Hygga processes customers’ personal data with care, fulfilling its responsibilities as a social and health care service provider regarding data protection obligations. We comply with the EU General Data Protection Regulation (GDPR), specific social and health care legislation, other applicable laws relevant to Hygga’s operations, and official guidelines on the processing of personal data. Additionally, we place special emphasis on careful and secure handling of personal data and adhere to, as well as continuously develop, good general data protection practices within the industry.
Navigate to the desired privacy notice using the links below:
PRIVACY NOTICE FOR PATIENT REGISTER
PRIVACY NOTICE FOR THE CUSTOMER AND DIRECT MARKETING REGISTER
WEBSITE PRIVACY POLICY FOR HYGGA OY
1. Data Controller
Hygga Oy (hereinafter referred to as “Hygga”, “we”, “our”, “us”) processes the patient data of customers of its dental clinic for the purposes of providing and producing services related to dental healthcare and occupational healthcare (hereinafter referred to as “Services”).
It is important to us at Hygga that you understand how we process your patient data. In this Privacy Policy, we explain how your patient data is processed.
Please note that this Privacy Policy is applicable only to patient data processed by Hygga in its capacity as data controller.
Contact details of the data controller:
Hygga Oy
Business ID 2345414-4
Address: Kampinkuja 2, FI-00100 Helsinki
Telephone: +358(0)9 58 400 300
Email address: info@hygga.fi
www.hygga.fi
Hygga’s data protection officer:
Salla Hårdh, tietosuoja@hygga.com
Other person in charge of the personal data file:
Juha Vainio, puh. +358 40 6522 882, juha.vainio@hygga.com
We collect and process the following patient data on our customers:
Patient data
We process patient data for the purposes of providing healthcare services and for the performing of its directly related measures.
In addition, we may collect, analyze and produce data on the duration and timing of appointments, insofar as it pertains to issues of congestion and resource allocation in the scheduling of appointments, as well as other similar non-specific metadata. Such information may be used by the data collector for purposes of information management, including the prediction of peak hours and resource allocation.
As a rule, the data referred to in this Privacy Policy is collected for processing from the data subjects or their guardian or legal representative, as well as from the members of our personnel who have provided care to the patient. Data may also be collected from the patient’s occupational healthcare organization, if the patient is a customer of Hygga via dental healthcare provided by their employer.
With the consent of the customer, patient data may also be requested from parties that have previously provided care to the customer.
Certain patient data may be created with devices or automatically through a patient data system (such as an automatic addition of a procedure corresponding to diagnosis data).
Data stored in the patient registry is processed for the purposes of providing medical treatment or procedures and maintaining the patient’s oral health, planning, implementing and monitoring treatment, and compliance with the statutory documentation requirements of healthcare providers.
The retention periods for patient data comply with the applicable regulations in force at any given time.
The retention period for patient records is defined by the Ministry of Social Affairs and Health Decree on Patient Records (94/2022). As a general rule, patient records are retained for 12 years after the patient’s death or, if the date of death is unknown, for 120 years from the patient’s birth.
We process all patient data primarily within the European Union (EU) or the European Economic Area (EEA).
Personal data may be transferred outside the EU or EEA, for example to the United States, in compliance with data protection legislation and within its limits. In such cases, the primary legal basis for the transfer is the European Commission’s adequacy decision on the level of data protection in the United States. If personal data is transferred to a country for which the Commission has issued an adequacy decision under Article 45 of the EU General Data Protection Regulation (GDPR), the adequacy decision serves as the primary legal basis for the transfer.
We will not disclose your personal data to parties outside the Hygga organization, with the exception of the following grounds:
Legal grounds
We may disclose personal data to parties outside the Hygga organization only when explicitly required or mandated by law.
If the care is paid for by a third party (for example, a municipality acting as a service voucher provider), data may be disclosed to such a party to the extent necessary for documenting and verifying the performed procedures.
Authorized service providers
We may transfer personal data for processing under the authority of Hygga to those service providers necessary for the provision treatment and services, such as hosting service providers.
Our agreements with our hosting service providers contain contractual obligations, under which the service providers pledge to process personal data only to the extent necessary for performing their appointed duties, as well as to comply, at minimum, all requirements for data protection and information security as stipulated by legislation and this Privacy Policy.
With your express consent
We may transfer personal data to third parties outside the Hygga organizations for reasons other than the aforementioned once we have received the express consent of the data subject. The data subject has the right to revoke said consent at any time.
Right of access to information
Data subjects have the right to access their personal data processed by Hygga. If you wish, you can contact us to learn more about the type of personal data we process and their purposes of processing.
Right to request rectification
You have the right to request that any inaccurate, incomplete, obsolete or unnecessary personal data stored by us is rectified or supplemented. You can contact us and request your contact details or other personal data to be updated.
Due to their specific legal requirements, patient records are rectified in a way that permits the future review of the originally rectified entry. The name and position of the rectifier and the date and cause of rectification are always entered in patient records.
Right to request erasure of data
You have the right to request the deletion of incorrect or unnecessary patient data. However, information in patient records can only be removed to the extent that it is incorrect or unnecessary. If information deemed unnecessary for the patient’s care is removed from the patient records, a note about the deletion, including who performed it and when, will remain in the records.
Personal data generally cannot be deleted because its processing is based on legal obligations and is subject to statutory retention requirements.
Right to transfer data to another system
Data subjects have the right to receive a copy of their personal data stored by us in a structured, commonly used format, as well as the right to request the transfer of their patient data to another healthcare service provider.
Exercising your rights
If you wish to exercise any of your aforementioned rights, we ask that you provide the following information to Hygga by mail or email: name, address, telephone number, and a copy of a valid identification card. We may request that you provide further details in order to confirm your identity.
We may deny requests that recur unreasonably often or are excessive or clearly unfounded.
Please note that requests regarding patient and personal data access, correction, and log information can only be accepted in writing.
For requests related to your information, please fill out the Customer Data Request Form, specifying which data you wish to review and providing as much detail as possible regarding your request. Send the completed form to us using secure mail. Instructions for secure mail and the data request form can be found at the following link.
We have implemented administrative, organizational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.
Patient data may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of patient data is protected with the appropriate user-specific credentials, passwords and access rights. The patient registry logs all instances of processing the data.
You have the right to file a complaint to the supervisory authority in the event that you feel that the processing of personal data by Hygga is in violation of data protection legislation.
Last updated: 17.6.2025
Hygga Oy (“Hygga” or “we”) processes the personal data of its customers to manage customer relationships, enable customer communication, and for direct marketing purposes. In addition to individual customers, Hygga may process personal data of representatives of current or potential corporate customers and partners as part of this register.
It is important to Hygga that you understand how we handle your personal data. Below we provide more information about the processing of your personal data.
Please note that this Privacy Notice applies solely to the processing of personal data conducted by Hygga as the data controller.
Contact details of the data controller:
Hygga Oy
Business ID 2345414-4
Address: Kampinkuja 2, FI-00100 Helsinki
Telephone: +358(0)9 58 400 300
Email address: info@hygga.fi
www.hygga.fi
Hygga’s data protection officer:
Salla Hårdh, tietosuoja@hygga.com
Other person in charge of the personal data file:
Juha Vainio, puh. +358 40 6522 882, juha.vainio@hygga.com
First and last name
Email address
Postal address
Phone number
Campaign history
Invoices and billing information
Consents, objections, or other information related to direct marketing
Consents related to recall contacts
Other information provided by the customer (e.g., expression of interest in Hygga’s services beyond basic dental care)
For representatives of corporate customers or partners: organization, position, and other information related to the corporate customer relationship or partnership
Sending, opening, and click data of marketing messages sent to customers and partners
Customer and marketing data may also be used for managing the customer relationship, communication, or marketing purposes. Information about representatives of corporate customers is used only for communication and marketing targeted at the respective organization.
The personal data processed under this Privacy Notice is obtained directly from the data subject or their guardian or legal representative.
Additionally, information about representatives of corporate customers or partners may be obtained from the organization that employs or is represented by the individual.
During the customer relationship, we may also collect information such as campaign history. Furthermore, personal data may be collected from public and private registers.
Customer and marketing data may also be used for the following purposes:
Customer communication and management of the customer relationship
(Legal basis: performance of contract and legitimate interest)
Customer data is used to manage, maintain, and develop the customer relationship between Hygga and the Customer.
Direct marketing purposes
(Legal basis: legitimate interest)
We process personal data to contact our Customers regarding services. Personal data may be used for Hygga’s marketing and electronic direct marketing. You have the right to object to direct marketing.
Quality improvement and analysis of usage trends
(Legal basis: legitimate interest)
We may process information about your use of our services to improve their quality, for example by analyzing various usage trends. We may also use personal data in customer satisfaction surveys to ensure that our services meet your expectations. Where possible, we use only aggregated data that does not allow identification of individuals for this purpose.
Compliance with legal obligations
(Legal basis: legal obligation)
In certain situations, Hygga may process data to manage and fulfill its statutory obligations. This includes, for example, processing data to comply with accounting requirements.
Handling claims and legal proceedings
(Legal basis: legitimate interest)
Hygga may process personal data in connection with legal claims, debt collection, and legal proceedings. We may also process data to prevent fraud and misuse of our services, as well as for information, system, and network security.
Legal Bases for Processing
Hygga processes personal data primarily to fulfill its contractual obligations towards you or the organization you represent and to comply with legal obligations. Additionally, we process personal data based on our legitimate interests to conduct, maintain, and develop our business and to establish and maintain customer and partnership relationships. When processing your personal data on the basis of legitimate interest, we balance our legitimate interests against your right to privacy.
We retain our Customers’ personal data only as long as required by law or as necessary to fulfill the purposes specified above. The retention period depends on the nature of the data and the purpose of processing. Therefore, the maximum retention period may vary on a case-by-case basis.
Hygga primarily stores your personal data within the European Economic Area (EEA).
However, in some cases, we may transfer personal data for processing outside this area. In such cases, we take measures to ensure that an adequate level of protection is maintained where your personal data is processed. We arrange sufficient safeguards for transfers of personal data to countries outside the EEA through contracts with our service providers based on the European Commission’s approved standard contractual clauses or through other equivalent arrangements, such as the Privacy Shield framework.
We do not disclose your personal data to parties outside the Hygga organization, except in the following situations:
For legal reasons
We may disclose personal data to parties outside Hygga when access to the personal data is reasonably necessary (i) to comply with applicable laws, regulations, or court orders; (ii) to detect, prevent, or otherwise address fraud, money laundering, terrorism financing, or information security or technical issues; or (iii) to protect the property or security of Hygga or our customers, or to ensure purposes required by public interest in accordance with the law.
To authorized service providers
We may disclose personal data to authorized service providers performing services on our behalf. Our contracts with service providers include commitments requiring them to restrict the use of personal data and to comply with privacy and security standards at least as stringent as those set forth in this Privacy Notice.
With your explicit consent
We may disclose personal data to third parties outside Hygga for reasons other than those stated above only with your explicit consent. You have the right to withdraw your consent at any time.
Right to access information
Data subjects have the right to access their personal data processed by Hygga. You may contact us to find out what personal data we process and for what purposes this data is used.
Right to request correction of data
You have the right to have inaccurate, incomplete, outdated, or unnecessary personal data that we store corrected or supplemented upon request. By contacting us, you can update, for example, your contact details or other personal information.
Right to request deletion of data
You may request that we delete your personal data. We will take the requested action unless we have a legitimate reason to retain the data.
Right to object and restrict processing
You have the right to object to the processing or profiling of your data if it is used for direct marketing purposes. You also have the right to request restriction of the processing of your personal data, for example, if the data concerning you is inaccurate. Additionally, in certain specific situations, you have the right to object to the processing of your personal data based on a personal particular situation.
Right to data portability
Data subjects have the right to receive their personal data from us in a structured, commonly used, and machine-readable format and to transfer the data independently to a third party.
Exercising your rights
If you wish to exercise any of the rights mentioned above, please send the following information to Hygga by post or email: your name, address, phone number, and a copy of a valid identity document. We may request additional information to verify your identity.
We may reject requests that are unreasonably frequent, excessive, or clearly unfounded.
We may send you newsletters and other direct marketing communications regarding our services, such as health and hospital services.
Hygga sends marketing messages to potential future corporate clients whose personal data has been obtained from public registers.
Data subjects always have the right to object to our use of their personal data for direct marketing, market research, or profiling by contacting us using the contact details provided above or by using the unsubscribe option offered in direct marketing messages.
We have implemented administrative, organizational, technical, and physical safeguards to protect the personal data we collect and process. Our security measures are designed to maintain an appropriate level of confidentiality, integrity, and availability of the data.
Personal data may only be processed by those individuals whose job duties justify such access. The use of personal data is protected by appropriate user-specific credentials, passwords, and access rights.
In the event of a data breach that is likely to have a detrimental effect on your privacy despite our security measures, we will notify the breach to the relevant individuals and other affected parties, as well as to the authorities as required by applicable data protection legislation, as soon as possible.
You have the right to file a complaint with the supervisory authority if you believe that Hygga’s processing of personal data violates data protection legislation.
The local supervisory authority in Finland is the Data Protection Ombudsman (tietosuoja.fi).
Last updated: 17.6.2025
Hygga Oy (“Hygga”) processes website visitors’ information in connection with providing and maintaining web pages. We store analytics data on website visitors, and data collected in connection with the chat service.
It is important to us that you understand how we process your personal data. Below you can find more information on the processing of your personal data.
Please note that this Privacy Policy only applies to website visitors’ personal data processed by Hygga in its capacity as data controller.
Direct marketing information is processed as part of our customer and direct marketing data file, the privacy policy of which can be found at the top of this page.
Contact details of the data controller:
Hygga Oy
Business ID 2345414-4
Address: Kampinkuja 2, 00100 Helsinki, Finland
Telephone: +358 (0)9 58 400 300
Email: info@hygga.fi
www.hygga.fi
Hygga’s data protection officer:
Salla Hårdh, tietosuoja@hygga.com
We process your feedback given via our website, chat conversation data and conversation history.
In addition, we can process certain technical data regarding all website visitors that may in some situations be considered or may include personal data. This data includes:
We use cookies to improve the usability and functionality of our website. In addition, we use cookies to collect analytics data and integrate social media accounts into our site.
A cookie is a small text file stored on a user’s computer. If you do not want sites to store cookies on your computer, you can block cookies from your browser settings. In that case, we cannot guarantee that our website will work in the best possible way.
We use the Google Analytics tool on our website. Further information on Google Analytics privacy is available on the Google Analytics data protection web page.
Our website also offers the possibility to chat and provide feedback via the Zendesk tool. Further information on Zendesk privacy is available here.
More information about our cookie policy can be found here.
Information is collected directly from visitors in connection with chat conversations and when using the feedback function on the website.
Technical analytics data is stored automatically during the visit.
Personal data may also be used for the following legal purposes and purposes that the data subject has consented to:
Customer communications and customer relations management (legal basis of processing: performance of a contract and legitimate interest)
We may use the data stored during a chat conversation for the purposes of customer service, communications, and customer relationship management and maintenance.
Should you contact our customer service via chat, we will use the provided information to answer questions, solve possible issues and process your message.
We will also process the data of website visitors in conjunction with the feedback provided on the website.
Analytics (legal basis of processing: legitimate interest)
We process the data of website visitors for the purpose of analyzing the amount and quality of our network traffic, such as the number of unique visitors, the number and duration of chat conversations, and the geographic locations of visits. We also analyze visitors’ movements within our websites, as well as information about how they arrive on the site.
Direct marketing (legal basis of processing: legitimate interest)
If you subscribe to our newsletter or express by other means (such as in a chat conversation) that you wish to receive direct marketing material, we may process your personal information in order to send you direct marketing material such as current offers and events.
For more information about the use of personal data for direct marketing, please read our Customer and Direct Marketing Data File Privacy Policy at the top of this page. You always have the right to prohibit electronic direct marketing.
Legal grounds for processing personal data
We process the data of our website visitors on the basis of a legitimate interest in maintaining and developing our business, such as collecting web analytics. When processing your personal data on the basis of our legitimate interest we check our legitimate interest against your right to privacy.
We also process personal data on the basis of consent when the visitor has consented to the processing of personal data.
We store the personal data of our website visitors only for the legally required duration or for as long as necessary in order to carry out the intended purposes specified above. The duration of storage depends on the nature of the data and the purpose of processing. The maximum duration of storage is different on a case-by-case basis.
We mainly process the personal data of website visitors within the European Economic Area.
However, in some situations we may transfer personal data to be processed outside this area. In such cases, we shall take measures to ensure a sufficient level of protection for your personal data in the location where it is processed. We shall ensure a sufficient level of data protection for personal data transferred to countries outside the EEA by signing agreements with our service providers that are in compliance with the standard clauses set out by the European Commission or other similar arrangement, such as a Privacy Shield arrangement.
We will not disclose your personal data to parties outside the Hygga organization, with the exception of the following situations:
Authorized service providers
We may transfer personal data to service providers for processing under the authority of Hygga, for example to providers of server or chat services. Our service providers are contractually obligated to restrict the processing of personal data as well as to comply, at a minimum, with all the requirements for data protection and information security under this Privacy Policy.
For legal grounds
We may disclose personal data to parties outside the Hygga organization if access to said personal data is necessary, on reasonable grounds, for (i) compliance with applicable legislation, regulations or court decisions; (ii) the detection, prevention or other processing of fraud, money laundering, terrorism financing, or issues related to information security or technical difficulties; or (iii) purposes carried out in the public interest in compliance with legislation.
With your express consent
We may transfer personal data to third parties outside the Hygga organizations for reasons other than the aforementioned once we have received the express consent of the data subject. You have the right to withdraw your consent at any time by contacting us.
We have implemented administrative, organizational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.
Personal data may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of personal data is protected with the appropriate user-specific credentials, passwords and access rights.
If regardless of data security measures there is a data security breach that is likely to have negative effects on your privacy we shall notify the appropriate persons and other affected parties of the breach as soon possible in accordance with applicable legislation, as well as authorities if required by applicable data security legislation.
You have the right to file a complaint to the supervisory authority if you feel that the processing of personal data by Hygga is in violation of data protection legislation.
The Data Protection Ombudsman acts as the local supervisory authority in Finland (tietosuoja.fi)
Last updated: 5.4.2023
PRIVACY POLICY OF HYGGA OY’S EMPLOYEE AND APPLICANT DATA FILE (HR DATA FILE)
1. Controller
Hygga Oy (“Hygga” or “we”) processes the personal data of its employees, self-employed persons and persons who have applied for a job at Hygga in order to fulfill its statutory obligations, to enable employee training and employee communication, and to recruit employees.
We process the personal data of not only our employees but also those of self-employed persons.
It is important to us at Hygga that you understand how we process your personal data. In this Privacy Policy, we explain how your personal data is processed.
Please note that this Privacy Policy is applicable only to personal data processed by Hygga in its capacity as data controller.
2. Contact details
Contact details of the data controller:
Hygga Oy
Business ID 2345414-4
Address: Kampinkuja 2, FI-00100 Helsinki
Telephone: +358(0)9 58 400 300
Email address: info@hygga.fi
www.hygga.fi
Hygga’s data protection officer:
Salla Hårdh, tietosuoja@hygga.com
3. Collected data
Hygga also has recording CCTV in the reception area and corridors. Staff areas or rooms designated for personal use do not have CCTV. Camera surveillance protects the employer’s valuable property and security and/or prevents and sorts out dangerous situations.
The CCTV cameras have been placed in a way that we record material that contains as little as possible of the personnel going about their daily work and as much as possible of the risk areas, which was why the camera surveillance system was set up in the first place.
4. How do we collect personal data?
As a rule, the data referred to in this Privacy Policy is collected for processing from the data subjects themselves. Certain data, such as relating to professional title or taxation may also be available from the relevant authorities.
5. Purposes of data processing
Personal data in the HR data file may be used not only to fulfil the employer’s statutory requirements, but also to inform the employees about the employer’s actions, and to recruit new employees or self-employed persons to Hygga.
6. Duration of storage
We keep job applicants’ data for six (6) months from the date their applications were delivered to us. This data can be stored longer if the person is chosen for the applied position or there is another reason that is based on the law.
We keep data concerning employees for as long as is necessary to fulfill the employer’s statutory obligations.
CCTV recordings are kept for a month unless a longer period is justified, for example due to some ongoing investigation.
7. Transfer of personal data outside the European Economic Area
As a rule, personal data is not transferred outside the European Union; Hygga will keep your data within the European Economic Area.
However, we reserve the right for the future introduction of systems that will transfer personal data outside this area. In such cases, any agreements concerning transfers are made in accordance with the EU Commission’s templates or any other system approved by the Commission, such as under the Privacy Shield programme.
8. Processors of personal data
We will not disclose your personal data to parties outside the Hygga organization, with the exception of the following grounds:
Legal grounds
We may disclose personal data to parties outside the Hygga organization if access to said personal data is necessary, on reasonable grounds, for (i) compliance with applicable legislation, regulations or court decisions; (ii) the detection, prevention or other processing of fraud, money laundering, terrorism financing or issues related to information security or technical difficulties; or (iii) the protection of the property or safety of Hygga or its customers, or purposes carried out in the public interest in compliance with legislation.
Authorized service providers
We may transfer personal data to service providers for processing under the authority of Hygga. Our service providers are contractually obligated to restrict the processing personal data as well as to comply, at minimum, all requirements for data protection and information security under this Privacy Policy.
With your express consent
We may transfer personal data to third parties outside the Hygga organizations for reasons other than the aforementioned once we have received the express consent of the data subject. Data subjects have the right to revoke said consent at any time.
9. Rights of the data subject
Right of access to information
Data subjects have the right to access their personal data processed by Hygga. If you wish, you can contact us to learn more about the type of personal data we process and their purposes of processing.
Right to request rectification
You have the right to request that any inaccurate, incomplete, obsolete or unnecessary personal data stored by us is rectified or supplemented. You can contact us and request your contact details or other personal data to be updated.
Right to request erasure of data
You may request us to erase your personal data. We will perform the requested measures, barring legitimate grounds to refrain from erasing the personal data.
Right to transfer data to another system
Data subjects have the right to receive a copy of their personal data stored by us in a structured, commonly used format, as well as the right to independently transfer their data to a third party.
Exercising your rights
If you wish to exercise any of your aforementioned rights, we ask that you provide the following information to Hygga by mail or email: name, address, telephone number, and a copy of a valid identification card. We may request that you provide further details in order to confirm your identity.
We may deny requests that recur unreasonably often or are excessive or clearly unfounded.
11. Information security
We have implemented administrative, organizational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.
Personal data in the HR data file may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of personal data is protected with the appropriate user-specific credentials, passwords and access rights.
12. Filing a complaint
You have the right to file a complaint to the supervisory authority in the event that you feel that the processing of personal data by Hygga is in violation of data protection legislation.
Last updated:
Date: 5.4.2023
Book the most convenient hour as a time slot and pay the booking fee 19,90€.
Your treatment will begin within the time slot, as soon as the first dentist or dental hygienist is free. You will receive your exact time by text message half an hour before your treatment time.
Your visit will last just as long as you like. Treating all of your problems at once will avoid awkward revisits and save time.
Call our customer service: Mon, Wed and Fri 08:00-16:00, Tue 09:00-17:00, Thu 10:00-18:00, Sat 09:00-15:00