Privacy Policy

1. Data Controller Identity

The operator of the dentisti.pro platform is the Data Controller for platform-level personal data (such as clinic staff accounts and billing information), in accordance with Regulation (EU) 2016/679 (GDPR). Each dental clinic using our platform acts as an independent Data Controller for their own patients' health data.

For the purposes of this Privacy Policy, "personal data" means any information relating to an identified or identifiable natural person.

Registered Office:
dentisti.pro SRL
Via Example 123, 00100 Rome, Italy
VAT ID: IT12345678901
Email: privacy@dentisti.pro

dentisti.pro processes clinic patient data strictly as a Data Processor under Article 28 GDPR, pursuant to the terms set forth in our Data Processing Agreement.

2. Data Protection Officer

Where required under Article 37 GDPR (for example, due to the large-scale systematic processing of special category health data), a Data Protection Officer (DPO) may be appointed. Contact details are provided below.

Contact the DPO

Email: dpo@dentisti.pro
Postal: Data Protection Officer, dentisti.pro SRL, Via Example 123, 00100 Rome, Italy
Response Time: We aim to respond to GDPR-related inquiries promptly.

Where a DPO is appointed, they are involved in data protection issues and report to the highest management level.

3. What Data We Collect

Our platform is designed for dental clinic management. The following categories of personal data are processed:

3.1 Patient Data (Special Category — Article 9 GDPR)

Data Category	Examples	Sensitivity
Identity Data	Full name, date of birth, tax ID, nationality, gender	Special
Contact Data	Phone number, email address, residential address, emergency contacts	Personal
Health Data	Dental chart records, X-rays, diagnoses, treatment plans, allergies, medical history, medications, periodontal indices	Special
Financial Data	Insurance provider, policy numbers, payment history, invoicing data	Personal
Appointment Data	Visit dates, treatment types, duration, attending clinician, no-show history	Personal
Communication Data	WhatsApp message logs, email correspondence, SMS delivery status, consent records	Personal
Imaging Data	Intraoral photographs, panoramic X-rays, CBCT scans, 3D models (STL files)	Special

3.2 Clinic Staff Data

Data Category	Examples	Sensitivity
Account Data	Name, email, password hash, role, permissions, 2FA settings	Personal
Activity Logs	Login timestamps, IP addresses, actions performed, audit trails	System
Profile Data	Avatar, signature image, professional license number, specialization	Personal

3.3 Clinic Data (Controller-level)

Clinic name, address, VAT number, registration details
Bank account details for SaaS subscription billing
Branding assets (logo, color scheme)
API keys and webhook configurations

3.4 Automatically Collected Data

Technical Data: IP address, browser type and version, operating system, device identifiers, screen resolution
Usage Data: Page views, feature usage patterns, session duration, click paths, error logs
Security Data: Failed login attempts, CSRF token validations, anomaly detection flags

4. Legal Basis for Processing

Under Article 6 GDPR, we process personal data on the following legal bases:

Legal Basis	Article	Applies To
Contractual Necessity	Art. 6(1)(b)	Processing required to provide the SaaS platform to clinics: account management, appointment scheduling, treatment recording, billing generation. Patient data is processed under the dental treatment contract between the clinic and the patient.
Legal Obligation	Art. 6(1)(c)	Retention of clinical records per national dental/medical laws (typically 7-10 years), tax record keeping, health authority reporting obligations, court order compliance.
Explicit Consent	Art. 6(1)(a) + Art. 9(2)(a)	Marketing communications (where permitted), WhatsApp/SMS appointment reminders (opt-in), optional analytics cookies, participation in anonymized research datasets, photo/video use for educational purposes.
Legitimate Interests	Art. 6(1)(f)	Platform security (fraud prevention, intrusion detection), system optimization, aggregated analytics for platform improvement, customer support, debt collection for unpaid subscriptions. Balanced against data subject rights.
Vital Interests	Art. 6(1)(d)	Emergency situations where patient life is at risk and immediate access to allergy/contraindication data is required.

4.1 Special Category Data — Article 9 GDPR

Health data (dental records, X-rays, diagnoses) is special category data under Article 9 GDPR. We process this data because:

Art. 9(2)(h): Processing is necessary for healthcare provision, health data management, and medical diagnosis by registered dental professionals
Art. 9(2)(i): Processing is necessary for public health purposes (disease registries, epidemiological tracking where mandated by law)
All clinics using our platform are required to have appropriate medical professional registrations and are themselves Data Controllers for patient health data

5. Processing Purposes

Personal data is processed exclusively for the following specified, explicit, and legitimate purposes:

Clinical Management: Creating and maintaining patient dental charts, treatment plans, procedure logs, and clinical notes
Appointment Coordination: Scheduling, rescheduling, sending reminders via WhatsApp/SMS/email, managing waitlists
Billing & Insurance: Generating invoices, processing insurance claims, tracking payments, producing financial reports
Communication: Coordinating between clinic staff and patients, sending automated reminders, marketing communications (with consent)
Analytics & Reporting: Clinic performance dashboards, revenue tracking, appointment statistics, treatment outcome metrics
Security & Audit: Access logging, anomaly detection, forensic investigation in case of security incidents
Platform Improvement: Aggregated usage analytics to improve features, user interface optimization, bug fixing
Compliance: Fulfilling legal and regulatory obligations, responding to data subject rights requests, regulatory authority cooperation

We do NOT use personal data for automated decision-making (including profiling) that produces legal effects or similarly significant effects on data subjects.

6. Data Retention Periods

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law:

Data Category	Retention Period	Legal Basis / Rationale
Patient clinical records (charts, X-rays, diagnoses)	7 years from last treatment	Italian Dental Code (Codice Deontologico) and EU medical record retention requirements. Some jurisdictions require up to 10 years for minor patients.
Appointment records & schedules	7 years	Tied to clinical record retention for audit and malpractice defense purposes.
Billing & invoice data	10 years	EU VAT Directive and national tax codes require invoice retention for tax audit purposes.
System activity logs (audit trails)	6 years	Statute of limitations for civil liability claims and regulatory compliance verification.
Security logs (failed logins, access attempts)	2 years	Security incident investigation and regulatory defense.
Backups (encrypted)	30 days rolling	Disaster recovery purposes. Backups are automatically purged after 30 days.
Deleted account data	90 days (soft delete) + retention period above	Grace period for accidental deletion recovery, then permanent deletion per category schedules.
Marketing consent records	Duration of consent + 2 years	Proof of consent for regulatory defense. Deleted upon consent withdrawal.
Cookie consent records	1 year	ePrivacy Directive compliance and consent renewal cycle.

After the retention period expires, data is securely deleted using methods appropriate to the storage medium, which may include cryptographic erasure, secure overwrite, or physical media destruction for offline archives.

7. Your Data Subject Rights

Under Articles 15–22 GDPR, you have the following rights regarding your personal data. As a patient, you should exercise these rights directly with your dental clinic (the Data Controller). Clinic staff should contact our DPO for platform-level data operations.

Right of Access

Art. 15 — Obtain confirmation of processing and a copy of your personal data

Right to Rectification

Art. 16 — Request correction of inaccurate or incomplete data

Right to Erasure

Art. 17 — Request deletion when data is no longer necessary ("Right to be Forgotten")

Right to Restrict

Art. 18 — Request limitation of processing while disputes are resolved

Right to Portability

Art. 20 — Receive data in structured, machine-readable format (JSON/XML export)

Right to Object

Art. 21 — Object to processing based on legitimate interests or direct marketing

7.1 How to Exercise Your Rights

For Patients:

Contact your dental clinic directly. They are the Data Controller for your health records.
Clinics can export your complete record in JSON format using our built-in Data Portability tool.
If the clinic fails to respond within 30 days, contact our DPO at dpo@dentisti.pro for escalation.

For Clinic Staff:

Use the in-app Data Subject Request module under Settings → Compliance → GDPR Requests
All requests are logged with timestamps and audit trails for regulatory compliance
Our platform auto-generates response packages (data exports, rectification logs, erasure certificates)

7.2 Limitations on Rights

Certain rights may be limited where necessary for:

Compliance with legal obligations (e.g., mandatory medical record retention periods)
Establishment, exercise, or defense of legal claims (malpractice litigation)
Protection of the vital interests of the data subject or another person
Performance of a task carried out in the public interest

Where a right is limited, we will inform you of the reasons and your right to complain to a supervisory authority.

8. Subprocessors & International Transfers

We engage the following subprocessors to deliver our services. All subprocessors are bound by Data Processing Agreements compliant with Article 28 GDPR:

Subprocessor	Function	Location	Data Types	Transfer Safeguards
Stripe, Inc.	Payment processing for SaaS subscriptions	USA	Card data (tokenized), billing address, transaction metadata	EU Standard Contractual Clauses (2021/914) + Stripe's EU Data Processing Addendum
PokPay	Alternative payment processing (regional)	EU (Lithuania)	Payment tokens, transaction records	Intra-EU transfer — no additional safeguards required under Chapter V GDPR
Hostinger	Infrastructure hosting (VPS, CDN, object storage)	EU (Netherlands, Lithuania)	All platform data (encrypted at rest and in transit)	Intra-EU transfer — DPA in place
WhatsApp Business API	Appointment reminders and patient communication	EU (Ireland, Germany)	Phone numbers, message content, delivery status	Meta EU Data Processing Terms + SCCs for any US processing
AWS EU (Frankfurt)	Encrypted backup storage (cold archive tier)	EU (Germany)	Encrypted backup snapshots	Intra-EU transfer — AWS EU DPA

8.1 Cross-Border Transfer Policy

EU-First

Primary data hosting is exclusively within the European Union (Netherlands, Lithuania, Germany)
Personal data is NOT transferred to the United States for storage or primary processing
Where US-based services are used (e.g., Stripe for payment processing), only tokenized/non-identifiable data is transmitted, and Standard Contractual Clauses with additional technical safeguards (encryption) are implemented
We do not use US cloud services (Google Cloud US, Azure US, AWS US) for storing personal data
No data is transferred to third countries without appropriate safeguards under Chapter V GDPR

8.2 Subprocessor Changes

We will notify all clinics of any intended changes concerning the addition or replacement of subprocessors at least 30 days in advance, giving clinics the opportunity to object. Objections will be evaluated on data protection grounds.

9. Security Measures

We implement appropriate technical and organizational measures (TOMs) to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR:

9.1 Technical Measures

We implement security measures proportionate to the risks of processing health data. The specific measures in place depend on the hosting environment and plan tier, and may include:

Encryption: Database and file storage encryption using industry-standard algorithms. TLS is enforced for data in transit where supported by the hosting environment.
Access Control: Role-based access control (RBAC) with principle of least privilege. Multi-factor authentication (TOTP) is supported where configured.
Session Security: Secure session tokens with HttpOnly and SameSite=Strict cookie attributes. Sessions time out after a period of inactivity.
API Security: CSRF tokens on state-changing operations, input validation, and parameterized database queries to mitigate injection attacks.
Infrastructure: Hosting provider security controls (firewall, DDoS mitigation) as provided by the underlying infrastructure vendor.
Backup Security: Encrypted backups with rolling retention. Restoration testing is performed periodically.

9.2 Organizational Measures

Personnel with data access are bound by confidentiality obligations
Data protection considerations are included in system design and changes
Incident response procedures are documented and reviewed periodically
Security assessments are conducted on a risk-based schedule
Data minimization by design — only fields required for dental practice are collected
Pseudonymization or aggregation is used for analytics datasets where feasible

10. Cookies & Tracking Technologies

We use cookies and similar technologies for the following purposes:

Cookie Name	Purpose	Type	Duration	Legal Basis
`dental_sess`	Session management — maintains your authenticated state across page loads	Necessary	Session (browser close)	Art. 6(1)(b) — Contract
`csrf_token`	Security token preventing Cross-Site Request Forgery attacks on forms	Necessary	Session	Art. 6(1)(f) — Legitimate Interest (security)
`consent_prefs`	Stores your cookie consent preferences so we don't ask repeatedly	Necessary	1 year	Art. 6(1)(c) — Legal Obligation (ePrivacy)
`theme_pref`	Remembers your interface theme preference (light/dark/system)	Functional	1 year	Art. 6(1)(a) — Consent
`locale`	Stores your selected language preference for interface localization	Functional	1 year	Art. 6(1)(a) — Consent

Non-essential cookies (Functional, Analytics, Marketing) are blocked until you provide consent via our cookie banner. You can update your preferences at any time by clicking the Cookie Settings link in the footer.

We do NOT use third-party marketing cookies, social media trackers, or advertising pixels.

11. Personal Data Breach Notification

In accordance with Articles 33 and 34 GDPR:

We maintain a Personal Data Breach Register documenting breaches, including facts, effects, and remedial actions
In the event of a breach likely to result in a risk to the rights and freedoms of natural persons, we will notify the relevant Supervisory Authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach
If the breach is likely to result in a high risk to data subjects, we will communicate directly to affected individuals without undue delay
All clinics using our platform will be notified of any breach affecting their patient data as soon as practicable
Security inquiries can be directed to security@dentisti.pro

12. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement.

For Italy:

Garante per la Protezione dei Dati Personali
Piazza Venezia 11, 00187 Roma, Italy
Website: www.garanteprivacy.it
Email: garante@gpdp.it

We encourage you to contact our DPO first at dpo@dentisti.pro so we can attempt to resolve your concern directly and promptly.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or service offerings. Material changes will be notified to clinic administrators via email and in-app notifications at least 30 days before taking effect.

The current version is always available at dentisti.pro/privacy-policy.

Table of Contents