providers for processing under the authority of Hygga. Our service providers are contractually obligated to restrict the processing personal data as well as to comply, at minimum, all requirements for data protection and information security under this Privacy Policy.

With your express consent

We may transfer personal data to third parties outside the Hygga organisations for reasons other than the aforementioned once we have received the express consent of the data subject. Data subjects have the right to revoke said consent at any time.

Payer of procedures

If treatment is paid for by a third party (such as the city as a provider of a service voucher or an employer offering occupational dental care), payment data may be transferred to such a party to the extent that is necessary to document and verify the procedures.

  1. Rights of the data subject

Right of access to information

Data subjects have the right to access their personal data processed by Hygga. If you wish, you can contact us to learn more about the type of personal data we process and their purposes of processing.

Right to request rectification

You have the right to request that any inaccurate, incomplete, obsolete or unnecessary personal data stored by us is rectified or supplemented. You can contact us and request your contact details or other personal data to be updated.

Right to request erasure of data

You may request us to erase your personal data. We will perform the requested measures, barring legitimate grounds to refrain from erasing the personal data.

Right to object to and restrict processing

You have the right to object to the processing or profiling of your personal data for purpose of direct marketing. You have the right to demand restrictions to the processing of your personal data, for example in the event that the data pertaining to is inaccurate. In addition, under certain special circumstances, you have the right to object to the processing of your personal data on grounds related to your particular personal situation.

Right to transfer data to another system

Data subjects have the right to receive a copy of their personal data stored by us in a structured, commonly used format, as well as the right to independently transfer their data to a third party.

Exercising your rights

If you wish to exercise any of your aforementioned rights, we ask that you provide the following information to Hygga by mail or email: name, address, telephone number, and a copy of a valid identification card. We may request that you provide further details in order to confirm your identity.

We may deny requests that recur unreasonably often or are excessive or clearly unfounded.

  1. Direct marketing

We may send you notices and other direct marketing related to our services, such as our healthcare and hospital services.

Hygga may send marketing messages to potential future corporate customers whose personal data has been collected from public registers.

Data subjects always have the right to object to the processing of their personal data for the purpose of direct marketing, market research or profiling by contacting us at the contact details provided above or by using the option provided in direct marketing mails to opt out from the subscription.

  1. Information security

We have implemented administrative, organisational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.

Personal data may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of personal data is protected with the appropriate user-specific credentials, passwords and access rights.

If regardless of data security measures there is a data security breach that is likely to have negative effects on your privacy we shall notify the appropriate persons and other affected parties of the breach as soon possible in accordance with applicable legislation, as well as authorities if required by applicable data security legislation.

  1. Filing a complaint

You have the right to file a complaint to the supervisory authority if you feel that the processing of personal data by Hygga is in violation of data protection legislation.

The Data Protection Ombudsman acts as the local supervisory authority in Finland (tietosuoja.fi)

Last updated: 5.4.2023

 

WEBSITE PRIVACY POLICY FOR HYGGA OY

  1. Data controller

Hygga Oy (“Hygga”) processes website visitors’ information in connection with providing and maintaining web pages. We store analytics data on website visitors, and data collected in connection with the chat service.

It is important to us that you understand how we process your personal data. Below you can find more information on the processing of your personal data.

Please note that this Privacy Policy only applies to website visitors’ personal data processed by Hygga in its capacity as data controller.

Direct marketing information is processed as part of our customer and direct marketing data file, the privacy policy of which can be found at the top of this page.

  1. Contact information

Contact details of the data controller:

Hygga

Business ID 2345414-4
Address: Kampinkuja 2, 00100 Helsinki, Finland
Telephone: +358 (0)9 58 400 300
Email: info@hygga.fi
hyggasolutions.com

Hygga’s data protection officer:

Salla Hårdh, tietosuoja@hygga.com

  1. Processed personal data

 We process your feedback given via our website, chat conversation data and conversation history.

In addition, we can process certain technical data regarding all website visitors that may in some situations be considered or may include personal data. This data includes:

  • your IP address;
  • the time of your visit;
  • operating system and device type;
  • the URL through which you accessed our site;
  • your URL path on our site;
  • your geographical location.

 

  1. Cookies, analytics tools, and chat

We use cookies to improve the usability and functionality of our website. In addition, we use cookies to collect analytics data and integrate social media accounts into our site.

A cookie is a small text file stored on a user’s computer. If you do not want sites to store cookies on your computer, you can block cookies from your browser settings. In that case, we cannot guarantee that our website will work in the best possible way.

We use the Google Analytics tool on our website. Further information on Google Analytics privacy is available on the Google Analytics data protection web page.

Our website also offers the possibility to chat and provide feedback via the Zendesk tool.  Further information on Zendesk privacy is available here.

More information about our cookie policy here.

  1. How do we collect personal data?

Information is collected directly from visitors in connection with chat conversations and when using the feedback function on the website.

Technical analytics data is stored automatically during the visit.

  1. Purposes and legal basis of data processing

Personal data may also be used for the following legal purposes and purposes that the data subject has consented to:

Customer communications and customer relations management (legal basis of processing: performance of a contract and legitimate interest)

We may use the data stored during a chat conversation for the purposes of customer service, communications, and customer relationship management and maintenance.

Should you contact our customer service via chat, we will use the provided information to answer questions, solve possible issues and process your message.

We will also process the data of website visitors in conjunction with the feedback provided on the website.

Analytics (legal basis of processing: legitimate interest)

We process the data of website visitors for the purpose of analysing the amount and quality of our network traffic, such as the number of unique visitors, the number and duration of chat conversations, and the geographic locations of visits. We also analyse visitors’ movements within our websites, as well as information about how they arrive on the site.

Direct marketing (legal basis of processing: legitimate interest)

If you subscribe to our newsletter or express by other means (such as in a chat conversation) that you wish to receive direct marketing material, we may process your personal information in order to send you direct marketing material such as current offers and events.

For more information about the use of personal data for direct marketing, please read our Customer and Direct Marketing Data File Privacy Policy at the top of this page. You always have the right to prohibit electronic direct marketing.

Legal grounds for processing personal data

We process the data of our website visitors on the basis of a legitimate interest in maintaining and developing our business, such as collecting web analytics. When processing your personal data on the basis of our legitimate interest we check our legitimate interest against your right to privacy.

We also process personal data on the basis of consent when the visitor has consented to the processing of personal data.

  1. Duration of storage

We store the personal data of our website visitors only for the legally required duration or for as long as necessary in order to carry out the intended purposes specified above. The duration of storage depends on the nature of the data and the purpose of processing. The maximum duration of storage is different on a case-by-case basis.

  1. Transfer of personal data outside the EEA

We mainly process the personal data of website visitors within the European Economic Area.

However, in some situations we may transfer personal data to be processed outside this area. In such cases, we shall take measures to ensure a sufficient level of protection for your personal data in the location where it is processed. We shall ensure a sufficient level of data protection for personal data transferred to countries outside the EEA by signing agreements with our service providers that are in compliance with the standard clauses set out by the European Commission or other similar arrangement, such as a Privacy Shield arrangement.

9.Recipient groups of personal data

We will not disclose your personal data to parties outside the Hygga organisation, with the exception of the following situations:

Authorized service providers

We may transfer personal data to service providers for processing under the authority of Hygga, for example to providers of server or chat services. Our service providers are contractually obligated to restrict the processing of personal data as well as to comply, at a minimum, with all the requirements for data protection and information security under this Privacy Policy.

For legal grounds

We may disclose personal data to parties outside the Hygga organisation if access to said personal data is necessary, on reasonable grounds, for (i) compliance with applicable legislation, regulations or court decisions; (ii) the detection, prevention or other processing of fraud, money laundering, terrorism financing, or issues related to information security or technical difficulties; or (iii) purposes carried out in the public interest in compliance with legislation.

With your express consent

We may transfer personal data to third parties outside the Hygga organisations for reasons other than the aforementioned once we have received the express consent of the data subject. You have the right to withdraw your consent at any time by contacting us.

  1. Information security

We have implemented administrative, organisational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.

Personal data may only be processed by persons authorised to do so on grounds of fulfilling their work duties. The processing of personal data is protected with the appropriate user-specific credentials, passwords and access rights.

If regardless of data security measures there is a data security breach that is likely to have negative effects on your privacy we shall notify the appropriate persons and other affected parties of the breach as soon possible in accordance with applicable legislation, as well as authorities if required by applicable data security legislation.

  1. Filing a complaint

You have the right to file a complaint to the supervisory authority if you feel that the processing of personal data by Hygga is in violation of data protection legislation.

The Data Protection Ombudsman acts as the local supervisory authority in Finland (tietosuoja.fi)

Last updated: 5.4.2023

News