PRIVACY POLICY
.dentalflow Privacy Policy
DentalFlow Privacy Policy: Protecting Your Data with Care
At DentalFlow, we are committed to protecting the privacy and personal data of our clients (dental clinics), their patients, and visitors to our website and services. This Privacy Policy explains how DentalFlow ("we," "us," or "our") collects, uses, stores, and protects personal information in connection with our AI-driven patient flow system designed for dental clinics. Our services include a SmartSite (customized website), SmartAssist (AI chatbot), SmartHub (patient information portal), and SmartReach (automated email/SMS campaigns), as described on our website (https://godentalflow.com/home-page862446-8997-4095). This policy complies with the General Data Protection Regulation (GDPR), the Norwegian Personal Data Act, and other applicable data protection laws. If you have any questions about this policy, please contact us at [email protected].
1. Scope of This Policy
This Privacy Policy applies to dental clinics using DentalFlow’s services, patients interacting with DentalFlow’s services through clinic websites, chatbots, or communications, visitors to our website (https://godentalflow.com) or related pages (e.g., https://godentalflow.com/home-page862446-8997-4095), and individuals booking demos or contacting us via our website.
2. Data Controller
DentalFlow acts as a data processor on behalf of dental clinics (data controllers) for patient-related data processed through our services. For data collected directly from website visitors or demo bookings, DentalFlow is the data controller. Our contact details are: Email: [email protected]. [Insert Physical Address of DentalFlow, if applicable, or specify “Contact via email” if no physical office.]
3. Information We Collect
We collect and process various types of personal data. From dental clinics, we collect business information such as clinic name, address, contact details, branding preferences, and services offered, as well as staff information including names, email addresses, and phone numbers for account management and support, and payment information like billing details (e.g., credit card or bank account information) for subscription payments. From patients interacting with a clinic’s DentalFlow-powered services (SmartSite, SmartAssist, SmartHub, SmartReach), we may process personal identifiers such as name, email address, phone number, and address, health-related data including appointment details, treatment inquiries, or preferences (e.g., interest in specific dental procedures), interaction data like questions asked via SmartAssist, pages visited on SmartHub, or responses to SmartReach campaigns, and technical data such as IP address, browser type, device information, and cookies when interacting with clinic websites. From website visitors, we collect contact information including name, email, phone number, and message content when booking a demo or submitting inquiries via https://godentalflow.com/home-page862446-8997-4095, technical data like IP address, browser type, device information, and cookies for analytics and website functionality, and marketing data such as preferences for receiving newsletters or promotional materials. We also process special categories of data, such as health-related data (e.g., treatment inquiries), which is considered sensitive under GDPR, but only with explicit consent or as necessary for the provision of dental services by clinics.
4. How We Collect Data
We collect data through direct interactions, such as when clinics sign up, patients book appointments, or visitors submit forms (e.g., demo bookings), through automated technologies like cookies, analytics tools (e.g., Google Analytics), and SmartAssist chatbot interactions, and via third-party integrations from platforms like GoHighLevel (for funnel and campaign management), Calendly (for demo bookings), and email/SMS providers (for SmartReach).
5. Purposes and Legal Bases for Processing
We process personal data for various purposes with corresponding legal bases under GDPR. For providing SmartSite (clinic websites), we process clinic branding and patient contact details based on our contract with clinics and legitimate interests in patient services. To operate SmartAssist (AI chatbot), we process patient inquiries and contact details with patient consent and under our contract with clinics. For maintaining SmartHub (patient information portal), we process patient browsing data and treatment inquiries with patient consent and for legitimate interests in education. To deliver SmartReach (email/SMS campaigns), we process patient contact details and campaign responses with consent for marketing and under our contract with clinics. For managing demo bookings, we process visitor contact details with consent and for legitimate interests in business development. To improve services and analytics, we process technical and interaction data for legitimate interests in service optimization. Finally, to comply with legal obligations, we process all relevant data as required by law, such as tax and data protection laws.
6. Data Sharing
We share personal data only as necessary. Patient data is shared with the relevant dental clinic to facilitate appointments and services. We use third-party processors, including GoHighLevel for website hosting, funnels, and campaign management, Calendly for scheduling demo bookings, email/SMS providers like Mailchimp or Twilio for SmartReach communications, analytics tools such as Google Analytics for website performance, and hosting providers like AWS for secure data storage. We may disclose data to authorities if required by law (e.g., tax authorities, police). In case of a merger or acquisition, data may be transferred to a successor entity. All third-party processors are GDPR-compliant and bound by data processing agreements.
7. International Data Transfers
DentalFlow primarily operates within the EEA, but some third-party providers (e.g., GoHighLevel, Calendly) are based in the United States. We ensure international transfers comply with GDPR through Standard Contractual Clauses (SCCs), which are legal agreements ensuring adequate data protection, adequacy decisions where applicable (e.g., for countries recognized by the EU as having adequate protections), and data minimization by limiting transferred data to what is strictly necessary.
8. Data Retention
We retain personal data only as long as necessary. Clinic data is retained for the duration of the subscription plus 5 years for legal and tax purposes. Patient data is retained as instructed by the clinic, typically until the patient relationship ends or as required by health regulations. Visitor data is retained for 1 year for demo inquiries or until consent is withdrawn for marketing. Technical data is retained for up to 26 months, the default for Google Analytics. Data is securely deleted or anonymized when no longer needed.
9. Data Security
We implement robust security measures, including encryption of data in transit using SSL/TLS and at rest using AES-256, access controls with role-based access for DentalFlow staff and clinic administrators, regular security audits of systems and third-party providers, and incident response procedures for detecting and reporting data breaches within 72 hours, as required by GDPR.
10. Your Rights
Under GDPR and Norwegian law, you have several rights regarding your personal data. You can request access to a copy of your data, correct inaccurate data, request deletion of data (subject to legal obligations), limit processing in certain cases, receive your data in a machine-readable format, object to processing based on legitimate interests (e.g., marketing), withdraw consent to stop processing where consent is the legal basis, and not be subject to solely automated decisions (DentalFlow does not use such decisions). To exercise your rights, contact us at [email protected]. We will respond within 1 month, extendable to 2 months for complex requests. If you are a patient, we may need to coordinate with your dental clinic.
11. Cookies
Our SmartSite and website (https://godentalflow.com) use cookies for essential functions like website navigation and session management, analytics to track visitor behavior (e.g., Google Analytics), and marketing to personalize ads and demo booking experiences. You can manage cookie preferences via the cookie banner on our website. For details, see our Cookie Policy [link to separate Cookie Policy, if applicable, or integrate here].
12. Third-Party Links
Our website and clinic SmartSites may contain links to third-party websites (e.g., Calendly, social media). We are not responsible for their privacy practices. Please review their policies before sharing data.
13. Children’s Privacy
DentalFlow’s services are not directed at individuals under 16. We do not knowingly collect data from children without parental consent. If we learn such data has been collected, we will delete it promptly.
14. Complaints
If you have concerns about our data practices, please contact us at [email protected]. You may also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet) at their website (https://www.datatilsynet.no), email ([email protected]), or address (Datatilsynet, P.O. Box 458 Sentrum, 0105 Oslo, Norway). You may also contact the data protection authority in your country of residence.
15. Changes to This Policy
We may update this Privacy Policy to reflect legal or operational changes. Significant updates will be communicated via email or a notice on our website (https://godentalflow.com). The latest version is always available at [insert URL, e.g., https://godentalflow.com/privacy-policy].
16. Contact Us
For questions or to exercise your rights, contact our Data Protection Officer via email at [email protected]
Connect
© {{location.name}} {{right_now.year}}
All Rights Reserved
