Renev Dental GDPR Privacy Policy

Introduction

At Renev Dental, we are committed to protecting your personal data and ensuring your privacy is maintained. This Privacy Policy explains in detail how your personal data is collected, processed, stored, protected, and used when you interact with our website, https://renevdental.com/. All processing is performed in accordance with the European Union General Data Protection Regulation (GDPR) and applicable local data protection laws.

Data Security Measures

We employ advanced technical and organizational measures to safeguard your personal data against unauthorized access, loss, or disclosure. Sensitive information is protected during transmission through secure protocols (such as SSL/TLS) and is encrypted when stored. In some cases, your data may be pseudonymized or anonymized to prevent it from being directly linked to you.

Access to your personal data is strictly controlled by policies that ensure only authorized personnel with a legitimate need can access it. We adhere to the “least privilege” principle, and all staff receive regular training on data protection and confidentiality. Strong authentication measures, including robust password policies and, when applicable, multi-factor authentication, are implemented to further secure access. Additionally, all access to personal data is monitored and regularly audited.

Our cybersecurity protocols include continuous network and application security measures, such as firewalls, anti-virus software, and intrusion detection systems. We routinely update our systems, apply patches, and perform periodic tests and security audits to ensure the effectiveness of our protective measures.

In the event of a security incident, we have a clearly defined incident response plan that enables swift and effective action. If a personal data breach occurs, we will notify the appropriate supervisory authority within the required timeframe (typically within 72 hours) and, if necessary, inform affected individuals promptly. All security incidents are documented, and corrective actions are taken to prevent future occurrences.

User Rights Under GDPR

Under the GDPR, you have several rights concerning your personal data. These include:

• Right of Access: You have the right to request confirmation of whether we are processing your data and, if so, to obtain a copy of that data along with information about the processing purposes, categories of data, and recipients.
• Right to Rectification: If your personal data is inaccurate or incomplete, you can request its correction. We will verify and update the information promptly.
• Right to Erasure (Right to be Forgotten): You may request the deletion of your personal data under certain conditions, such as when the data is no longer necessary for its original purpose, consent is withdrawn, or processing is unlawful.
• Right to Restrict Processing: Under certain circumstances, you can ask us to limit the processing of your personal data. When processing is restricted, your data is stored but not further processed.
• Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, machine-readable format and, where feasible, to have it transferred to another controller.
• Right to Object: You can object to the processing of your data, particularly for direct marketing purposes. We will cease such processing if no overriding legitimate grounds exist.
• Right to Withdraw Consent: If we rely on your consent as the legal basis for processing, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing performed prior to withdrawal.

We have established simple procedures to enable you to exercise these rights. To submit a request, please contact us using the contact information provided below. We will respond to all legitimate requests within the legally mandated timeframe. If you are dissatisfied with our response, you may lodge a complaint with your local Data Protection Supervisory Authority.

Legal Obligations and Compliance

Renev Dental fully complies with all GDPR obligations and maintains comprehensive internal policies and procedures to ensure data protection. Key compliance measures include:

• Records of Processing: We maintain detailed records of our personal data processing activities, including the purposes, categories of data, recipients, and retention periods. These records are available for inspection by relevant supervisory authorities.
• Privacy by Design and Default: We integrate data protection principles into the design of our products, services, and processes. Only necessary data is collected and processed, and privacy-friendly default settings are implemented.
• Data Protection Impact Assessments (DPIAs): For processing activities likely to pose high risks to individuals’ rights and freedoms, we conduct DPIAs to identify and mitigate risks before proceeding.
• Data Breach Notification: In the event of a data breach, we comply with GDPR’s notification requirements by informing the relevant supervisory authority and affected individuals within the required timeframes. Every incident is documented, and corrective measures are implemented.
• Continuous Monitoring and Auditing: We regularly review our data protection measures through audits and internal assessments. Our management is committed to ensuring ongoing compliance with GDPR, and dedicated personnel oversee all aspects of data protection.

International Data Transfers

Most personal data is processed and stored within the European Union or European Economic Area (EU/EEA). In cases where personal data must be transferred outside the EU/EEA, we ensure that appropriate legal safeguards are in place:

• Adequacy Decisions: We transfer data only to countries recognized by the European Commission as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs): When transferring data to countries without an adequacy decision, we use the European Commission’s Standard Contractual Clauses to ensure that data protection standards are met.
• Additional Safeguards: Where necessary, we may implement additional measures such as Binding Corporate Rules (BCRs) or other approved certification mechanisms to guarantee data protection during international transfers.

Before any international transfer, we conduct a thorough assessment of the destination country’s legal framework and implement the necessary technical and organizational measures to maintain the protection of your personal data.

Third-Party Data Processing

To provide our services, Renev Dental may engage third-party service providers to process personal data on our behalf. These third parties are contractually bound to protect your data and to process it solely for the purposes we specify.

All third-party processing is governed by Data Processing Agreements that require these service providers to adhere to stringent data protection standards. We carefully select and monitor our third-party partners to ensure they meet our data security and privacy requirements. Should any issues arise, we retain the right to terminate contracts and seek legal recourse.

Comprehensive Cookie Policy

Our website uses cookies and similar technologies to enhance user experience, analyze website traffic, and support our services. Cookies are small text files placed on your device when you visit our website. They help remember your preferences, enable core website functions, and collect anonymized usage data.

We categorize cookies as follows:

• Strictly Necessary Cookies: Essential for the proper functioning of our website.
• Functional Cookies: Help personalize your experience by remembering your settings and preferences.
• Analytical Cookies: Collect data on how users interact with our site, aiding in performance and design improvements.
• Marketing Cookies: Used only with your explicit consent to deliver targeted advertising and measure campaign effectiveness.

Upon your first visit, a cookie consent banner will appear, allowing you to accept or reject non-essential cookies. You can modify your cookie settings at any time through our website or your browser’s settings.

Data Retention Policy

We retain your personal data only as long as necessary for the purposes for which it was collected or as required by law. Our data retention policy defines specific retention periods for different categories of personal data and establishes procedures for secure deletion or anonymization once these periods expire.

For example:

• Patient Records: Retained for the duration of the treatment relationship and in compliance with applicable healthcare regulations.
• Financial Records: Stored in accordance with tax and accounting laws, typically for several years.
• Communication Records: Retained for a period necessary to address inquiries or for quality assurance.
• Marketing Data: Kept as long as you remain subscribed to our communications, with prompt removal if consent is withdrawn.
• Usage Data: Analytical data collected via cookies or logs is stored for a limited period to identify trends without retaining personally identifiable details indefinitely.

When retention periods expire or upon request, data is securely deleted or anonymized, ensuring that it cannot be reconstructed or linked back to you.

Contact Information

If you have any questions regarding this Privacy Policy, wish to exercise your rights under the GDPR, or need further information about how we process your personal data, please contact us using the contact details provided on our website. We are committed to addressing your inquiries promptly and transparently.

This policy reflects our commitment to ensuring that your personal data is handled securely, lawfully, and transparently. We reserve the right to update this Privacy Policy periodically to maintain compliance with evolving data protection regulations.