DentalMonitoring Corporate Website Privacy Policy

ARTICLE 8. HOW DO WE SHARE YOUR PERSONAL DATA?

The information and Personal Data collected and processed by DM are intended for :

• The duly authorized internal staff (including without the list being exhaustive: Human resources, managers of each DM’s Employee, IT department for support, Marketing department for managing communication and DM Social Media).
• Administrative and judicial authorities on request from them;

Such transfers are secured by following a strict ISO13485 compliant process to verify they have the necessary organizational and technical measures to comply with relevant data protection legal requirements, security standards and quality standards.

In case of cross-border data transfers, DM has set up specific data privacy contractual clauses to ensure that these third parties apply protective measures to Your Personal Data that respect Your country’s legal requirements.

The DM Corporate Website is hosted in Amazon Web Service Inc (AWS) cloud services, with servers in different locations around the world. AWS are ISO 27001 and HDS compliant.

DM warrants that Your Personal Data will not be disclosed to any unauthorized third party without your consent. DM does not sell and rent Your Personal Data.

ARTICLE 9. HOW LONG DO WE STORE YOUR PERSONAL DATA ?

Your Personal Data are kept for a duration that does not exceed the period strictly necessary to carry out the Purposes and in any case are kept as appropriate:

• For a maximum of 3 years from Your last contact with DM;
• For a maximum of thirty (30) days from the request for deletion or transfer of Personal Data that Your requested to DM.

The above-mentioned period may be extended in the case of express consent or in the event that a longer period of retention is authorized or imposed for the compliance of a legal or regulatory obligation, and in particular in case of legal proceedings, or if You have exercised, for Your account, under the conditions set out below, one of the rights granted to You by the Data Protection Laws.

At the end of these periods, the Personal Data may be subject to a new Processing for the establishment of statistics and research reports, subject to anonymization and will not give rise to any exploitation of any nature whatsoever and may be archived in a secure manner for the necessary periods of conservation and / or prescription resulting from the applicable legislative or regulatory provisions.

ARTICLE 10. YOUR RIGHTS.

Pursuant to GDPR obligations, you have the following rights:

• A right to access, as the right to obtain from the Controller as to whether or not Personal Data concerning You are being processed, and, where that is the case, access to the Personal Data and the following information whose the purposes of the Processing, the categories of Personal Data concerned, the recipients or categories of recipient to whom the Personal Data have been or will be disclosed, in particular recipients in third countries or international organizations etc.;
• A Right to obtain the rectification, without undue delay, of inaccurate, incomplete, outdated Personal Data concerning You, or whose the collect is forbidden;
• A Right to oppose before to a Personal Data Processing realized by the Controller or to a Personal Data transfer, except if there are legitimate and compelling reasons that prevail on Your interests;
• Right to obtain from the Controller the erasure of Your Personal Data undue delay and the Controller shall have the obligation to erase Personal Data without undue delay where one of the following grounds applies:
  • The Personal Data are no longer necessary in relation to the Purposes;
  • You withdraw consent on which the Processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the Processing;
  • You object to the Processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the DM’s objects to the Processing pursuant to Article 21(2);
  • The Personal Data have been unlawfully processed;
  • The Personal Data have to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;
  • The Personal Data have been collected in relation to the offer of information society services referred to in Article 8(1).

• Right to Personal Data portability, i.e. the right to receive Your Personal Data which You have provided to a Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Controller without hindrance from the Controller to which the personal data have been provided, where:
  • (a) The Processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1); and
  • (b) The Processing is carried out by automated means.

• Right to object and automated individual decision-making.

For any complaint, You may submit a complaint to the national Supervisory Authority responsible for the protection of personal data, namely the National Commission for Data Protection and Liberties (the « CNIL »).

• Right to lodge a complaint before the Supervisory Authority, if You consider that the Processing of the Personal Data that You concerned are a violation of the Data Protection Laws.

To exercise any of Your rights, You can send a request:

• By email at the following address: privacy@dental-monitoring.com .
• By letter at the following postal address: Data Protection Officer – Dental Monitoring SAS, 75 rue de Tocqueville, 75017 Paris, France

In the event that You exercise one of Your rights electronically, the Personal Data will be provided, where appropriate, electronically by DM where possible, except that You have specifically requested that it is otherwise.

ARTICLE 11. SECURITY

DM has taken steps so You can rest assured Your Personal Data is safe with Dental Monitoring SAS.

Technical, organizational and structural security measures are in place to protect Your Personal Data against accidental, unauthorized or unlawful access, disclosure, alteration, loss, or destruction and, therefore, ensure the security, integrity and confidentiality of Your Personal Data.

Dental Monitoring SAS develops its systems under the “Privacy by Design” principle.

We also follow data minimization principles and have implemented the following measures:

• Pseudonymization and anonymization techniques whenever they are technically feasible; and
• Restricting Personal Data access to the sole employees who need to access Personal Data to perform the services described in the Service description, ensured by a regular review of access rights performed by the IT department.

We have implemented state-of-the-art IT security measures to protect Your Personal Data and regularly perform penetration tests to detect any vulnerability breach.

In the event of a security breach involving Personal Data processed under DM, we will take all legally required measures to address the situation. If there is a significant risk to the rights and freedoms of impacted users, this may include notifying them of the breach.

In case of security breach, DM provides a document determining:

• the nature of the security breach;
• if possible, the categories and the approximate number of persons affected by the security breach;
• the categories and the approximate number of records of personal data concerned;
• the likely consequences of the security breach;
• the steps taken or plan to take to prevent the incident from recurring or to mitigate any negative consequences. If the security breach represents a risk, DM shall notify the security breach to the CNIL within seventy-two (72) hours.

ARTICLE 12. MANAGEMENT OF DM SOCIAL MEDIA

The DM Corporate Website included DM Social Media features.

These features may collect Your IP address, which page You are visiting on our DM Corporate Website, and may set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of Social Media.

To find out more about the measures implemented by the DM Social Media to ensure the protection of Your Personal Data, we invite You to consult their respective privacy policies by clicking on the following links:

• Facebook privacy policy: https://www.facebook.com/privacy/explanation ;
• Instagram privacy policy: Data Policy | Instagram Help Center ;
• X’s privacy policy: https://x.com/en/privacy ;
• Linkedin privacy policy: LinkedIn Privacy Policy;

We recommend that You secure Your Social Media’ accounts, and choose a password including at least twelve (12) characters and four (4) different types: lower case letters, upper case letters, numbers and special characters.

In addition, we recommend to You not save Your usernames and passwords on Your computers.

ARTICLE 13. USE OF COOKIES

Paramètres des cookies

Cookies are small text files stored on computer hard drives and are regularly used to analyze individual website activity.

We inform you that 4 categories of Cookies can be installed during your navigation on our DM Corporate Website.

• The necessary Cookies;
• Cookies for adapting the DM Corporate Website to Your preferences and providing You with a better website experience;
• Cookies for service continuity and improvement purposes by DM;
• Cookies for audience tracking and crash tracking.

Cookies cannot be stored for more than thirteen (13) months.

For cookies which are not strictly necessary for the provision of an online communication service expressly requested by the Visitor or which are not intended solely to allow or facilitate transmission by electronic means, a banner is displayed during the first connection to the DM Corporate Website or any visit by a Visitor in order to :

• inform the Visitor about their implementation and purposes;
• to allow the Visitor to consent in a specific way, by purpose, by ticking a box or globally to a set of purposes, by pushing the button « accept all » or « refuse all ».

As Visitor, You shall withdraw Your consent at any time by setting Your browser (such as Internet Explorer, Chrome, Mozilla Firefox, etc.) to warn You before accepting cookies and refuse the cookie when Your browser alerts You to its presence.

You can configure Cookies on your browser. Your browser allows you to view, manage, delete and block Cookies from a website.

The configuration of each browser is different. It is described in the help menu of your browser, which will allow You to know how to modify your preferences in terms of cookies.

• For Internet Explorer ™: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-04 3d-7c16-ede5947fc64d ;
• For Safari ™: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac ;
• For Chrome ™: https://support.google.com/chrome/answer/95647?hl=en&co=GENIE.Platform%3DDesktop;
• For Firefox ™: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox ;

If you have refused necessary Cookies, the DM Corporate Website will remain accessible; however, this may affect Your full usability of it.

ARTICLE 14. STATISTICS AT DM

DM may collect and process Your Personal Data for statistical and analytical purposes to analyze the rate of use of the DM Corporate Website and Your preferences.

These processing are based on the legitimate interest pursued by DM, including the promotion of its activity and the adaptation of its marketing actions.

ARTICLE 15. UPDATES

DM may update the DM Corporate Website Privacy Policy from time to time and will notify Visitors of significant changes in the way we treat any Personal Data by disclosing a notice on the DM Corporate Website. We encourage You to periodically review this page for the latest information on our privacy practices.