The present Policy has been developed following the standards enshrined in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) and other applicable personal data protection legislation.
The grounds for and the goal of processing
All personal information the users leave in this Portal shall be processed only with their consent and following the procedure envisaged by personal data protection legislation. Personal data collection and processing aims at provision of services related to production and sales of tailored dental supplies.
This Portal shall belong and personal data collected via it shall be processed by CristaLine aligners GmbH which determines further processing objective on the basis of the processing outcomes, including the one related to personal data transfer to processors and to third countries and shall act as the controller,
Collection of personal data of two types of users shall take place via the Portal: а) patients whose information that contains personal data is provided via it for the sake of service provision, and b) doctors who get registered on this Portal in order to get services in patients’ interests and who act as joint controllers.
Users whose personal data is processed shall be entitled to know about their personal data processing and to get access to it, to object to its processing, to demand changes, specification, or removal of this data from us, as well as to be notified about the loss or leakage of personal data within 72 hours from the moment such fact is detected. To get such information one should use the contact data indicated in the present Policy.
We process only the personal data that is necessary to process for the above reason, viz.
а) name, sex and date of birth of patients, their photos and CT/Roentgen photos of their jaws, as well as jaw scans, doctors’ comments concerning their physical condition,
b) name, legal address and postal address, contact data of doctors, information about clinics where they are employed.
We also process the information about the users that comes to be known to us automatically, for instance, the data about the ІР address and their actions on the Portal.
Additional information can be provided to users at their discretion or within the framework of our communication with users, in the content of the messages they send in accordance with the contact data indicated in the Portal as well as in attached files, but we do not demand provision of any other information with no relevant grounds for that, for example, in order to avoid abuse, fraud, to prevent data breach, etc.
Processing of sensitive personal data categories
We realize that information containing patients’ personal data belongs to sensitive personal data categories under the GDPR. These personal data categories are processed for the legitimate purposes of healthcare service provision to patients on the basis of their expressed consent and given all due means of protection are in place. On our part, as the controller, we take all measures to preserve integrity and security of this data, it is processed following the requirements of applicable laws. The details on the respective measures can be found in the Chapter “Security” of the present Policy.
Means of protection
We take all the necessary technical and organizational measures to protect personal data and its processing, envisaged by applicable laws. These measures, in particular, but not limited to, envisage the following:
(а) verification of the fact that doctors have received and process patients’ personal data on due grounds and apply the necessary personal data protection mechanisms as determined by the standards of applicable laws;
(b) verification of the fact that third parties – processors to whom we transfer personal data carry out their activity following the standards of applicable laws;
(c) signing of adequate Standard Contractual Clauses with doctors as joint controllers and processors to whom personal data is transferred;
(d) use of the Portal security protocols not lower than SSL level;
(e) regular audits of the state of protection of the personal data processed via the Portal, including Data Protection Impact Assessment in case personal data is transferred beyond the European Economic Area;
(f) use of only verified and reliable providers of the services of Portal placement and data storage on servers;
(g) other measures the details of which we may disclose while responding to the respective inquiries.
We do not bear any responsibility for obtained access to your personal data processed by us as the result of hacking or unauthorized access to the device from which this Portal is used.
We process personal data only over the period necessary for communication with the user or for achieving any other legitimate goal, but not longer than over the period envisaged by the personal data protection legislation.
Data transfer to third parties
User personal data can be transferred to third parties, including the ones from beyond the European Economic Area, provided these parties take the necessary technical and organizational steps, following the GDPR requirements.
We use cookie files to collect information about the Portal use for the sake of improving further Portal operation and service provision. To get additional information on how cookies and other detection technologies are used in relation to the Services, read our Cookies Policy.
For any issues related to personal data processing write to the e-mail address firstname.lastname@example.org