Privacy Policy

Last updated: May 6, 2021

DentalMind Privacy Policy

DentalMind is a brand comprising Software and Software as a Medical Device (SaMD) manufactured, developed and commercialised by DENTAL MONITORING SAS (“Dental Monitoring SAS”). These softwares are as follows:

  • DENTAL MONITORING (SaMD1) is an innovative software in the orthodontic and dental fields designed to assist dental practitioners in monitoring their patients’ orthodontic treatment and intraoral situation.
  • SMILEMATE (SaMD1) is an innovative software in the dental field designed to enable doctors to remotely assess intraoral situations, and strengthen the relationship between patients and healthcare professionals.
  • VISION is a software designed to create realistic simulations of patients’ smiles during and after orthodontic treatment.

The protection of personal data is paramount to Dental Monitoring SAS. This Privacy Policy explains how we collect, protect, use and share your personal data (i.e. information about an identified or identifiable natural person) that we gather through DentalMind software (collectively “The Services”).

Whether you are a Healthcare Professional or a Patient, please take the time to read this Personal Data Protection Policy, it is important that you understand it perfectly.

By using our Services, you consent to our collection, use, disclosure, transfer and processing of personal data in accordance with this Privacy Policy. You are also bound by the Terms and Conditions which you must accept before you start using the Services.

Who collects personal data?

Dental Monitoring SAS, is a company identified under the RCS number 824 001 259, with offices at 75 rue de Tocqueville, 75017, Paris, France, that operates the DentalMind platform accessible via the websites and applications it publishes (“the Sites”) (dental-monitoring.com, eu.smilemate.com, ap.smilemate.com and us.smilemate.com as well as the Dental Monitoring app on the iOS App Store and Google Play store; the SmileMate app on the iOS App Store and Google Play store; and the Vision app on the iOS App Store; and the patient eShops https://shop.dental-monitoring.com, https://shop-us.dental-monitoring.com and https://shop-au.dental-monitoring.com).

For the purposes of this Privacy Policy, a Healthcare Professional ( “HCP”) is defined as the natural person’s health provider qualified to practise dentistry or orthodontics in their territory having registered an account in order to access and use the DentalMind software.

Healthcare Professionals have the responsibility of Joint Controller with Dental Monitoring SAS for the data processing related to the health monitoring of their Patients performed through DentalMind Services. As such, Professionals guarantee that they process the personal data of their Patients collected through the DentalMind software in compliance with applicable personal data protection laws. For any other data collected or processed by the Professionals during the course of the treatment and that are not shared with Dental Monitoring SAS, the Professionals will remain solely and fully responsible for compliance with applicable laws and regulations. Professionals acknowledge that they are bound by the Dental Monitoring SAS Terms and Conditions and will not hold Dental Monitoring SAS responsible for damages arising out of their use of the DentalMind software in breach of the terms and conditions, this privacy policy and applicable laws.

What personal data do we collect?

From the heathcare professionals

DentalMind software collects Healthcare Professional’s personal data when they register an account on one of the Services. They may submit their personal data themselves when signing up to a DentalMind software, or it may be done for them through the help of one of Dental Monitoring SAS’ Staff.

Personal data we may collect when a Healthcare Professional signs up to one of DentalMind software.

Account data

  • Account credentials (user id, email, password hash)
  • The HCP’s personal information (first and last name, phone, email)
  • User settings (newsletter preferences, language, protocols, notification settings, country)

Personal data we may collect when a Healthcare Professional uses DentalMind software.

Technical data

  • Device information (type of device, IP address, unique identifier, device model, operating system and version, browser used, cookies or similar technologies, system language)
  • Information about usage of the software (IP address, connection date and time, pages visited)
  • Data about the internet connection (internet service provider, connection type (4G, 3G, DSL, etc)

Usage data

  • User activity logs
  • Messages sent to patients
  • Appointments booked with patients
  • Account configurations (email templates, dental notation preferences, treatments catalogues, protocols, etc)

Personal data we may collect when a Professional contacts Customer Support.

Support ticket data

  • Details regarding support tickets (date, time, subject and content of tickets)
  • Content of exchanges with agents (emails, chat)
  • Any other data that may be necessary to resolve tickets

Personal data we may collect when you purchase DentalMind services or hardware.

Subscription data

  • Invoices, credit notes, and other administrative documents
  • Transaction details (payment method, transaction date and time, currency, amount paid)

From the patients

We collect personal data from the Healthcare Professional’s Patients when they are registered onto one of the Services. Personal data may either be collected directly from the Patient, or indirectly through the Healthcare Professional.

In the case where a Healthcare Professional enters a Patient’s personal data into a DentalMind software on the Patient’s behalf, the HCP is responsible for ensuring they are legally allowed to do so and that the necessary measures have been taken with regards to applicable laws and regulations.

Personal data we may collect when a patient is registered to one of DentalMind software.

Account data

  • Account credentials (user id, email, password hash)
  • Patient personal information (first and last name, phone, email, photograph, date of birth, legal representative, the practice the patient receives treatment at, address, postal code, country)
  • User settings (protocols, notification settings)

Personal data we may collect when patients use DentalMind software.

Technical data

  • Device information (type of device, IP address, unique identifier, device model, operating system and version, browser used, cookies or similar technologies, system language)
  • Information about usage of the software (IP address, connection date and time, pages visited)
  •  Data about the internet connection (internet service provider, connection type (4G, 3G, DSL, etc)

Usage data

  • Messages sent to the Healthcare Professional
  • Appointments booked with the Healthcare Professional
  • User preferences

Medical data

  • Pictures of the Patient’s mouth
  • Profile picture (picture of the face)
  • Medical treatment and/or advice prescribed by the HCP
  • Treatment type and phase
  • Screening / analysis / simulation results
  • Messages exchanged between the HCP and the Patient containing medical data such as symptoms, reasons to consult and general health information
  • Digital impression of the Patient’s mouth

Personal data we may collect when Patients contact Customer Service.

Support ticket data

  • Details regarding the support ticket (date, time, subject and content of your ticket)
  • Content of the Patient’s exchanges with agents (emails, chat)
  • Any other data that may be necessary to resolve the ticket

Personal data we collect when a Patient purchases hardware directly from the eShop.

Order data

  • Contact information (first name, last name, email, phone number)
  • Shipping address (street, city, postal code, country)
  • Order details

Children’s privacy

At Dental Monitoring SAS, we do not intend to collect any information from children under the age of majority, as defined by the Patient’s country of residence, unless the consent is collected from a parent or legal guardian, or otherwise authorised by applicable regulation.

Why do we process personal data?

Healthcare professionals’ data

To deliver the services provided by DentalMind software.

We process HCP account data, technical data and usage data for the following purposes:

DentalMonitoring

  • To set up, configure and manage HCP accounts
  • To enable HCP to remotely monitor their patients’ orthodontic treatment and oral health

SmileMate

  • To set up, configure and manage HCP accounts
  • To provide HCP with assessments of their patients’ oral and dental health

Vision

  • To set up, configure and manage HCP accounts
  • To enable HCP to provide their patients with simulations of their appearance during and after orthodontic treatment

Processing this personal data is necessary to deliver Services to you, as described in the Terms of Use.

To manage HCP’s tickets (feedback / complaints / questions) with Customer Service.

We use HCP account data, technical data, subscription data and support ticket data to provide Healthcare Professionals with the best help we possibly can when HCP contact Customer Support:

  • When HCP contacts Customer Support to submit feedback, an issue or a complaint.
  • When HCP exercises their rights with regards to their personal data.
  • To improve the quality and the speed of the customer care we provide to HCP and their patients.

Processing these personal data for these purposes is necessary in order to fulfil our obligations as described in the Terms of Use, or in the case of exercising their rights, our obligations set out in the personal data protection laws and regulations applicable to Dental Monitoring SAS.

To manage HCP’s payments for DentalMind services and hardware.

According to the chosen means of payment, DentalMind may use subscription data for the following purposes:

  • To process payments when Healthcare Professionals subscribe to a service or purchase hardware.
  • To create and send invoices for HCP subscriptions to the Services.
  • To fulfil our accounting and legal obligations.

Processing these personal data is necessary for us to collect payments from Healthcare Professionals according to the Terms of Use and to comply with the accounting and fiscal laws and regulations that apply to DentalMind.

To improve, secure and monitor DentalMind’s software.

We process HCP account data, technical data and usage data for the following purposes:

  • To improve DentalMind software and develop new features.
  • To ensure that the security, confidentiality, integrity and availability of the platform is maintained.

It is our legitimate interest to process this data to deliver the best possible services on the DentalMind platform.

Patient data

To deliver the services provided by DentalMind software.

We process Patients’ account data, technical data, usage data and health data for the following purposes:

DentalMonitoring

  • To set up and manage Patients’ accounts
  • To send communications and notifications to HCP’s patients on HCP’s behalf
  • To enable HCP to remotely monitor their patient’s orthodontic treatment and oral health and assist their decision-making process with regards to their patients’ treatment

SmileMate

  • To set up and manage Patients’ accounts
  • To send communications and notifications to HCP’s patients on HCP’s behalf
  • To provide HCP and HCP’s patients with an assessment of:
    • teeth health
    • gum health
    • teeth alignment

Vision

  • To set up and manage Patients’ accounts
  • To send communications and notifications to HCP’s patients on HCP’s behalf
  • To provide patients with simulations of their appearance during and after orthodontic treatment

Processing this personal data is necessary to carry out the services offered by DentalMind software as described in the Terms of Use.

Processing of health data is based on the consent of the Patient which is gathered by the reading and the acceptation of the Patient consent form.

To manage Patients’ tickets (feedback / complaints / questions) with Customer Service.

We use patients’ account data, technical data and support ticket data to provide them with the best help we possibly can when they contact Customer Support:

  • When Patients contact Customer Support to submit feedback, an issue or a complaint.
  • When Patients exercise their rights with regards to your personal data.
  • To improve the quality and the speed of the customer care we provide to Patients.

Processing these personal data for these purposes is necessary in order to fulfil our obligations as described in the Terms of Use, or in the case of exercising Patients’ rights, our obligations set out in the personal data protection laws and regulations applicable to Dental Monitoring SAS.

To improve, secure and monitor DentalMind software.

We process HCP’s patients’ account data, technical data and usage data for the following purposes:

  • To improve DentalMind software and develop new features.
  • To ensure that the security, confidentiality, integrity and availability of the platform is maintained.

It is our legitimate interest to process these data to deliver the best possible services on the DentalMind platform.

To improve the quality of the services provided by DentalMind software.

We process Patient health data to carry out research and development activities, which in turn improves the performance of the algorithms used to analyse the scans taken by Patients.

  • To deliver the services provided by DentalMind software.

Carrying out this processing for research purposes is regulated by law and is based on public interest. Participation in this research is optional, and patients can opt-out by contacting Dental Monitoring SAS Data Protection Officer at privacy@dental-monitoring.com. Patients are informed of this purpose in the Patient Privacy Policy, which has to be read and agreed to before a patient can use DentalMind software.

How do we share personal data?

We share personal data with the following categories of third parties:

Healthcare professionals’ data

Technical suppliers

  • Cloud services and storage suppliers
  • Networking and telecommunication suppliers
  • Maintenance suppliers
  • Security services suppliers

Payment processors

  • Credit card payment processor (Stripe)
  • Direct debit payment processor (GoCardless)
  • Dental Monitoring SAS’ banks

Marketing suppliers

  • Customer relationship management software
  • Marketing automation software

Partners and subsidiaries

  • DentalMonitoring SAS holding company
  • DentalMonitoring SAS subsidiaries

Authorities

  • Legal and administrative authorities

Patients’ data

Technical suppliers

  • Cloud services and storage suppliers
  • Networking and telecommunication suppliers
  • Maintenance suppliers
  • Security services suppliers

Payment processors

  • Credit card payment processor (Stripe)

Partners and subsidiaries

  • DentalMonitoring SAS holding company
  • DentalMonitoring SAS subsidiaries

Authorities

  • Legal and administrative authorities

We transfer to these parties are secure by following a strict ISO13485 compliant process to verify they have the necessary organisational and technical measures to comply with relevant data protection legal requirements, security standards and quality standards.

Some of these third parties may be located abroad or may host the Patient’s data abroad. For these specific cross-border data transfers, DentalMind has set up specific data privacy contractual clauses to ensure that these third parties apply protective measures to the Patient’s personal data that respect the Patient’s country’s legal requirements.

DentalMind’s platform is hosted in Amazon Web Service Inc (AWS) cloud services, with servers in different locations around the world. AWS are ISO 27001 and HDS compliant and personal data storage location is compliant with regulation in each country where DentalMind operates.

How long do we store your data?

We both HCP and Patient personal data for the duration required by the purposes for which it is collected and in compliance with applicable laws and regulations.

How can you exercise your rights?

The General Data Protection Regulation (GDPR) gives citizens of the European Union rights with regards to their personal data. GDPR being globally considered as the reference standard in personal data protection matters, Dental Monitoring SAS enables its users across the world to benefit from these rights (some of these rights may be limited by applicable local laws and regulations in certain circumstances), which are:

  • Right to access personal data.
  • Right to modify or erase personal data, subject to the legal requirements applicable in the user’s country of residence.
  • Right to restrict personal data processing.
  • Right to oppose personal data processing.
  • Right to personal data portability.
  • Right to lodge a complaint with a supervisory authority or to seek judicial remedies.

How to exercise your rights

HCP can access, correct, amend and update their personal data on their account at any time.

Patients can correct and amend their data by contacting their dental practitioner.

To exercise their other rights, both HCP and Patients (Users) should contact Dental Monitoring SAS’ Protection Officer:

  • By email: privacy@dental-monitoring.com
  • By post:
    • Europe – Dental Monitoring SAS PRIVACY, 75 Rue de Tocqueville, 75017 PARIS, FRANCE
    • Americas – Dental Monitoring PRIVACY, 1717 W 6th St #425, Austin, TX 78703, UNITED STATES
    • APAC – Dental Monitoring PRIVACY, Unit 1, 7 Ridge Street, North Sydney,
    • NSW, 2060, AUSTRALIA

Users should specify the nature of their request in the email’s subject and specify the details of the request in the email itself. We may request additional information from the user, in order to verify their identity, before moving forward with the request.

Security

We have taken steps so that HCP and Patients can rest assured their personal data is safe with Dental Monitoring SAS. Technical and organisational security measures are in place to protect Patients’, Professionals’ and visitors’ data privacy against accidental, unauthorised or unlawful access, disclosure, alteration, loss, or destruction of personal data. Dental Monitoring SAS develops its systems under the “Privacy by Design” principle.

Dental Monitoring SAS’ Regulatory Affairs & Quality Affairs team regularly monitors the evolution of regulations, good practices, and cybersecurity threats.

We also follow data minimisation principles and has set up the following measures:

– Pseudonymisation and anonymisation techniques whenever they are technically feasible; and

– Restricting personal data access to the sole employees that need to access personal data to perform the services described in the Service description, ensured by a regular review of access rights performed by the IT department.

We have implemented state-of-the-art IT security measures to protect the Patient’s personal data and regularly perform penetration tests to detect any vulnerability breach.

Notwithstanding the above, should the security of the personal data processed under DentalMind software be compromised, DentalMind will take all legally required measures to remedy such an event, which may include notifying the impacted users of the breach in the likelihood of a higher risk to their rights and freedom.

Updates

We may update this Privacy Policy document as we and the regulations that apply to us evolve. When we do, we will revise the date of the Privacy Policy document. Notice of such update and/or modification will be provided on our Sites or as otherwise required by applicable law. We encourage you to periodically review this document to stay informed about how we collect, use and share personal data. Your continued relationship with Dental Monitoring SAS after the posting or notice of any amended Privacy Policy shall constitute your agreement to be bound by any such changes. Any changes to this Privacy Policy take effect after being published or otherwise provided by Dental Monitoring SAS.

1SaMD means Software as a Medical Device. Product regulatory status may differ from one country to another. Please contact your local DentalMind representative or support@dental-monitoring.com for more information.

For customer support, please email: