Registers

1. Data collector

Hygga Oy (hereinafter referred to as “Hygga”, “we”, “our”, “us”) processes the patient data of customers of its dental clinic for the purposes of providing and producing services related to dental healthcare and occupational healthcare (hereinafter referred to as “Services”).

It is important to us at Hygga that you understand how we process your patient data. In this Privacy Policy, we explain how your patient data is processed.

Please note that this Privacy Policy is applicable only to patient data processed by Hygga in its capacity as data controller.

2. Contact details

Contact details of the data controller:

Hygga Oy
Business ID 2345414-4
Address: Kampinkuja 2, FI-00100 Helsinki
Telephone: +358(0)9 58 400 300
Email address: info@hygga.fi
www.hygga.fi

Hygga’s data protection officer:

Salla Hårdh, tietosuoja@hygga.com

Other person in charge of the personal data file:

Juha Vainio, tel. +358 40 6522 882, email address: juha.vainio(at)hygga.com

3. Collected data

We collect and process the following patient data on our customers:

Patient data

• First and last name
• Personal identity number
• Sex
• Email address
• Street address
• Telephone number
• Place of domicile
• Information on the insurance company, if applicable
• Appointment history
• Name or names and contact details of guardians or other legal representatives of underaged patients, and the name and contact details of the legal representative appointed to an adult patient, if applicable.
• Information pertaining to or affecting the oral health of the patient, including medication, drug allergies, diagnoses, and possible referrals.
• Any other information pertaining to the patient’s health or essential for providing treatment.
• Information on a possible insurance, financial commitment or occupational health agreement covering the patient.
• Information on the Hygga personnel who have provided treatment to the patient.
• Examination and imaging results (e.g. X-ray images, laboratory test results).
• Information on prohibitions, restrictions, rectifications, consent, or other actions by the data subject concerning the processing of patient data.
• Information and metadata pertaining to the processing of data, including date of recording, source of information, and logged data.
• Time booking through our website; Paytrail stores IP-address, payment method and payment time & date during the payment process. Paytrails privacy policy: https://www.paytrail.com/en/data-privacy-notice-paytrail-payment-service

We process patient data for the purposes of providing healthcare services and for the performing of its directly related measures.

In addition, we may collect, analyze and produce data on the duration and timing of appointments, insofar as it pertains to issues of congestion and resource allocation in the scheduling of appointments, as well as other similar non-specific metadata. Such information may be used by the data collector for purposes of information management, including the prediction of peak hours and resource allocation.

4.How do we collect patient data?

As a rule, the data referred to in this Privacy Policy is collected for processing from the data subjects or their guardian or legal representative, as well as from the members of our personnel who have provided care to the patient. Data may also be collected from the patient’s occupational healthcare organization, if the patient is a customer of Hygga via dental healthcare provided by their employer.

With the consent of the customer, patient data may also be requested from parties that have previously provided care to the customer.

Certain patient data may be created with devices or automatically through a patient data system (such as an automatic addition of a procedure corresponding to diagnosis data).

5. Purposes of data processing

Data stored in the patient registry is processed for the purposes of providing medical treatment or procedures and maintaining the patient’s oral health, planning, implementing and monitoring treatment, and compliance with the statutory documentation requirements of healthcare providers.

6. Duration of storage

We store the patient data of our customers for the minimum legally required duration.

The statutory duration of storage for patient data is 12 years after the death of the patient.

7. Transfer of personal data outside the European Economic Area

Hygga stores your personal data within the European Economic Area. Hygga will not transfer or disclose your personal data outside the European Economic Area.

8. Processors of personal data

We will not disclose your personal data to parties outside the Hygga organization, with the exception of the following grounds:

Legal grounds

We may disclose personal data to parties outside the Hygga organization only on specific or compelling legal grounds.

Authorized service providers

 We may transfer personal data for processing under the authority of Hygga to those service providers necessary for the provision treatment and services, such as hosting service providers.

Our agreements with our hosting service providers contain contractual obligations, under which the service providers pledge to process personal data only to the extent necessary for performing their appointed duties, as well as to comply, at minimum, all requirements for data protection and information security as stipulated by legislation and this Privacy Policy.

With your express consent

We may transfer personal data to third parties outside the Hygga organizations for reasons other than the aforementioned once we have received the express consent of the data subject. The data subject has the right to revoke said consent at any time.

9. Rights of the data subject

Right of access to information

Data subjects have the right to access their personal data processed by Hygga. If you wish, you can contact us to learn more about the type of personal data we process and their purposes of processing.

Right to request rectification

You have the right to request that any inaccurate, incomplete, obsolete or unnecessary personal data stored by us is rectified or supplemented. You can contact us and request your contact details or other personal data to be updated.

Due to their specific legal requirements, patient records are rectified in a way that permits the future review of the originally rectified entry. The name and position of the rectifier and the date and cause of rectification are always entered in patient records.

Right to request erasure of data

You have the right to request the erasure of data that are inaccurate or no longer needed for their original purpose. This means that in the case of patient records, data may be erased only to the extent that they are inaccurate or no longer needed. If data that is unnecessary for purposes of providing medical treatment is erased from the patient record, information on the erasure and its author and date is entered to the record.

Right to transfer data to another system

Data subjects have the right to receive a copy of their personal data stored by us in a structured, commonly used format, as well as the right to request the transfer of their patient data to another healthcare service provider.

Exercising your rights

If you wish to exercise any of your aforementioned rights, we ask that you provide the following information to Hygga by mail or email: name, address, telephone number, and a copy of a valid identification card. We may request that you provide further details in order to confirm your identity.

We may deny requests that recur unreasonably often or are excessive or clearly unfounded.

 10. Information security

We have implemented administrative, organizational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.

Patient data may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of patient data is protected with the appropriate user-specific credentials, passwords and access rights. The patient registry logs all instances of processing the data.

11. Filing a complaint 

You have the right to file a complaint to the supervisory authority in the event that you feel that the processing of personal data by Hygga is in violation of data protection legislation.

Last updated: 5.4.2023

 

HYGGA OY’S CUSTOMER AND DIRECT MARKETING DATA FILE PRIVACY POLICY

 

1. Data controller

Hygga Oy (hereinafter referred to as “Hygga”, “we”, “our”, “us”) processes the personal data of its customers for the purposes of managing customer relations and communications and for direct marketing.

In addition to the data of our private customers, Hygga may also process the personal data of representatives of our current or potential institutional customers and cooperation partners as part of this data file.

It is important to us at Hygga that you understand how we process your personal data. Below you can find more information on the processing of your personal data.

Please note that this Privacy Policy only applies to personal data processed by Hygga in its capacity as data controller.

2. Contact information

Contact details of the data controller:

Hygga Oy

Business ID 2345414-4
Address: Kampinkuja 2, 00100 Helsinki, Finland
Telephone: +358 (0)9 58 400 300
Email: info@hygga.fi
www.hygga.fi

 Hygga’s data protection officer:

Salla Hårdh, tietosuoja@hygga.com

3. Collected data

• First and last name
• Email address
• Postal address
• Telephone number
• Campaign history
• Invoices and billing information
• Consent, objections and other information related to direct marketing
• Consent related to recall contacting
• Other information provided by the customer (e.g. interest in services provided by Hygga other than basic dental healthcare).
• For representatives of institutional customers or partners: organization, position and other information pertaining to the institutional customer or partner.
• Information on sending, opening and clicking on advertisement e-mails sent to customers and partners.

We may also process customer and marketing data for the purposes of managing customer relations, communications and marketing.

The personal data of institutional customer representatives is only used for the purposes of communications and marketing directed at the institution.

4. How do we collect personal data?

The data processed in accordance with this Privacy Policy is collected from the data subjects or their guardian or legal representative.

Data of representatives of institutional customers or partners may also be collected from the organization that the representative works for or represents.

During a customer relationship, we may also collect data pertaining to campaign history, for example. Personal data may also be collected from public and private registers.

5. Purposes and legal basis of data processing

Customer and marketing data may also be used for the following purposes:

Customer communications and customer relations management (legal basis of processing: performance of a contract and legitimate interest)

The personal data of customers is used for the purposes of managing, maintaining and developing the relationship between Hygga and the Customer.

Direct marketing (legal basis of processing: legitimate interest)

We process personal data in order to communicate information about services to our Customers. Personal data may be used for marketing and electronic direct marketing carried out by Hygga. You have the right to prohibit direct marketing.

Improving quality and analyzing trends (legal basis of processing: legitimate interest)

We may process personal data related to the use of our services in order to improve their quality, for example by analyzing different trends related to the use of our services. We may also use personal data for customer satisfaction surveys to ensure that our service meets your needs. For this purpose, we only use data that cannot be used to identify a person when possible.

Complying with our legal obligations (legal basis of processing: legal obligation)

In certain situations, Hygga may process data for the purpose of management of and compliance with its legal obligations. This includes situations such as processing of data for the purpose of complying with accounting obligations.

Processing of claims and legal procedures (legal basis of processing: legitimate interest)

Hygga may process personal data in connection with legal claims, debt collection and legal proceedings. We may also process personal data to prevent fraud and misuse of our service, as well as for reasons related to information, system and online security.

Legal basis of processing

Hygga processes personal data primarily to fulfil its contractual obligations to you or the organization you represent, and to comply with its legal obligations. In addition, we also process personal data based on our legitimate interest to manage, maintain and develop our business operations and to create and maintain our customer and partner relations. When processing your personal data on the basis of our legitimate interest we check our legitimate interest against your right to privacy.

6. Duration of storage

We store the personal data of our Customers only for the legally required duration or for as long as necessary in order to carry out the intended purposes specified above. The duration of storage depends on the nature of the data and the purpose of processing. The maximum duration of storage is different on a case-by-case basis.

7. Transfer of personal data outside the European Economic Area

Hygga stores your personal data primarily within the European Economic Area.

However, in some situations we may transfer personal data to be processed outside this area. In such cases, we shall take measures to ensure a sufficient level of protection for your personal data in the location where it is processed. We shall ensure a sufficient level of data protection for personal data transferred to countries outside the EEA by signing agreements with our service providers that are in compliance with the standard clauses set out by the European Commission or other similar arrangement, such as a Privacy Shield arrangement.

8. Processors of personal data

We will not disclose your personal data to parties outside the Hygga organization, with the exception of the following grounds:

Legal grounds

We may disclose personal data to parties outside the Hygga organization if access to said personal data is necessary, on reasonable grounds, for (i) compliance with applicable legislation, regulations or court decisions; (ii) the detection, prevention or other processing of fraud, money laundering, terrorism financing or issues related to information security or technical difficulties; or (iii) the protection of the property or safety of Hygga or its customers, or purposes carried out in the public interest in compliance with legislation.

Authorized service providers

We may transfer personal data to service providers for processing under the authority of Hygga. Our service providers are contractually obligated to restrict the processing personal data as well as to comply, at minimum, all requirements for data protection and information security under this Privacy Policy.

With your express consent

We may transfer personal data to third parties outside the Hygga organizations for reasons other than the aforementioned once we have received the express consent of the data subject. Data subjects have the right to revoke said consent at any time.

Payer of procedures

If treatment is paid for by a third party (such as the city as a provider of a service voucher or an employer offering occupational dental care), payment data may be transferred to such a party to the extent that is necessary to document and verify the procedures.

9. Rights of the data subject

Right of access to information

Data subjects have the right to access their personal data processed by Hygga. If you wish, you can contact us to learn more about the type of personal data we process and their purposes of processing.

Right to request rectification

You have the right to request that any inaccurate, incomplete, obsolete or unnecessary personal data stored by us is rectified or supplemented. You can contact us and request your contact details or other personal data to be updated.

Right to request erasure of data

You may request us to erase your personal data. We will perform the requested measures, barring legitimate grounds to refrain from erasing the personal data.

Right to object to and restrict processing

You have the right to object to the processing or profiling of your personal data for purpose of direct marketing. You have the right to demand restrictions to the processing of your personal data, for example in the event that the data pertaining to is inaccurate. In addition, under certain special circumstances, you have the right to object to the processing of your personal data on grounds related to your particular personal situation.

Right to transfer data to another system

Data subjects have the right to receive a copy of their personal data stored by us in a structured, commonly used format, as well as the right to independently transfer their data to a third party.

Exercising your rights

If you wish to exercise any of your aforementioned rights, we ask that you provide the following information to Hygga by mail or email: name, address, telephone number, and a copy of a valid identification card. We may request that you provide further details in order to confirm your identity.

We may deny requests that recur unreasonably often or are excessive or clearly unfounded.

10. Direct marketing

We may send you notices and other direct marketing related to our services, such as our healthcare and hospital services.

Hygga may send marketing messages to potential future corporate customers whose personal data has been collected from public registers.

Data subjects always have the right to object to the processing of their personal data for the purpose of direct marketing, market research or profiling by contacting us at the contact details provided above or by using the option provided in direct marketing mails to opt out from the subscription.

11. Information security

We have implemented administrative, organizational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.

Personal data may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of personal data is protected with the appropriate user-specific credentials, passwords and access rights.

If regardless of data security measures there is a data security breach that is likely to have negative effects on your privacy we shall notify the appropriate persons and other affected parties of the breach as soon possible in accordance with applicable legislation, as well as authorities if required by applicable data security legislation.

12. Filing a complaint

You have the right to file a complaint to the supervisory authority if you feel that the processing of personal data by Hygga is in violation of data protection legislation.

The Data Protection Ombudsman acts as the local supervisory authority in Finland (tietosuoja.fi)

Last updated: 5.4.2023

 

PRIVACY POLICY OF HYGGA OY’S EMPLOYEE AND APPLICANT DATA FILE (HR DATA FILE)

1. Controller

Hygga Oy (“Hygga” or “we”) processes the personal data of its employees, self-employed persons and persons who have applied for a job at Hygga in order to fulfill its statutory obligations, to enable employee training and employee communication, and to recruit employees.

We process the personal data of not only our employees but also those of self-employed persons.

It is important to us at Hygga that you understand how we process your personal data. In this Privacy Policy, we explain how your personal data is processed.

Please note that this Privacy Policy is applicable only to personal data processed by Hygga in its capacity as data controller.

2. Contact details

Contact details of the data controller:

Hygga Oy

Business ID 2345414-4
Address: Kampinkuja 2, FI-00100 Helsinki
Telephone: +358(0)9 58 400 300
Email address: info@hygga.fi
www.hygga.fi

Hygga’s data protection officer:

Salla Hårdh, tietosuoja@hygga.com

3. Collected data

• First and last name
• Date of birth
• Contact details
• Personal identity number
• Information about the licenses needed for professional practice. (JulkiTerhikki / Valvira )
• Information about training, qualifications and competences
• Title, job title, position, and/or role in the company
• Employer’s name
• Groups of registered professionals, such as dental nurses, dentists, dental hygienists
• Possible resume
• Any information about personal or aptitude evaluations
• Suitability for the job and other professional-related observations and notes
• Information about the work relationship, such as start date and any end date
• Information about working hours monitoring
• Employee’s health information within the legal limits
• Any credit history to be obtained
• Information needed for salary payment
• Consent given by applicants regarding the storage and communication of their information during the recruitment process
• Information related to communication such as email conversations, memos, and notes
• With regard to self-employed persons, equivalent applicable information needed for assignments
• Supervision data of the National Supervisory Authority for Welfare and Health (Valvira), including data and person performing supervision
• Hygga employees and self-employed persons have individual keys that store data

Hygga also has recording CCTV in the reception area and corridors. Staff areas or rooms designated for personal use do not have CCTV. Camera surveillance protects the employer’s valuable property and security and/or prevents and sorts out dangerous situations.

The CCTV cameras have been placed in a way that we record material that contains as little as possible of the personnel going about their daily work and as much as possible of the risk areas, which was why the camera surveillance system was set up in the first place.

4. How do we collect personal data?

As a rule, the data referred to in this Privacy Policy is collected for processing from the data subjects themselves. Certain data, such as relating to professional title or taxation may also be available from the relevant authorities.

5. Purposes of data processing

Personal data in the HR data file may be used not only to fulfil the employer’s statutory requirements, but also to inform the employees about the employer’s actions, and to recruit new employees or self-employed persons to Hygga.

6. Duration of storage

We keep job applicants’ data for six (6) months from the date their applications were delivered to us. This data can be stored longer if the person is chosen for the applied position or there is another reason that is based on the law.

We keep data concerning employees for as long as is necessary to fulfill the employer’s statutory obligations.

CCTV recordings are kept for a month unless a longer period is justified, for example due to some ongoing investigation.

7. Transfer of personal data outside the European Economic Area

As a rule, personal data is not transferred outside the European Union; Hygga will keep your data within the European Economic Area.

However, we reserve the right for the future introduction of systems that will transfer personal data outside this area. In such cases, any agreements concerning transfers are made in accordance with the EU Commission’s templates or any other system approved by the Commission, such as under the Privacy Shield programme.

8. Processors of personal data

We will not disclose your personal data to parties outside the Hygga organization, with the exception of the following grounds:

Legal grounds

We may disclose personal data to parties outside the Hygga organization if access to said personal data is necessary, on reasonable grounds, for (i) compliance with applicable legislation, regulations or court decisions; (ii) the detection, prevention or other processing of fraud, money laundering, terrorism financing or issues related to information security or technical difficulties; or (iii) the protection of the property or safety of Hygga or its customers, or purposes carried out in the public interest in compliance with legislation.

Authorized service providers

We may transfer personal data to service providers for processing under the authority of Hygga. Our service providers are contractually obligated to restrict the processing personal data as well as to comply, at minimum, all requirements for data protection and information security under this Privacy Policy.

With your express consent

We may transfer personal data to third parties outside the Hygga organizations for reasons other than the aforementioned once we have received the express consent of the data subject. Data subjects have the right to revoke said consent at any time.

9. Rights of the data subject

Right of access to information

Data subjects have the right to access their personal data processed by Hygga. If you wish, you can contact us to learn more about the type of personal data we process and their purposes of processing.

Right to request rectification

You have the right to request that any inaccurate, incomplete, obsolete or unnecessary personal data stored by us is rectified or supplemented. You can contact us and request your contact details or other personal data to be updated.

Right to request erasure of data

You may request us to erase your personal data. We will perform the requested measures, barring legitimate grounds to refrain from erasing the personal data.

Right to transfer data to another system

Data subjects have the right to receive a copy of their personal data stored by us in a structured, commonly used format, as well as the right to independently transfer their data to a third party.

Exercising your rights

If you wish to exercise any of your aforementioned rights, we ask that you provide the following information to Hygga by mail or email: name, address, telephone number, and a copy of a valid identification card. We may request that you provide further details in order to confirm your identity.

We may deny requests that recur unreasonably often or are excessive or clearly unfounded.

11. Information security

We have implemented administrative, organizational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.

Personal data in the HR data file may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of personal data is protected with the appropriate user-specific credentials, passwords and access rights.

12. Filing a complaint

You have the right to file a complaint to the supervisory authority in the event that you feel that the processing of personal data by Hygga is in violation of data protection legislation.

Last updated:

Date: 5.4.2023

 

WEBSITE PRIVACY POLICY FOR HYGGA OY

1. Data controller

Hygga Oy (“Hygga”) processes website visitors’ information in connection with providing and maintaining web pages. We store analytics data on website visitors, and data collected in connection with the chat service.

It is important to us that you understand how we process your personal data. Below you can find more information on the processing of your personal data.

Please note that this Privacy Policy only applies to website visitors’ personal data processed by Hygga in its capacity as data controller.

Direct marketing information is processed as part of our customer and direct marketing data file, the privacy policy of which can be found at the top of this page.

2. Contact information

Contact details of the data controller:

Hygga Oy

Business ID 2345414-4
Address: Kampinkuja 2, 00100 Helsinki, Finland
Telephone: +358 (0)9 58 400 300
Email: info@hygga.fi
www.hygga.fi

Hygga’s data protection officer:

Salla Hårdh, tietosuoja@hygga.com

3. Processed personal data

 We process your feedback given via our website, chat conversation data and conversation history.

In addition, we can process certain technical data regarding all website visitors that may in some situations be considered or may include personal data. This data includes:

• your IP address;
• the time of your visit;
• operating system and device type;
• the URL through which you accessed our site;
• your URL path on our site;
• your geographical location.

4. Cookies, analytics tools, and chat

We use cookies to improve the usability and functionality of our website. In addition, we use cookies to collect analytics data and integrate social media accounts into our site.

A cookie is a small text file stored on a user’s computer. If you do not want sites to store cookies on your computer, you can block cookies from your browser settings. In that case, we cannot guarantee that our website will work in the best possible way.

We use the Google Analytics tool on our website. Further information on Google Analytics privacy is available on the Google Analytics data protection web page.

Our website also offers the possibility to chat and provide feedback via the Zendesk tool.  Further information on Zendesk privacy is available here.

More information about our cookie policy can be found here.

5. How do we collect personal data?

Information is collected directly from visitors in connection with chat conversations and when using the feedback function on the website.

Technical analytics data is stored automatically during the visit.

6. Purposes and legal basis of data processing

Personal data may also be used for the following legal purposes and purposes that the data subject has consented to:

Customer communications and customer relations management (legal basis of processing: performance of a contract and legitimate interest)

We may use the data stored during a chat conversation for the purposes of customer service, communications, and customer relationship management and maintenance.

Should you contact our customer service via chat, we will use the provided information to answer questions, solve possible issues and process your message.

We will also process the data of website visitors in conjunction with the feedback provided on the website.

Analytics (legal basis of processing: legitimate interest)

We process the data of website visitors for the purpose of analyzing the amount and quality of our network traffic, such as the number of unique visitors, the number and duration of chat conversations, and the geographic locations of visits. We also analyze visitors’ movements within our websites, as well as information about how they arrive on the site.

Direct marketing (legal basis of processing: legitimate interest)

If you subscribe to our newsletter or express by other means (such as in a chat conversation) that you wish to receive direct marketing material, we may process your personal information in order to send you direct marketing material such as current offers and events.

For more information about the use of personal data for direct marketing, please read our Customer and Direct Marketing Data File Privacy Policy at the top of this page. You always have the right to prohibit electronic direct marketing.

Legal grounds for processing personal data

We process the data of our website visitors on the basis of a legitimate interest in maintaining and developing our business, such as collecting web analytics. When processing your personal data on the basis of our legitimate interest we check our legitimate interest against your right to privacy.

We also process personal data on the basis of consent when the visitor has consented to the processing of personal data.

7. Duration of storage

We store the personal data of our website visitors only for the legally required duration or for as long as necessary in order to carry out the intended purposes specified above. The duration of storage depends on the nature of the data and the purpose of processing. The maximum duration of storage is different on a case-by-case basis.

8. Transfer of personal data outside the EEA

We mainly process the personal data of website visitors within the European Economic Area.

However, in some situations we may transfer personal data to be processed outside this area. In such cases, we shall take measures to ensure a sufficient level of protection for your personal data in the location where it is processed. We shall ensure a sufficient level of data protection for personal data transferred to countries outside the EEA by signing agreements with our service providers that are in compliance with the standard clauses set out by the European Commission or other similar arrangement, such as a Privacy Shield arrangement.

9. Recipient groups of personal data

We will not disclose your personal data to parties outside the Hygga organization, with the exception of the following situations:

Authorized service providers

We may transfer personal data to service providers for processing under the authority of Hygga, for example to providers of server or chat services. Our service providers are contractually obligated to restrict the processing of personal data as well as to comply, at a minimum, with all the requirements for data protection and information security under this Privacy Policy.

For legal grounds

We may disclose personal data to parties outside the Hygga organization if access to said personal data is necessary, on reasonable grounds, for (i) compliance with applicable legislation, regulations or court decisions; (ii) the detection, prevention or other processing of fraud, money laundering, terrorism financing, or issues related to information security or technical difficulties; or (iii) purposes carried out in the public interest in compliance with legislation.

With your express consent

We may transfer personal data to third parties outside the Hygga organizations for reasons other than the aforementioned once we have received the express consent of the data subject. You have the right to withdraw your consent at any time by contacting us.

10. Information security

We have implemented administrative, organizational, technological and physical protective measures aimed at ensuring the information security of the personal data we collect and process. Our protective measures are designed to maintain a level that is appropriate for ensuring the confidentiality, integrity and availability of data.

Personal data may only be processed by persons authorized to do so on grounds of fulfilling their work duties. The processing of personal data is protected with the appropriate user-specific credentials, passwords and access rights.

If regardless of data security measures there is a data security breach that is likely to have negative effects on your privacy we shall notify the appropriate persons and other affected parties of the breach as soon possible in accordance with applicable legislation, as well as authorities if required by applicable data security legislation.

11. Filing a complaint

You have the right to file a complaint to the supervisory authority if you feel that the processing of personal data by Hygga is in violation of data protection legislation.

The Data Protection Ombudsman acts as the local supervisory authority in Finland (tietosuoja.fi)

Last updated: 5.4.2023