At Dentofacial Alignment Clinic (DAC), we value your privacy and are committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR). This page explains how we ensure compliance with GDPR requirements when collecting, using, and safeguarding your data.

1. What is GDPR?

The General Data Protection Regulation (EU) 2016/679, commonly known as GDPR, is a regulation in European Union (EU) law on data protection and privacy. GDPR strengthens individuals' rights to control their personal data and imposes obligations on organizations that process personal data.

2. Key GDPR Principles We Follow

DAC adheres to the following GDPR principles:

●     Lawfulness, Fairness, and Transparency: We process your data lawfully, fairly, and transparently.

●     Purpose Limitation: Your data is collected for specified, explicit, and legitimate purposes.

●     Data Minimization: We collect only the data necessary for the intended purpose.

●     Accuracy: We take steps to ensure your data is accurate and up-to-date.

●     Storage Limitation: We retain your data only as long as necessary for its purpose.

●     Integrity and Confidentiality: We process your data securely to protect it from unauthorized access, loss, or damage.

3. Your GDPR Rights

Under the General Data Protection Regulation (GDPR), you are entitled to specific rights concerning your personal data. We are committed to ensuring these rights are respected and upheld. Below is a detailed overview of your rights and how you can exercise them:

3.1 Right to Access

You have the right to request and obtain confirmation of whether we process your personal data. Additionally, you can request a copy of the data we hold about you, along with information on how it is being used, the purposes for processing, and any third parties with whom your data has been shared.

3.2 Right to Rectification

If the personal data we hold about you is inaccurate, incomplete, or outdated, you have the right to request corrections or updates. Ensuring the accuracy of your data allows us to provide the highest standard of care.

3.3 Right to Erasure ("Right to Be Forgotten")

You may request the deletion of your personal data in specific circumstances, such as when the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent. However, some data may be retained to comply with legal obligations or resolve disputes.

3.4 Right to Restrict Processing

You have the right to limit how your data is processed. This may apply if you contest the accuracy of the data, object to its processing, or if we no longer need the data but you wish to retain it for legal claims.

3.5 Right to Data Portability

You can request that your personal data be provided to you in a structured, commonly used, and machine-readable format. Additionally, you may request the transfer of this data directly to another data controller, where technically feasible.

3.6 Right to Object

You have the right to object to the processing of your data for certain purposes, including direct marketing. If you object, we will cease processing your data for these purposes unless we can demonstrate compelling legitimate grounds for the processing.

3.7 Right to Withdraw Consent

Where data processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

3.8 Right to Lodge a Complaint

If you believe your rights under GDPR have been violated, you can file a complaint with the relevant supervisory authority in your jurisdiction. We encourage you to contact us first so that we can address your concerns directly.

How to Exercise Your Rights

To exercise any of the rights listed above, please contact us using the information provided in the Contact Us section. We may require proof of identity to process your request and ensure the security of your data. We strive to respond to all requests within one month, in compliance with GDPR requirements.

4. Lawful Basis for Data Processing

We process your data based on:

●     Consent: When you provide explicit consent for a specific purpose (e.g., marketing communications).

●     Contractual Necessity: To deliver services you request, such as scheduling appointments.

●     Legal Obligations: To comply with regulatory requirements (e.g., medical recordkeeping).

●     Legitimate Interests: To improve our services and ensure efficient operations.

5. Data We Collect and Use

5.1 Categories of Data

To provide you with the highest standard of care and an optimized user experience, we collect and use the following categories of data:

●     Personal Information:

○     Name, email address, phone number, and address to identify and communicate with you.

○     Date of birth to verify your eligibility for certain treatments and comply with legal requirements.

●     Health Information:

○     Medical history and current health conditions relevant to dental care, enabling us to provide personalized and safe treatment plans.

○     Prescriptions and medication information, to avoid contraindications or adverse interactions.

●     Technical Information:

○     IP address, browser type, and operating system details to ensure website compatibility and security.

○     Cookies and usage data to analyze website performance and improve user experience. Details about our use of cookies can be found in our Cookie Policy.

5.2 Purposes of Data Use

We use your data for the following purposes:

●     Delivering Dental Care and Treatment Plans:

○     Your medical and personal information helps us create customized treatment plans and deliver the necessary care efficiently.

●     Communication and Appointment Management:

○     We use your contact details to schedule, confirm, and remind you of appointments, as well as to notify you of any changes.

●     Legal and Regulatory Compliance:

○     Some data is collected and retained to comply with healthcare, tax, and other legal obligations, such as accurate record-keeping and financial reporting.

●     Enhancing User Experience:

○     By analyzing how visitors interact with our website, we identify areas for improvement and ensure that our platform remains user-friendly and accessible.

●     Promotions and Educational Outreach:

○     With your consent, we may use your contact information to inform you about new treatments, promotions, or educational materials related to dental health.

We adhere to principles of data minimization, ensuring that we only collect and use the data necessary to fulfill these purposes while respecting your rights and privacy.

6. Data Transfers

We ensure that any transfer of data outside of Moldova complies with GDPR requirements, using appropriate safeguards such as:

●     Standard contractual clauses.

●     Adequacy decisions by the National Center for Personal Data Protection of the Republic of Moldova.

7. Data Retention Policy

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this statement or to comply with legal obligations. Once the retention period ends, we securely delete or anonymize your data.

8. Data Security Measures

To protect your data, DAC implements robust technical and organizational measures designed to ensure the confidentiality, integrity, and availability of your information. These measures include:

●     Encryption of Sensitive Data:

○     All sensitive personal and health data are encrypted both in transit and at rest, ensuring unauthorized access is prevented.

●     Regular Security Assessments and Updates:

○     We conduct frequent security audits and vulnerability scans to identify and address potential risks proactively. Software and systems are updated regularly to maintain their security.

●     Access Controls:

○     Access to your personal data is restricted to authorized personnel only. Role-based access controls ensure that only those with a legitimate need can view or process your data.

●     Secure Data Storage Facilities:

○     All data is stored in facilities with advanced physical and digital security protocols, including firewalls, intrusion detection systems, and environmental protections.

●     Incident Response Planning:

○     A structured incident response plan is in place to handle any data breaches or security incidents swiftly and effectively. You will be notified promptly in the unlikely event of a breach affecting your data.

Despite our efforts, no method of data transmission or storage is completely secure. We encourage you to take additional precautions, such as safeguarding your login credentials and avoiding sharing sensitive information over unsecured networks.

9. How to Exercise Your Rights

If you wish to exercise your GDPR rights, please contact us at:

●     Email: suport.clinicadac@gmail.com

●     Phone: +37 361 195 195

●     Address: Str. Bucuresti, nr.47, MD-2012, Chisinau

We will respond to your request within the legally required timeframe of one month.

10. Updates to This GDPR Statement

This GDPR Compliance Statement may be updated periodically. Changes will be posted on this page with an updated effective date. We encourage you to review this statement regularly to stay informed about our data practices.

By using our services, you acknowledge that you have read, understood, and agreed to this GDPR Compliance Statement.