Email: firstname.lastname@example.org with “Attn: Data protection officer” in the subject header (the “Data Protection Contact”)Web: www.archform.co
Types of Personal Data We Process
We collect Personal Data of customers, patients of our customers (including their former, potential and current patients), and Site visitors when and if you register an account through the Site. Such information may include your name, address, telephone number, email address, date of birth or age, gender, income information, credit card and other financial information related to payments for services, dental records, physician information, photographs and other information you choose to provide of you and your patients. In addition, when visiting the Site we may collect sensitive data about patients of our customers such as health information regarding their teeth, including images of their teeth.
On occasions you may choose to provide us with Personal Data about other people so that, for example, we can provide our services to your patients. You must only share their Personal Data with us if you have obtained their consent and permission to do so.
In the European Union (EU), “personal data” is defined very broadly and includes any information relating to a natural person, who can be identified, directly or indirectly, from data that we hold about them or from data that is combined with other information. It may include data relating to our employees, customers, patients, shareholders, contractors or the staff of our suppliers, visitors to our buildings or Site users.
Purposes for Which We Process Personal Data
ArchForm needs to process a certain amount of Personal Data about you and the individuals whose information you provide for a variety of business purposes, including:
We do not share, trade, or sell information about you or which you provide with other marketers without providing you notice or obtaining consent to do so. We may share your information and information you provide with affiliates, as well as with vendors we've hired to assist in providing products and services. As of the date this policy went into effect, we use Meteor’s Galaxy and Amazon’s AWS service to store some information. You can read more about Galaxy here and AWS security and compliance here.
Legal Ground for Processing the Personal Data
EU Data protection law requires us to have a legal basis before processing any Personal Data about you or which you provide. The legal basis for us processing your Personal Data and the Personal Data you provide for the above purposes may include any of the following: (i) you have provided your consent or obtained the necessary consent; (ii) it is necessary to for the performance of a contract with you; (iii) the processing is necessary for our compliance with a legal obligation; or (iv) the processing is in our legitimate interests of operating and promoting our business.
To the extent provided by applicable law, you or any individual who you have provided Personal Data for may withdraw any consent previously provided to us, or object at any time on legitimate grounds, to the processing of the applicable Personal Data. In some circumstances, withdrawing consent to ArchForm’s use or disclosure of the Personal Data will mean that you cannot take advantage of certain ArchForm products or services.
Disclosure of Information Relating to Data Subjects
in order for us to comply with our legal obligations, e.g. where we are required to disclose certain information to tax authorities;
to protect the security or integrity of our business, including our databases and systems;
to any of our affiliates or outsourced service providers, vendors, suppliers or distributors to facilitate the provision of contracted services or products or to provide expanded services to our customers and Site visitors;
for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution or similar event; and
to any other third party where you have provided your consent or obtained the necessary consent.
Security Measures Used to Protect the Personal Data
Consent to Processing Outside Home Country; International Transfer of Personal Data
Retention of Personal Data
Your Personal Data and the Personal Data you provide will be retained for the duration of our business relationship and for a period of time thereafter as required by applicable local law or where we have a legitimate and lawful purpose.
Data Subject Rights
Data protection laws often provide individuals with numerous rights, including the right to: access, rectify, erase, restrict and object to the processing of, their Personal Data. Individuals may also have the right to lodge a complaint with the local data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law. If you or others whose information you provide would like to exercise any of these rights, please contact ArchForm at email@example.com. To assist us in responding to such requests in a timely fashion, please include the phrase “Privacy Rights Request” in the title of the message.
Data subjects may, where permitted by applicable law, request copies of their Personal Data. This is known as a subject access request or “SAR”.
If a data subject would like to make a SAR, i.e., a request for copies of the Personal Data we hold about them, a data subject may do so by writing to the Data Protection Contact whose details are provided above. The request should make clear that a SAR is being made. We may ask the data subject to provide evidence of their identity if it is not clear.
Responding to a SAR can be a time consuming exercise. ArchForm may be able to get the information that the data subject requires more quickly if they are as specific as possible in their request (e.g., “I would like a copy of my Personal data contained in my website member account file”) or if the data subject would like a copy of a particular document it would be helpful if the document is described carefully, including the title, creation date, author and likely place of storage. This will help us to respond to the SAR as quickly as possible. The data subject may be asked for further details to assist us if insufficient information is provided.
Links to Other Websites
A cookie is a small piece of information which is sent to your browser and stored on your computer's hard drive, mobile phone or other device. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. However, some of the services and features offered through the Site may not function properly if your cookies are disabled.
The following are examples of cookies that may be used on the Site:
Strictly necessary cookies. These cookies are essential in order to enable you to move around the Site and use its features, such as allowing us to keep track of the images you upload and download. Without these cookies, services you have asked for cannot be provided.
Functionality cookies. These are used to recognize you when you return to the Site. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
If necessary to comply with applicable law, we will ask for your consent to place cookies on your device. Once your consent has been provided, this message will not appear again when you revisit. If you, or another user of your computer, wish to withdraw your consent at any time, you can do so by altering your browser settings.
When you visit the Site, we may allow some third parties (such as data analytics companies) to collect information about your online activities over time and across different websites. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. However, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, the Site currently does not alter their practices when they receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” visit http://www.allaboutdnt.com.