|

GDPR

INFORMATION NOTE
regarding data processing by smartpedo.com

We are glad that you are interested in our company, products and services and would like to provide you with some essential information regarding our commitment to the security and privacy of personal data.

The Association for Education, Prevention and Intervention in Pediatric Dentistry (“SmartPedodontics“) is fully committed to protecting the privacy of the personal data of our customers, partners and suppliers. This privacy policy is intended to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information. The policy also contains the security measures that SmartPedodontics takes to protect such data and your rights in relation to it.

By ” smartpedo.com ” we mean any web page (website, landing page, subdomain, etc.) owned, managed or located under the umbrella of SmartPedodontics. By using this website, you agree to the collection, processing and transfer of your data as described in this policy.

Please check this section regularly as the policy may undergo changes or updates. Any significant changes to this policy will be notified.

In addition to this information note, please also consult the Cookie Policy and Terms and Conditions.

The information collected on our platform falls under the scope of the General Data Protection Regulation 2016/679 (Regulation (EU) 2016/679), also known as the GDPR, and the Privacy and Electronic Communications Directive (2002/58/EC) .

If you have any further questions, you can leave us a message on the contact page or contact us using the details below for any information on how we use your data.

Who are we?

We,  The Association for Education, Prevention and Intervention in Pediatric Dentistry (“SmartPedodontics”) , owners of the website  smartpedo.com, offer a dental conference.

Information about SmartPedodontics

The Association for Education, Prevention and Intervention in Pediatric Dentistry, which has its headquarters in Timișoara, Str. Mircea Cel Batran, Nr.111a , Timiș County, is registered at the Trade Register under no. X35/1255180/2023, having fiscal code no. 48169234.

Contacts

+40 745 379 453| registration@smartpedo.com| smartpedo.com

Where do we collect data about you?

In general, the personal data we collect is provided by you via e-mail, through this website -contact form-, social media networks.

Occasionally, when we are in the recruitment process, we may collect data about you from specialized online platforms (eJobs, LinkedIn, etc.) or from the CVs you send us.

Also, when you interact with us on social media (i.e. like, share, comment, review, etc.), we will inevitably have access to information about you, in particular data that you have made public on your profile .of social media.

How do we use personal data?

Please find below the purposes for which we process your personal data, who has access to your data, and how we store it.

1. When you contact us through the website or our social media accounts

If you interact with us using the contact details on  the contact page  or interact with us via social media, we will use your contact details and the data you provide to us to deal with your request.

Personal data

Name, first name, phone number, email address, Internet Protocol (IP), cookie ID, data you have made public on your social media profile and any other data you voluntarily submit to us.

Legality of processing

  • We process your data to take steps at the request of the data subject before concluding a contract (Art. 6 / 1 / b GDPR)
  • In pursuit of our legitimate interest (Art. 6 / 1 / f GDPR) to respond to any question, complaint or recommendation you send us and to improve our services and the experience we offer to our customers.

Who can we share your data with?

  • Providers of IT services for our company (hosting, data storage) or providers to whom we outsource certain technical support services for our website or providers of customer relationship management systems
  • Social media platforms: Facebook, Instagram, LinkedIn, YouTube
  • Marketing company for SEO optimization services
  • Web infrastructure and website security company
  • Regulatory and other government authorities, if required by legal or statutory requirements.

We will disclose your personal data only to the extent that this is strictly necessary to achieve the intended purpose. We have taken all necessary measures to ensure that external service providers who have access to your data have also implemented physical, electronic and managerial security measures to protect data.

How long will we store the data?

  • We will not keep in our database communications older than 1 year, from the date of the last interaction.
  • Data transmitted through social media networks will be stored by them according to their own policies.

Where is the data stored?

  • The data recorded through the com website   will be stored on the servers of the hosting provider, located in the European Union.
  • Data shared with social media platforms will be stored by them in accordance with their own policies, located in the European Union or the USA.
  • The data we download locally will be stored on our secure, on-premises and cloud servers located in the European Union or the US.

2. Making a registration via the form on the smartpedo.com website or by phone

Website visitors have two ways to make a registration for one of the services offered by us: by e-mail (registration@smartpedo.com) or through the online form. To register, we need your data or the participant’s data (if you make the registration on behalf of a participant, e.g. a minor).

Careful!

A registration is considered booked only after it has been confirmed by the SmartPedodontics team.

Personal data

Name, email address, phone number, online identifiers (eg IP)

Sensitive personal and/or demographic data

Any sensitive and/or demographic information that you  voluntarily disclose to us  in the registration process such as: gender, citizenship and/or citizenship information,  communication of participant and/or or data of racial, ethnic or religious origin.

Legality of processing

  • We process your data to take steps at the request of the data subject before concluding a contract (Art. 6 / 1 / b GDPR)
  • We process your data for the execution of a contract – the performance of the medical act established by the specialist doctor (Art. 6 / 1 / b GDPR)
  • We will process the data in legitimate interest if you are our customer and we believe that the information could be of great interest to you (Art. 6 / 1 / f GDPR)
  • The special categories of personal data will be processed in order to schedule the participant in order to perform the medical act established by the specialist doctor (Art. 9 / 2 / h GDPR)

Who can we share your data with?

  • Providers of IT services for our company (hosting and data storage) or providers to whom we outsource certain technical support services for our website or providers of customer relationship management systems
  • Web infrastructure and website security company
  • Regulatory and other government authorities, if required by legal or statutory requirements

We will disclose your personal data only to the extent that this is strictly necessary to achieve the intended purpose. We have taken all necessary measures to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect data.

How long will we store the data?

  • Programming data will be stored for a period of 12 months
  • The data entered in the participant file will be stored for 10 years in order to track the evolution of the condition over time
  • The data entered in the financial-accounting documents (e.g. invoices, card payments, cash-on-delivery payments, etc.) will be kept in the archive for 5 years, starting from the end of the financial year during which they were drawn up, in accordance with the periods of the Accounting Law no. 82/1991 and Order 2634/2015.

Where is the data stored?

  • The data recorded in our data management system will be stored on the servers of the web hosting provider, located in the European Union
  • The data we download locally will be stored on our secure, on-premise and cloud servers located in the European Union or the US

Whenever you use what SmartPedodontics offer, personal information, including medical information, will be recorded in the participant record.

Since Smart Pedodontics offers the possibility of paying for treatment plans through Star BT cards, this operation also concerns the processing of personal data by the Bank issuing the Card. For more information on data processing by the Bank, please contact this institution.

Personal data

Name, email address, phone number, gender, age.

Sensitive personal data

Any sensitive information relevant in carrying out the medical act established by the specialist, eg:  medical or health information of the participant  (conditions, etc.), etc.

Legality of processing

  • We process your data for the execution of a contract – (Art. 6 / 1 / b GDPR)
  • We will process the data in the legitimate interest to issue the guarantee certificate and to allow you to unlock the privileges we offer to our loyal customers (Art. 6 / 1 / f GDPR)
  • The special categories of personal data will be processed for the purpose of scheduling the participant (Art. 9 / 2 / h GDPR)

Who can we share your data with?

  • Providers of IT services for our company (hosting and data storage) or providers to whom we outsource certain technical support services for our website or providers of customer relationship management systems
  • Specialist technicians, specialist doctors
  • The provider of billing and accounting services
  • The provider of the card payment system
  • Private health insurance companies
  • Banca Transilvania
  • Web infrastructure and website security company
  • Regulatory and other government authorities, if required by legal or statutory requirements.

We will disclose your personal data only to the extent that this is strictly necessary to achieve the intended purpose. We have taken all necessary measures to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect data.

How long will we store the data?

  • The data entered in the participant file will be stored for 10 years in order to track the evolution of the condition over time.
  • The data entered in the financial-accounting documents (e.g. invoices, card payments, cash-on-delivery payments, etc.) will be kept in the archive for 5 years, starting from the end of the financial year during which they were drawn up, in accordance with the periods of the Accounting Law no. 82/1991 and Order 2634/2015.

Where is the data stored?

  • The data recorded in our data management system will be stored on the servers of the web hosting provider, located in the European Union.
  • The data we download locally will be stored on our secure, on-premises and cloud servers located in the European Union or the US.

3. Commercial and marketing communications

We may send you information about our products and the services we offer if you have requested this information (via email or contact page) or if you are already our customer and this information may be of particular interest to you.

Personal data

Name, first name, phone number, email address

Legality of processing

  • We process your data to take steps at the request of the data subject before concluding a contract (Art. 6 / 1 / b GDPR)
  • We process data based on your consent (Art. 6 / 1 / a GDPR), for marketing communications
  • We will process the data in legitimate interest if you are our customer and we believe that the information could be of great interest to you (Art. 6 / 1/ f GDPR)

Who can we share your data with?

  • Providers of IT services for our company (hosting and data storage) or providers to whom we outsource certain technical support services for our website or providers of customer relationship management systems
  • Marketing company for SEO optimization services
  • Web infrastructure and website security company
  • Regulatory and other government authorities, if required by legal or statutory requirements.

We will disclose your personal data only to the extent that this is strictly necessary to achieve the intended purpose. We have taken all necessary measures to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect data.

How long will we store the data?

  • We will not retain communications older than 1 year from the last interaction.
  • In the case of processing carried out in legitimate interest, when you are already our customer, we will continue to process your data for 3 years from the last date you benefited from our services.

Where is the data stored?

  • The data recorded in our data management system will be stored on the servers of the web hosting provider, located in the European Union.
  • The data we download locally will be stored on our secure, on-premises and cloud servers located in the European Union or the US.

4. We process data about you when you react to the content present on social networks or when you share information from the site

You can find us on Facebook, Instagram, LinkedIn and YouTube. Whenever you interact with us through our social media accounts (eg comments, likes, reviews, shares, etc.) we will have access to your publicly available data on your profile.

Personal data

Your name, photo, any publicly accessible information from your social media profile, or voluntarily communicated by you.

Legality of processing

  • We process your personal data to respond to your request before concluding a contract (Art. 6/1/b of Regulation (EU) 2016/679)
  • Following our legitimate interest (Art. 6/1/f of Regulation (EU) 2016/679) to respond to any question, suggestion or complaint you may send and to improve our services and the experience we offer to our customers , and in addition, pursuing our legitimate interest in keeping you informed of news that may be of interest to you

Who can we share your data with?

  • IT service providers for our company to whom we outsource certain technical support services for our website or customer relationship management system providers
  • Social media platforms: Facebook, Instagram, LinkedIn and YouTube
  • Marketing company for SEO optimization services
  • Web infrastructure and website security company
  • Regulatory and other government authorities, if required by legal or statutory requirements.

We will disclose your personal data only to the extent that this is strictly necessary to achieve the intended purpose. We have taken all necessary measures to ensure that external service providers who have access to your data have implemented physical, electronic and managerial security measures to protect data.

How long will we store the data?

  • We will not keep in our database communications older than 1 year, from the date of the last interaction.
  • Data shared with social media platforms will be stored by them in accordance with their own policies.

Where is the data stored?

  • The data recorded in our data management system will be stored on the servers of the web hosting provider, located in the European Union
  • Data shared with social media platforms will be stored by them in accordance with their own policies, located in the European Union or the US
  • The data we download locally will be stored on our secure, on-premise and cloud servers located in the European Union or the US

5. Facilitating an easy and pleasant navigation on our website

When you access our website, we collect data about you through online identifiers (cookies and IP). The website automatically collects certain information and stores it in log files.

We use this information to be able to design our website so that we can better adapt to the needs of our users. We may also use your IP address to help diagnose potential malfunctions of our servers and to administer our site, analyze trends, track visitor movements, and gather general demographic information to help identify visitor preferences.

You can find more information about cookies, as well as how to delete cookies and disable tracking by accessing  the Cookie Policy  available on our website.

Personal data

Internet Protocol (IP), general computer location, device (country level), website viewing history, timestamp, request / action

Legality of processing

We use cookies that make your navigation on our website easy and pleasant, in our legitimate interest (Art. 6 / 1 / f GDPR)

– Non-essential cookies are not used without your consent (Art. 6 /1 / a GDPR)

Who can we share your data with?

  • Providers of IT services for our company (hosting and data storage) or providers to whom we outsource certain technical support services for our website or providers of customer relationship management systems
  • Google
  • Marketing company for SEO optimization services
  • Web infrastructure and website security company
  • Regulatory and other government authorities, if required by legal or statutory requirements.

How long will we store the data?

See Cookie Policy

Where is the data stored?

  • Data is stored on servers located in the European Union (e.g. Google servers – Ireland for third-party cookies)
  • The data we download locally will be stored on our secure, on-premise and cloud servers located in the European Union or the US

Are the data collected and processed by smartpedo.com safe?

We have implemented physical, electronic and managerial security measures to protect and secure the information we collect and process. But remember that, unfortunately, no data transmission is guaranteed to be 100% secure.

If you suspect a violation of the confidentiality of your data, please contact us immediately at registration@smartpedo.com .

Important:  After the end of the data retention period, your data will be deleted. If we consider that this data could help us improve the quality of products or services, we will continue using this data only after the irreversible anonymization of this data.

DATA PROCESSING OF MINOR PERSONS

smartpedo.com is not intended for and does not knowingly collect information from children under the age of 18 through the site. Access to and use of the site by minors constitutes the implied consent of the legal guardian to the navigation of our site by the dependent minor. Also if we discover that a minor has used our site without the approval of the legal representative, we will delete all personal data about him.

INTERNATIONAL TRANSFERS OF PERSONAL DATA

SmartPedodontics shares personal data with partners operating outside the European Economic Area (“EEA”).

List of international partners with whom we share data:

  • Cloud provider: Apple
  • Third parties placing cookies: Google
  • Online platforms: Facebook, Instagram, LinkedIn, YouTube

Personal data may be stored and processed in any country where we employ service providers. We may transfer the personal data we maintain about you to recipients in countries other than the country where the personal data was originally collected, including to the United States. These countries may have data protection rules that are different from your country. However, we will take steps to ensure that any such transfers comply with applicable data protection laws and that your personal data remains protected according to the standards described in this privacy policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may have the right to access your personal data.

Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms:

  • EU Standard Contractual Clauseswith a non-EEA or UK data recipient
  • Verifying that the recipient has implemented  mandatory corporate rules
  • We will also ensure that all our international partners have adopted  additional measuresto provide adequate safeguards, enforceable rights and effective legal remedies. The role of these measures is to provide additional guarantees to data subjects that the transfer of data under standard contractual clauses or binding corporate rules provides a level of protection equivalent to that guaranteed within the European Union.

THE RIGHTS YOU ENJOY

As a data subject you have specific legal rights regarding your personal data that we collect and process. Smartpedo.com respects your rights and ensures that it properly takes your interests into account.

Withdrawal of consent

If the processing is based on your consent, you can withdraw your consent for that processing at any time.

Rectification of data

If you notice that we have incorrect personal data, you can ask us at any time to correct your personal data. We use reasonable efforts to keep personal data – which is used on an ongoing basis and which is in our possession or control – accurate, complete, current and relevant, based on the most recent information available to us.

Restriction of processing

If you are in one of the situations below, you can ask us to restrict the processing of your data:

  • contest the correctness of the personal data for the period in which we have to verify the accuracy,
  • the processing is unlawful and you request restriction of processing rather than deletion of personal data,
  • we no longer need your personal data, but you require it to establish, exercise or defend a right, or
  • you object to the processing during the period in which we check whether our legitimate reasons take precedence over your rights.

Access to your data

You can ask us for information about the personal data we hold about you, including information about what categories of data, what it is used for, where we collected it from, if it is not collected directly from you. and to whom they were disclosed, if applicable. You may obtain a copy from us free of charge containing the personal data we hold about you. We reserve the right to charge a reasonable fee for abusive requests.

The right to portability

Upon request, we will transfer personal data to another operator, where technically possible, provided that the processing is necessary for the execution of a contract. Rather than receiving a copy of your personal data, you can request that we transfer your data directly to another operator specified by you.

The right to erasure

You can obtain from us the deletion of your personal data if:

  • your data are no longer necessary for us in relation to the purposes for which they were processed;
  • object to the further processing of personal data (see Right to object below);
  • personal data have been processed illegally;
  • withdraw your consent on the basis of which the processing takes place

Unless the processing is necessary:

  • in order to fulfill a legal obligation that requires us to process that data;
  • in particular for legal requirements regarding data retention periods;
  • for establishing, exercising or defending a right in court.

The right of opposition

You can object at any time to the processing of your personal data due to your special situation. In this case, we will no longer process the personal data, if we cannot demonstrate well-founded, legitimate reasons and a major interest for the processing or for establishing, exercising or defending a right. When you object to the processing, please indicate whether you want the deletion of your personal data or the restriction of the processing of such data.

The right to file a complaint

In case of an alleged violation of the legislation in force regarding confidentiality, you can file a complaint with the supervisory authority for data protection: the National Supervisory Authority for the Processing of Personal Data by filling out the online form available at:  ANSPDCP Complaints .

To remember!

Time frame:  We will try to resolve your request within 30 days. However, the period may be extended for reasons related to the specific legal right or the complexity of the request.

Access restriction:  In certain situations, we may not be able to grant you access to all or part of your personal data due to restrictions imposed by law. If we refuse your access request, we will tell you the reason for the refusal.

Impossibility of identification:  In some cases, we may not be able to identify personal data due to the lack of identifiers provided in the request you submit to us. In such cases, if you do not provide additional information that allows you to be identified, we will not be able to comply with the request to exercise the legal rights as described in this section.

Exercising your legal rights

To exercise your legal rights, please contact our Data Protection Officer in writing or in text form, at the email address registration@smartpedo.com.

Thank you for reading our privacy policy and we would appreciate it if you could give us your feedback so that we can improve this policy!