Privacy policy diplomat-dental.com
- Identification of controller and general information
This privacy policy (hereinafter as “Privacy policy“) regulate conditions for personal data processing by the company DIPLOMAT DENTAL s.r.o., with its registered office at Vrbovská cesta 17, 921 01 Piešťany, company number: 36 222 089, registered with the commercial register of the District Court Trnava, section: Sro, insert no. 10414/T (hereinafter as “Controller“ od “we” in a respective grammatic form), which occurs:
- on the websites diplomat-dental.com (hereinafter as “website”),
- on profile of a controller on the social networks Facebook, LinkedIn and Instagram with name “Diplomat-dental solutions” and
- when using online apps “Diplomat Connect” and “Diplomat Tec+”.
Information on the personal data processing which occurs outside website or profiles of the Controller on social networks are contained in the respective internal regulations and if necessary, the Controller will provide you with it.
The Controller is hereby (via this Privacy policy) informing you why your personal data are processed, how they are processed, for how long they are processed, what your rights regarding the processing of your personal data are and other relevant information on the processing of your personal data. Via this Privacy policy, the Controller is fulfilling his information obligation to all data subjects, whether the personal data are obtained directly from you as data subjects or from other source.
The Controller processes your personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter as “Regulation“), with Act No. 502 of 23 May 2018 on supplementary provisions to the regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Data Protection Act) (hereinafter as “Act“) and other legislation in relation to personal data protection (hereinafter as “Personal data protection legislation“).
In matters related to personal data processing and protection, you may contact the Controller at the address DIPLOMAT DENTAL s.r.o., Vrbovská cesta 17, 921 01 Piešťany, Slovak Republic or via e-mail to e-mail address zodpovedna-osoba@diplomat-dental.com.
- Purposes, legal basis, storage period and categories of personal data
The Controller processes your personal data only for justified purposes, for a limited time and with the use of the maximum possible level of security. The Controller processes personal data only if there is a legal basis for their processing (in accordance with the principle of legality). The Controller always keeps personal data in accordance with the principle of minimization only during the period during which it is necessary to keep personal data. After this period, the Controller will delete the personal data, unless otherwise provided by law. The Controller also processes your personal data in accordance with the principle of minimization, so always only to the extent that the intended purpose of the processing is fulfilled. This means that the Controller does not request personal data from you that are not necessary for the specific purpose of processing.
Specific information on the purposes of the processing, the legal bases for their processing, the categories of personal data processed and the specified retention period can be found in the table below.
Website and social networks:
Purpose of the processing | Legal basis | Personal data or categories of personal data | Retention period |
---|---|---|---|
Publishing of the personal data, contact data and photographs of the employees and co-workers on the website and profiles on social networks | Art. 6 (1) letter a) of the Regulation – consent of the data subject | Name, surname, e-mail address, tel. no., photography, functional categorisation | 5 years following the day of granting the consent or until its withdrawal, depends on which of the conditions stated above occurs earlier |
Providing a response to the messages and Handling with inquiries/requests from the messages delivered via contact form on the website or via profiles of the Controller on social networks | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller, which lays in the interest of the Controller on responding to the messages in order to deal with the messages and inquiries for proper business communication with customers and quality of the provided services | Name, surname, e-mail address, tel. no., other personal data stated in the message | 3 months following the receipt of the request or until the handling with the request (fulfilment of the purpose), depends on which of the conditions stated above occurs earlier |
Providing the customers with current offers | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller in informing customers about new offers of the Controller | e-mail address | 3 years from the conclusion of the contract |
Sending newsletters and product brochures (direct marketing) | Art. 6 (1) letter a) of the Regulation – consent of the data subject | e-mail address, phone number | 3 years following the day of granting the consent or until its withdrawal, depends on which of the conditions stated above occurs earlier |
Performance of online consultations about the Controller´s products during precontractual relationships | Art. 6 (1) letter b) of the Regulation – processing of personal data is carried out during the precontractual relationship | Name, surname, e-mail address, phone number, business name (name of the company), stipulated dated and time of consultation | Until the online consultation and the conclusion of the contractual relationship (until the online consultation takes place) |
Performance of online consultations about the Controller´s products during precontractual relationships (with potential customers, who are legal persons) | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which is the interest to carry out precontractual relationship with legal entities and acquisition of new customers – legal entities | Name, surname, e-mail address, phone number, business name (name of the company, on which behalf the person acts), stipulated dated and time of consultation | Until the online consultation and the conclusion of the contractual relationship (until the online consultation takes place) |
Participation of contractual partners on webinars organized by Controller | Art. 6 (1) letter b) of the Regulation – processing of personal data is carried out in accordance with concluded contract | e-mail address, name, surname, company, phone number | 3 months from the day the last webinar took place |
Login zone on the website – enabling the singing in for the contractual partners | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller in the need to fulfil the contractual obligations arising from the contracts concluded with business partners – legal entities (submission of documentary documentation and other necessary information for the performance of the contract) | e-mail address, name, surname, company, password | During the duration of the contractual relationship with the business partner or until the termination of the position of a natural person as a representative/employee of the business partner |
Handling with the rights exercised by data subjects | Art. 6 (1) letter c) of the Regulation – compliance with a legal obligation | Ordinary personal data, which are part of the request | Until handling with the rights exercised |
Keeping records of the executed rights of data subjects | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in keeping records of the rights exercised by the data subjects for proving fulfilment of the obligations arising out of legal regulations | Ordinary personal data, which are part of the request | 5 years following the day of exercising the rights |
Measuring website traffic and advertisement targeting (via analytical and retargeting cookies) | Art. 6 (1) letter a) of the Regulation – consent of the data subject | IP address and other data about activity of the visitor on the website and on preferences of the visitor of the website | Depending on the type of cookie used, maximum 2 years following the visit of the website or until the withdrawal of the consent, depends on which of the conditions stated above occurs earlier |
Online apps
Management of customer accounts in the online application Diplomat Connect (which are necessary for the performance of the contract – control of the delivered goods and its servicing) | Art. 6 (1) letter b) of the Regulation – processing of personal data is carried out in accordance with concluded contract | name, surname, e-mail address, password, type of device, country where the device is located, serial number of the device, data on the use of the device, its functions, error messages and the like, other data on the use of the product and its user (ordinary personal data), other submitted data when entering product feedback | During the duration of the contractual relationship (usage of the product and application) and until the full settlement of legal and other claims arising from the contractual relationship |
Management of customer accounts in the online application Diplomat Connect (which are necessary for the performance of the contract – control of the delivered goods and its servicing in the performance of the contract concluded with the customer – legal entity) | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in the need to fulfil contractual obligations arising from contracts concluded with customers – legal entities | name, surname, e-mail address, password, type of device, country where the device is located, serial number of the device, data on the use of the device, its functions, error messages and the like, other data on the use of the product and its user (ordinary personal data), other submitted data when entering product feedback | During the duration of the contractual relationship with the business partner or until the termination of the position of a natural person as a representative/employee of the business partner |
Management of user accounts in the online applications Diplomat Tec + and Diplomat Connect for service technicians (which are necessary for the fulfilment of the contract – performing service services on behalf of the operator and their registration) | Art. 6 (1) letter b) of the Regulation – processing of personal data is carried out in accordance with concluded contract | Name, surname, e-mail address, password, country where the device is located and serial number of the device on which the service was performed | During the duration of the contractual relationship (usage of the product and application) and until the full settlement of legal and other claims arising from the contractual relationship |
Management of user accounts in the online applications Diplomat Tec + and Diplomat Connect for service technicians (which are necessary for the fulfilment of the contract – performing service services on behalf of the operator and their registration) | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in the need to fulfil contractual obligations arising from contracts concluded the processors providing customer service and handling customer claims – legal entities | Name, surname, e-mail address, password, country where the device is located and serial number of the device | During the duration of the contractual relationship (usage of the product and application) and until the full settlement of legal and other claims arising from the contractual relationship |
Keeping records of and evaluation of data on the use of equipment and products of the controller in order to improve the quality of services provided and eliminate deficiencies through online applications | Art. 6 (1) letter f) of the Regulation – legitimate interest of the Controller which lays in the need to carry out:
– remote device diagnostics, – improvement of the functionality of tablet-operated dental units in the future, – identification of the most frequently performed operations with equipment (dental sets) in order to improve (simplify) their control |
1. the serial number of the device (the resulting country where the device is used and the identification of the user of the device),
2. data on the manipulation and control of the dental unit (equipment) by the user: movement of the chair, switching on the light, pulling the tool out of the holder on which the speed parameter has been changed, time of individual above-mentioned actions 3. automatic recording of device error messages: interrupted communication between electronic modules, collision of chair with spout, incorrectly connected micromotor to hose, missing water for cooling in the bottle and other error messages |
During the duration of the contractual relationship with the business partner or until the termination of the position of a natural person as a representative/employee of the business partner |
In relation to securing the personal data, the Controller has adopted internal documentation, in which adequate security measures are further specified. Security measures have been adopted in order to secure the processing of your personal data.
- Source of the personal data
The Controller obtains your personal data directly from you as a data subject, in case you provide the Controller with your personal data (when you subscribe to the newsletter, when you contact us via message sent through contact form on the websites, social network, when you visit one of the websites of the Controller or when you enter into contract with the Controller as a natural person). In some cases, especially if a service is ordered from the Controller by a business company or other entity of which you are a representative or contact person, the source of your personal data is this entity.
If you do not provide the Controller with your personal data in some cases, the Controller would not be able to respond to your message or to provide you with newsletter.
- To whom the controller provides your personal data?
Your personal data may be in some cases provided to public authorities, which are entitled to process your personal data, e.g. to courts, law enforcement authorities or other inspection authorities.
The Controller provides your personal data also to its processors, i.e. external subjects which process your personal data on behalf of the Controller. Processors process personal data based on the agreement with the Controller, in which they committed to adopt adequate technical and organisational measures in order to secure the processing of your personal data. The Controller currently uses as a processor:
- company providing IT services,
- company providing marketing services,
- companies providing repair services and technical support when handling your customer´s requests,
- company providing IT services regarding the online apps,
- company providing hosting services (including mail hosting services) and
- company providing newsletter services (MailerLite service).
Recipients of your personal data also include Google, LLC, which provides analytical and marketing services through cookies that the website stores on your device if you give the Controller consent to the storage of these files.
Recipients of your personal information also include European offices of Facebook, Inc. and LinkedIn Corporation as social network operators, if you contact the Controller via its profiles on social networks, in the position of joint controllers according to Art. 26 Regulations.
- Transfer to third countries and international organisations and profiling
A transfer of your personal data to third countries or international organisations may occur in the following situations:
- when using our online applications, your personal data may be transferred to third countries, depending on the country where our business partner is located, on whose behalf you are acting,
- if you subscribe to the newsletter on the Website, your personal data is transferred to the United States, the company operating the MailerLite service,
- when using analytical and marketing cookies on the website and when contacting the Controller via its profiles on social networks, in some cases your personal data may be transferred to the USA, to Google, LLC, Facebook, Inc. and LinkedIn Corporation, which are the parent companies of the European subsidiaries providing these services.
The transfer of your personal data is ensured by appropriate means of ensuring the transfer of personal data to third countries in accordance with the Personal data protection legislation, in particular through the use of standard contractual clauses, which are part of the terms of use of the above stated services.
The Controller does not use profiling when processing your personal data and does not process personal data in any form of automated individual decision-making, in which your personal aspects would be evaluated.
- What are our rights in relation to personal data processing?
As the data subject, your rights regarding the processing of your personal data are as follows:
Your rights | |
---|---|
Right of access – You have the right to obtain a copy of the personal data which we hold about you, as well as the information on how we use your personal data. In most cases, your personal data will be provided to you by electronic means of communication, unless otherwise requested by you. | Right to rectification – We take reasonable measures in order to ensure that the data which we hold about you are accurate, complete and up-to-date. In case the personal data we hold are inaccurate, incomplete or outdated, we will modify, update or complete such personal data on basis of your request. |
Right to erasure – Under certain circumstances, you have the right to ask us to erase your personal data, for example, if the personal data we have obtained about you, are no longer necessary to fulfil the original purpose of processing or if you withdraw your consent to the personal data processing. We assess exercising your right to erasure (right to be forgotten) on the basis of individual circumstances of each particular case of processing.
However, your right has to be assessed in the light of all relevant circumstances. For example, there may be certain circumstances or cases arising for us from applicable legislation when your personal data cannot be erased. In such case, we will not be able to accept your request. |
Right to restriction of processing – You have also the right to ask us not to process your personal data. If you believe that the personal data we process about you are not accurate, that the processing is unlawful and you request the restriction of their processing, that we no longer need your personal data, but they are required by you as the Data subject for the exercise of legal claims or if you believe that we as the controller are not entitled to further process your personal data, we will not further process your personal data on the basis of your request. |
Right to data portability – Under certain circumstances, you have right to transmit the personal data to another subject according to your choice. However, the right to portability applies only to personal data that we process under the contract to which you are one of the parties or on the basis of the consent which you have granted us. | Right to lodge a complaint or request – If you believe that we breach Personal data protection legislation when processing your personal data or that we have not handled your request in accordance with such legislation, you can lodge a complaint with the supervisory authority which is Úrad na ochranu osobných údajov SR, Hraničná 12, 820 07 Bratislava 27, Slovak republic, website: dataprotection.gov.sk, tel. No.: 02 3231 3214; e-mail: statny.dozor@pdp.gov.sk. |
RIGHT TO OBJECT
You have the right to object to processing of your personal data, for example if we process your personal data based on the legitimate interest or to processing in which profiling occurs. If you object to such personal data processing, we will not further process your personal data unless we demonstrate compelling legitimate grounds for such processing. |
|
RIGHT TO WITHDRAW CONSENT
If we process your personal data on the basis of your consent, you have the right to withdraw such consent for further processing of your personal data. You may withdraw your consent at any time in writing, by e-mail or orally (in person). |
You may exercise your rights specified in the table above at the contact addresses of the Controller listed at the beginning of this document. The Controller will provide you with the answer to the exercise of your rights free of charge.
In the event of a repeated, unreasonable or inappropriate request for the exercise of your rights, the Controller is entitled to charge a reasonable fee for the provision of information. The Controller will provide you with an answer within 1 month from the day when you exercised your rights. In certain cases, the Controller is entitled to extend this period, in the case of a high number and complexity of applications of the data subjects, maximally by 2 months. The Controller will always inform you about the extension of the deadline in advance.
- Validity
An updated version of this Privacy policy is valid and effective as of 31 August 2021. As it is possible that an update of the information on personal data processing contained in this Privacy policy may be necessary in the future, the Controller is entitled to update this Privacy policy at any time. In such case, the Controller will inform you about it in an adequate manner in advance.