Skip to content
Smilefix

Privacy statement

Privacy Statement

Updated 30.9.2022

1.General

Data protection means protecting personal data and safeguarding appropriate data processing. Personal data is data related to an identified or identifiable person. In the following, “Studiodent” and “we” will refer to the processing of personal data within the Studiodent Ltd (“Studiodent” or “we”) regarding Smilefix service we provide. Studiodent processes your data with due care, in accordance with all applicable laws and regulations, as applicable. In this Privacy Statement, we provide information about the processing of personal data at Studiodent, what personal data we process, how we use your data and what rights you have regarding the processing of your data.

This Privacy Statement may be updated from time to time. You can find the current version on our website www.smilefix.net or from our web application. This Privacy Statement applies to all personal data that Studiodent processes as a controller during the provision of our services.

In some cases, we might be also processors of personal data. In these cases, we deliver the personal data on behalf of third party service providers, such as oral care service providers in accordance with data processing agreement and you are informed about your rights by such third party controller.

2. Whose and what personal data do we process?

We process in relation to Smilefix service information of our service users. Personal data is usually collected directly from you, or it is obtained from the use our digital services. Sometimes we may also require additional information to keep the data up to date or to ensure that the information we receive is correct.

The personal data collected by us can be divided as follows:

·Basic information, such as customer’s name

·Interaction information, such as communications, co-operation, or information on the website users, digital service event logs, cookie data and contacts with other customers.

· Usage information of our web application

Personal data we collect from you

From end-users of our digital services, we process information that (i) you provide to us and (ii) observe from the use of our services.

In our business operations, we process basic information, interaction information, contract information and other information provided by our customers, staff members and contact persons of institutions closely related to our operations.

The health-related information processed through our web application we process on behalf of controller such as oral healthcare service providers. The processing of such data is conducted under data processing agreement and is subject to your prior approval in accordance with applicable data protection law.

Personal data that we can collect from sources other than you

We collect personal data from publicly available sources, such as registers maintained by authorities (e.g. Population Register, the Tax Administration’s registers, company registers and supervisory authorities’ registers) and publicly available profiles social media (such as job applicants information from LinkedIn), if it is necessary for the purposes listed below.

4. How can we process your personal data and on what legal bases?

Concluding and managing service and product agreements (performance of a contract)

The primary purpose of personal data processing is to manage and carry out the tasks specified in the contract. This means for example customer or other cooperation relationship management, support and communication (including feedback and complaint handling), maintenance, software and system updates, user identification as well as for diagnostic and repair purposes.

Customer communications, marketing, product and customer analyses, information security and fraud prevention (legitimate interest)

We have a legitimate interest to process personal data for customer communications and in connection with marketing, product and customer analyses. This allows us to improve our product range and optimise the services offered to customers. We market, for example, our products and services to existing and potential customers electronically. We also send customer communications (e.g. newsletters and feedback surveys) to our existing customers. The tag used in the email links we send can be used to associate the email sent to you with the customer information we hold on you. The use of the tag allows you to manage your personal communication settings through the links in the emails sent to you.

The following purposes based on legitimate interests pursued by us:

·We shall use your device information, usage data to analyse and improve our services and user experience. You can object to such processing.

·In addition, we use your personal data for information security purposes and to detect or prevent various types of misuse of services and frauds based on our legitimate interest in order to provide you with secure and reliable services.

Compliance with requirements and obligations laid down in the law (statutory obligation)

Compliance with the obligations laid down in the law, regulations and decisions issued by authorities may require us to process personal data. Examples of statutory obligations that require the processing of personal data:

·accounting and tax regulations

·regulatory reporting

Consent

In certain situations, we ask for your consent to process your personal data. Such situations may include, for example, consent to electronic direct marketing in certain cases. The consent request contains information on the processing of such data. If you have given your consent to the processing of your personal data, you also have the right to withdraw your consent.

5. Automated decision-making and profiling

Automated decision-making means making decisions based solely on automated processing of personal data. We don’t use automated decision-making in our business operations.

Profiling means automated processing of personal data, involving, for example, the assessment or anticipation of a person’s areas of interest or behavior. We use profiling to target direct marketing on third party advertising platforms. The targeting of online advertising is based on website visitor data: visitors can be shown, for example, advertisements on products and services related to pages they have visited earlier. The profiling carried out in connection with marketing does not include automated decision-making that has significant legal effects.

6. Sharing of personal data

We may share your personal data in the following situations:

· Our digital application supports sharing of your data and inquiry to certain oral health care providers and dentists. Such data sharing is conducted only based on your prior authorization. These organizations are separate controllers of data you share with them. You may find more details of their processing of personal data from the privacy statement of these controllers. We recommend you to read carefully the privacy statements/policies of the controllers you are sharing your app data with. We deliver the data on behalf of controller in question. Moreover, we may use the data (such as demographic data, geographical location, a summary of the responses) for analytics purpose in order to analyze data for product development under legitimate interest (see more information in chapter 4). Data used for product development purposes doesn’t include data concerning health.

· When our digital marketing activities utilise different third-party advertising platforms' features, we may target you by uploading your information (e.g. a hashed email address or phone number) to such platform. We may also use third-party tracking platforms, which collect data about how users interact with our ads for ads attribution analysis and effect evaluation purposes. Such third parties are operating under contract and acting on behalf of us and include data transfers to partners located in the US.

·Our third-party vendors, who provide us with IT (including cloud-based) and business support. All such third parties are operating under contract and acting on behalf of us.

·When required in response to a legal process or request from a competent authority according to applicable laws or in connection with a legal proceeding or process.

·When required as part of a merger, acquisition, sale of assets (such as service agreements) or transition of service to another group entity or another company.

When transferring and disclosing your data outside the EU/EEA, where the local law may not provide the same level of protection as in the EU/EEA, we shall comply with applicable legal requirements for providing adequate safeguards to such transfers by incorporating the European Commission's Standard Contractual Clauses (SCC) or by requesting your prior consent.

7. How long do we store your data?

We will only retain your data as long as it is necessary for the performance of the contract and as long as required by the provisions laid down by laws and regulations concerning the retention of the data.

We retain the data of customers for a maximum of 2 years since the date of last personal communication with the customer. Oral health care service providers we deliver the data through our service are separate controllers. You may find the storage periods they follow from their privacy statement.

If we retain your data for purposes other than the performance of a contract, such as accounting requirements, we will retain the data only if it is necessary for that purpose and/or provided for by law and regulations.

8. What Are Your Rights and Options?

You have the following rights and options:

8.1 Access your data

You can request information and a copy of your personal data that we have collected and stored in relation to our services.

8.2 Rectify your data

To keep your data up-to-date and accurate, you can access and modify your data by contacting us.

8.3 Port your data

You can port the personal data that you have provided to us in relation to our services in a commonly-used and machine-readable format.

8.4 Erase your data

You may at any time:

· Contact us if you think the processing of your personal data is unlawful and your data should be erased.

We will erase or anonymise your personal data within a reasonable period of time based on your aforementioned actions and in accordance with the retention periods.

8.5 Withdraw your consent

You may withdraw your consent if you have given one.

8.6 Object to processing

You may object to processing based on legitimate interest.

8.7 Restrict processing

If you want to restrict the processing of your personal data, please contact us. You have the right to restrict the processing of your data under the following circumstances:

· Your data is unlawfully processed, but you do not want to erase it.

· You have a legal claim that you need to establish, exercise, or defend, and you requested us to keep your data when we would not keep it otherwise.

· You have contested the accuracy of your personal data and the accuracy of your data is pending our verification.

· Your request for objection is pending our verification process.

8.8 General on data subject rights and right to lodge a complaint

When making the request to exercise your data subject rights, please specify the scope and the grounds for the request and provide us with the email address or phone number that you use our services. We will contact you to verify your identity to proceed with your request. Please consider that rights under data protection regulation are not absolute. We exercise rights in accordance with applicable law and applicability of the relevant right is assessed case by case. For example, if you make a request for deletion of your data and we are required by applicable law to retain such personal data, we may not be able to comply with your request.

If your request concerns data we are processing on behalf of controller, we shall forward your request to the relevant controller.

If you find the processing of your personal data to conflict with the applicable legislation, you have the right to lodge a complaint with the Finnish Data Protection Ombudsman.

9. How to Contact Us?

The controller of the processing of the personal information is: Studiodent Ltd with a company ID 2191220-1. You can contact us at support@smilefix.net.

10. Applicability and changes

We encourage you to regularly check for the latest version of this Statement as we may update it from time to time. In the event of material changes to this Statement, we will notify you in advance by means of notification dialogs, push messages, emails, and so on, depending on the nature of the change.