Privacy Policy

Last updated: Sept. 10, 2021

DentalMind Privacy Policy

We thank you for taking time to read and understand the privacy policy (the “Privacy Policy”) of the corporate website reachable at the following link: https://dental-monitoring.com/ (the “DM Corporate Website”). The DM Corporate Website is edited by the company Dental Monitoring, a société par actions simplifiée, incorporated under the laws of France, identified under the RCS number 824 001 259, having its registered office at 75, rue de Tocqueville, 75017 Paris, France (“DM”).

The DM Corporate Website :

  • provides Visitors with information about the DM products (the “DM Products”) and DM services (the “DM Services”) (together the “DM Solution”).
  • Provides DM customers (the “DM Customers”) with a direct access to the DM Services which are governed by their own privacy policy.
  • offers some services to the Visitors and notably (i) the registration to events, webinars and courses sponsored by DM, (ii) a news section etc. (the “Services”). You can find details of DM Corporate Website’s services in the Terms of Use reachable at this link : https://dental-monitoring.com/terms-of-use/ (“DM Corporate Website Terms of Use”).

Capitalized terms set out below, including those in the preamble of the Privacy Policy, shall have the following meaning:

BambooHR: refers to the American company that provides human resource software as a service.

Data Protection Law: means (i) the EU General Data Protection Regulation 2016/679 (“GDPR”), (ii) the e-Privacy Directive 2002/58/EC (“e-Privacy Directive”), and any further applicable legislation replacing the e-Privacy Directive and/or the GDPR; (iii) any data protection law, statute or regulation of a European Union (“EU”) Member State, which may apply to one of the Parties pursuant to its data Processing activities or its establishment within the EU and (iv) any guidelines or opinion adopted by the European Data Protection Board (“EDPB”) as to interpret the application of GDPR and the e-Privacy Directive (v) the decisions of the Supervisory Authority or the judicial or administrative courts of an EU Member State which are binding on one of the Parties by way of its data Processing activities or its establishment within the EU; and (vi) the decisions rulings adopted by the EUCJ or the ECHR regarding Personal Data and privacy protection and freedom of speech or freedom of information;

Controller”, “Processing” and “Supervisory Authority” shall have the meaning assigned to them in Article 4 of the GDPR.

Depending on the Purposes, DM is Controller or Joint Controller with Social Media and BambooHR.

Cookies: shall have the meaning assigned to it in Article 13 of the DM Corporate Website Privacy Policy.

DM Corporate Website Terms of Use orTOU: means the terms of use of the DM Corporate Website.

DM Products: refers to the hardware sold by DM.

DM Services : refers to DentalMonitoring, SmileMate and Vision.

DM Solution : refers to the software, digital infrastructures, protocols, interfaces, mobile applications and hardware developed, manufactured and distributed by DM for use in the dental health sector.

Personal Data : shall have the meaning assigned to them in Article 4 of GDPR.

Privacy Policy: refers to the present privacy policy accessible on the DM Corporate Website  dedicated to inform Visitors of DM’s commitments to respect the Visitors’ Personal Data when they use the DM Corporate Website and the Services.

Purposes: refers to the main purposes of the use of Personal Data.

Services: refers to the services described in the preamble and in the DM Corporate Website Terms of Use.

Social Media: refer to the websites allowing to form a friends or professional knowledge and supplying to their members tools and interfaces of communication, on which the members can publish third content, and notably, without this list being exhaustive, Facebook, Instagram, Twitter, etc..

DM Social Media: refer to the Social Media managed by DM and directly reachable from the DM Corporate Website:

– Facebook accessible at the following address (“Facebook”): https://www.facebook.com/DentalMon/ or another URL;

– Instagram accessible at the following address (“Instagram”): https://www.instagram.com/dentalmonitoring/?hl=en or another URL;

– Twitter accessible at the following address (“Twitter”): https://twitter.com/dentalmon?lang=en or another URL;

– LinkedIn accessible at the following address (“Linkedin”): https://www.linkedin.com/company/dental-monitoring/mycompany/ or another URL.

Visitor: refers to the visitor of the DM Corporate Website.

You/Your: You designate.

Who collects personal data?

What is personal data? 

A Personal Data means any information relating to an identified or identifiable natural person (‘Data subject’); a Data Subject is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Dental Monitoring SAS, is a company identified under the RCS number 824 001 259, with offices at 75 rue de Tocqueville, 75017, Paris, France, that operates the DentalMind platform accessible via the websites and applications it publishes (“the Sites”) (dental-monitoring.com, eu.smilemate.com, ap.smilemate.com and us.smilemate.com as well as the Dental Monitoring app on the iOS App Store and Google Play store; the SmileMate app on the iOS App Store and Google Play store; and the Vision app on the iOS App Store; and the patient eShops https://shop.dental-monitoring.com, https://shop-us.dental-monitoring.com and https://shop-au.dental-monitoring.com).

What is the purpose of the privacy policy? 

  • The protection of Personal Data is paramount to DM.This Privacy Policy explains:
    • how we collect, protect, use and share Your Personal Data when You visit our DM Corporate Website and use the Services;
    • how DM protects and ensures the security, integrity and confidentiality of Your Personal Data.

    DM follows these principles in order to protect Your Personal Data:

    • We do not collect any more Personal Data than is necessary;
    • We only use Your Personal Data for the Purposes we specify in this Privacy Policy, unless You agree otherwise;
    • We do not keep Your Personal Data if it is no longer needed; and
    • Other than as we specify in this Privacy Policy, we do not share Your Personal Data with third parties.
    • We do not rent or sell your Personal Data to third parties.

Who are the actors of the processings? 

For the Purposes 1 to 6, DM is Controller.

For the Purpose 7 and 8, DM is Joint Controller with Bamboo HR and the DM Social Media.

Please refer to article 7 for the definition of the different purposes.

What personal data do we collect?

DM collects directly the following Personal Data:

  • Name, First name;
  • Your email address;
  • The name of Your practice if You are a healthcare professional;
  • Your mobile phone;
  • Your country;
  • Your state (if appropriate);
  • Your history of navigation.

Items with an asterisk are required.

DM also collects connection Personal Data as IP address, username and password or Identifiers and cookies especially treated on Article 13 of the DM Corporate Website Privacy Policy.

Why do we process personal data?

By visiting the DM Corporate Website, You are informed that Your Personal Data are collected and processed for the following Purposes:

  • To process and respond to Your information requests (Purpose n°1);
  • To process and respond to Your request for booking of demo of DM Solution (Purpose n°2);
  • To register for events, webinars or courses sponsored by DM (Purpose n°3);

To send You communications and newsletters, which may include the combination of data we receive from you offline and online, in order to The protection of Personal Data is paramount to DM.

This Privacy Policy explains:

  • how we collect, protect, use and share Your Personal Data when You visit our DM Corporate Website and use the Services;
  • how DM protects and ensures the security, integrity and confidentiality of Your Personal Data.

DM follows these principles in order to protect Your Personal Data:

  • We do not collect any more Personal Data than is necessary;
  • We only use Your Personal Data for the Purposes we specify in this Privacy Policy, unless You agree otherwise;
  • We do not keep Your Personal Data if it is no longer provide you with customized information or offers as well as courses, events and customer satisfaction surveys which may be of interest to you in the field of dentistry (Purpose n°4);
  • To realize statistics (Purpose n°5);
  • To improve the Services (Purpose n°6);
  • To apply for a DM job (Purpose n°7);
  • To manage the DM Social Media (Purpose n°8);

Personal Data are only used only whether they are strictly necessary to carry out the Purposes.

Depending on the Purposes, Processing is based on the legitimate interests pursued by the Controller, to take steps at the request of the Data Subject prior to entering into a contract, or because You gave Your consent.

If a Processing is based on Your consent, You can withdraw it at any time.

How do we share personal data?

The information and Personal Data collected and processed by DM are intended for :

–           The duly authorized internal staff (including without the list being exhaustive: Human resources, managers of each DM’s Employee, IT department for support, Marketing department for managing communication and DM Social Media).

–           Administrative and judicial authorities on request from them;

Such transfers are secured by following a strict ISO13485 compliant process to verify they have the necessary organizational and technical measures to comply with relevant data protection legal requirements, security standards and quality standards.

In case of cross-border data transfers, DM has set up specific data privacy contractual clauses to ensure that these third parties apply protective measures to Your Personal Data that respect Your country’s legal requirements.

The DM Corporate Website is hosted in Amazon Web Service Inc (AWS) cloud services, with servers in different locations around the world. AWS are ISO 27001 and HDS compliant.

DM warrants that Your Personal Data will not be disclosed to any unauthorized third party without your consent. DM does not sell and rent Your Personal Data

How long do we store your data?

Your Personal Data are kept for a duration that does not exceed the period strictly necessary to carry out the Purposes and in any case are kept as appropriate:

  • For a maximum of 3 years from Your last contact with DM;
  • For a maximum of thirty (30) days from the request for deletion or transfer of Personal Data that Your requested to DM.

The above-mentioned period may be extended in the case of express consent or in the event that a longer period of retention is authorized or imposed for the compliance of a legal or regulatory obligation, and in particular in case of legal proceedings, or if You have exercised, for Your account, under the conditions set out below, one of the rights granted to You by the Data Protection Laws.

At the end of these periods, the Personal Data may be subject to a new Processing for the establishment of statistics and research reports, subject to anonymization and will not give rise to any exploitation of any nature whatsoever and may be archived in a secure manner for the necessary periods of conservation and / or prescription resulting from the applicable legislative or regulatory provisions.

How can you exercise your rights?

You have:

  • A right to access, as the right to obtain from the Controller as to whether or not Personal Data concerning You are being processed, and, where that is the case, access to the Personal Data and the following information whose the purposes of the Processing, the categories of Personal Data concerned, the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations etc.;
  • A Right to obtain the rectification, without undue delay, of inaccurate, incomplete, outdated Personal Data concerning You, or whose the collect is forbidden;
  • A Right to oppose before to a Personal Data Processing realized by the Controller or to a Personal Data transfer, except if there are legitimate and compelling reasons that prevail on Your interests;
  • Right to obtain from the Controller the erasure of Your Personal Data undue delay and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:
  • The Personal Data are no longer necessary in relation to the Purposes;
  • You withdraw consent on which the Processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the Processing;
  • You object to the Processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the DM’s objects to the Processing pursuant to Article 21(2);
  • The Personal Data have been unlawfully processed;
  • The Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
  • The Personal Data have been collected in relation to the offer of information society services referred to in Article 8(1).
  • Right to Personal Data portability, i.e. the right to receive Your Personal Data which You have provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, where:

(a) The Processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and

  1. b) The Processing is carried out by automated means.
  • Right to object and automated individual decision-making.

For any complaint, You may submit a complaint to the national Supervisory Authority responsible for the protection of personal data, namely the National Commission for Data Protection and Liberties (the “CNIL”).

  • Right to lodge a complaint before the Supervisory Authority, if You consider that the Processing of the Personal Data that You concerned are a violation of the Data Protection Laws.

To exercise any of Your rights, You can sent a request:

  • By email at the following address: privacy@dental-monitoring.com .
  • By letter at the following postal address: Data Protection Officer – Dental Monitoring SAS, 75 rue de Tocqueville, 75017 Paris, France

In the event that You exercise one of Your rights electronically, the Personal Data will be provided, where appropriate, electronically by DM where possible, except that You have specifically requested that it is otherwise.

Security

DM has taken steps so You can rest assured Your Personal Data is safe with Dental Monitoring SAS.

Technical, organizational and structural security measures are in place to protect Your Personal Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction and, therefore, ensure the security, integrity and confidentiality of Your Personal Data.

Dental Monitoring SAS develops its systems under the “Privacy by Design” principle.

We also follows data minimization principles and have setting up the following measures:

– Pseudonymization and anonymization techniques whenever they are technically feasible; and

– Restricting Personal Data access to the sole employees who need to access Personal Data to perform the services described in the Service description, ensured by a regular review of access rights performed by the IT department.

We have implemented state-of-the-art IT security measures to protect Your Personal Data and regularly perform penetration tests to detect any vulnerability breach.

Notwithstanding the above, should the security of the Personal Data processed under DM will take all legally required measures to remedy such an event, which may include notifying the impacted users of the breach in the likelihood of a higher risk to their rights and freedom.

In case of security breach, DM provides a document determining:

– the nature of the security breach;

– if possible, the categories and the approximate number of persons affected by the security breach;

– the categories and the approximate number of records of personal data concerned;

– the likely consequences of the security breach;

– the steps taken or plan to take to prevent the incident from recurring or to mitigate any negative consequences. If the security breach represents a risk, DM shall notify the security breach to the CNIL within seventy-two (72) hours.

Social Media Management

The DM Corporate Website included DM Social Media features.

These features may collect Your IP address, which page You are visiting on our DM Corporate Website, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of Social Media.

To find out more about the measures implemented by the DM Social Media  to ensure the protection of Your Personal Data, we invite You to consult their respective privacy policies by clicking on the following links:

We recommend to You to secure Your Social Media’ accounts, and to choose a password including at least twelve (12) characters and four (4) different types: lower case letters, upper case letters, numbers and special characters.

In addition, we recommend to You not save Your usernames and passwords on Your computers.

Cookies

Cookies are small text files stored on computer hard drives and are regularly used to analyze individual website activity.

We inform you that 4 categories of Cookies can be installed during your navigation on our DM Corporate Website.

  • The necessary Cookies;
  • Cookies for adapting the DM Corporate Website to Your preferences and providing You with a better website experience;
  • Cookies for service continuity and improvement purposes by DM;
  • Cookies for audience tracking and crash tracking.

Cookies cannot be stored for more than thirteen (13) months.

For cookies which are not strictly necessary for the provision of an online communication service expressly requested by the Visitor or which are not intended solely to allow or facilitate transmission by electronic means, a banner is displayed during the first connection to the DM Corporate Website or any visit by a Visitor in order to :

  • inform the Visitor about their implementation and purposes;
  • to allow the Visitor to consent in a specific way, by purpose, by ticking a box or globally to a set of purposes, by pushing the button “accept all” or “refuse all”.

As Visitor, You shall withdraw Your consent at any time by setting Your browser (such as Internet Explorer, Chrome, Mozilla Firefox, etc.) to warn You before accepting cookies and refuse the cookie when Your browser alerts You to its presence.

You can configure Cookies on your browser. Your browser allows you to view, manage, delete and block Cookies from a website.

The configuration of each browser is different. It is described in the help menu of your browser, which will allow You to know how to modify your preferences in terms of cookies.

If you have refused necessary Cookies, the DM Corporate Website will remain accessible; however, this may affect Your full usability of it.

Does DM realize statistics?

DM may collect and process Your Personal Data for statistical and analytical purposes to analyze the rate of use of the DM Corporate Website and Your preferences.

These processing are based on the legitimate interest pursued by DM, including the promotion of its activity and the adaptation of its marketing actions.

Updates

DM may update the DM Corporate Website Privacy Policy from time to time and will notify Visitors of significant changes in the way we treat any Personal Data by disclosing a notice on the DM Corporate Website. We encourage You to periodically review this page for the latest information on our privacy practices.

1SaMD means Software as a Medical Device. Product regulatory status may differ from one country to another. Please contact your local DentalMind representative or support@dental-monitoring.com for more information.

For customer support, please email: