PRIVACY POLICY
Updated: FEBRUARY 22, 2023
Security, confidentiality and protection of personal data are essential values of Cabinet dentaire MAST (the “Practitioner“) and the company E.N.P.S. in its capacity as publisher of the Website (the “Publisher”).
This document aimed at protecting the personal data of the user (the “User“) of this Practitioner’s website (the “Site”) is established by the Practitioner and the Publisher, in accordance with French and European regulations on the protection of personal data, in particular the General Data Protection Regulation (EU) of 27 April 2016 (“GDPR“), which came into force on 25 May 2018, and the Data Protection Act of 6 January 1978 as amended.
1. What data is collected?
The data collected and processed, depending on the services used on the Site and depending on the choices and settings of the User’s terminal (in particular with regard to cookies and other tracers), are:
– The User’s technical browsing data
This is only the User’s anonymous browsing data collected by the Publisher as a subcontractor within the meaning of the GDPR for statistical purposes: number of visits, number of pages viewed, time spent on the Site, geolocation of the User and actions on the Site. The Publisher does not have access to the User’s personal data and therefore does not retain any of the User’s personal information which is only accessible and stored by the Practitioner.
– The User’s personal data
They include:
– the User’s personal identification data: this data is only collected by the Practitioner; surname, first name, age, email address, postal address, telephone contact details, etc.
– the User’s personal health data: this data is only collected by the Practitioner as part of the Site’s pre-appointment questionnaire: medical history, cardiac, pulmonary, renal, hepatic problems, diabetes, treatments. This data is stored on secure hosting (HDS) which can only be consulted by the Practitioner. Dental clinical data is not collected on the Practitioner’s Website.
2. When is the data collected?
The information you provide is collected in particular when you access or browse the Site, or when you complete the pre-appointment questionnaire.
The mandatory nature of certain data is indicated during collection by an asterisk in order to allow the Practitioner to respond to your requests and/or provide you with the requested services.
This information is also collected during communication:
– Service emails and SMS
Following a request to make an appointment, you will receive a confirmation email. These service messages are necessary for the proper monitoring of the Practitioner’s schedule.
– Practitioner newsletters
If you have accepted, you may receive information from the Practitioner by email or SMS (electronic communications). These newsletters allow you to keep up to date with the Practitioner’s news.
3. Use of collected data
The User’s personal data is used mainly for the following purposes:
– to allow you to use the services offered by the Site;
– to contact you to respond to your requests;
– to guarantee the proper functioning of certain features of the Site;
– to establish anonymous counting and audience statistics strictly necessary for the delivery of the services;
– to allow appointments to be made with the Practitioner, to inform him of your state of health in anticipation of the appointments to be made;
– to inform you about the services for which you have expressed an interest and which are offered to you on the Site;
– to subscribe to a newsletter of educational and preventive information on dental health and to send you information relating to the services and news of the Practitioner;
– allow the processing of your requests to exercise your rights;
– respond to official requests from public or judicial authorities authorized for this purpose.
The data collected may not be transferred or made accessible to any third party, subject to (i) any subcontractors or service providers of the Practitioner for exclusively technical and logistical reasons (hosting and maintenance providers of the Site, fraud management providers, etc.) and (ii) any restructuring of the Practitioner’s firm, including total or partial transfer of assets, merger, absorption, acquisition, demerger and more generally any reorganization operation.
The User is informed that data concerning him/her is not transmitted for the purposes mentioned above to companies located in countries outside the European Union.
Finally, the Practitioner may be required to communicate your personal data to third parties when such communication is required by law, a regulatory provision or a court decision, or if this communication is necessary to ensure the protection and defense of his/her rights.
4. Information relating to the sharing of data by users of the Site
The Site may allow you to share information relating to the Practitioner’s services on the Site (in its fixed or mobile version) on social networks (Facebook, Linkedin, Twitter, etc.), in particular via the sharing buttons.
Access to these social networks requires your acceptance of the contractual conditions containing stipulations relating to the regulations on personal data for the processing carried out by these networks, and this independently of the pages of the Site allowing sharing on said social networks.
To learn more about the protection of your personal data when browsing these social networks, we invite you to consult their respective privacy policies in order to be precisely aware of the information that is collected by these third parties, it being recalled that you can also configure directly on the social networks the access and confidentiality of your data.
The Practitioner is not responsible for the subsequent use that is made of your data by the social networks for their own account. s.
5. Legal bases and durations of processing of the User’s personal data
The processing of personal data is justified by different legal bases.
The User’s personal data (i) will be archived for accounting and evidentiary purposes during the legal limitation periods or (ii) will be destroyed if said periods have expired.
Legal bases for processing
– consent: the User accepts the processing of his/her personal data by means of express consent (checkbox, click, etc.) which can be withdrawn at any time;
– legitimate interest: the Practitioner has a professional interest in processing your data that is justified, balanced and does not infringe on your privacy. Except in exceptional circumstances, the User may at any time object to processing based on legitimate interest by notifying the Practitioner;
– the law: the processing of your personal data is made mandatory by a legal text.
Duration of treatments
Personal data: processing and storage for a limited period depending on the purpose of the processing and the legislation applicable to the Site’s services.
The storage periods are determined on the basis of the laws and regulations in force (3 to 5 years) depending on the purpose of the following processing: contacting the User to respond to their requests; allowing appointments to be made with the Practitioner, informing them of the User’s state of health in anticipation of upcoming appointments, managing the Practitioner’s office, sending the User information on medical prevention or general matters relating to the Practitioner’s office, allowing the Practitioner to process requests to exercise rights relating to personal health data, allowing the Practitioner to respond to official requests from public or judicial authorities authorized for this purpose.
Technical browsing data: the Publisher applies the retention periods for personal data in its capacity as a subcontractor within the meaning of the GDPR, on the basis of the laws and regulations in force (variable duration not exceeding 3 to 5 years) depending on the purpose of the following processing: to allow the User to use the services offered by the Site, to allow the recording and monitoring of their consent to the deposit of cookies and to know that the User has acknowledged the pop-in, to allow the processing of the User’s requests to exercise rights (excluding health data), to allow the proper functioning of certain features of the Site and ensure the security of the Site, to allow the establishment of anonymous counting and audience statistics strictly necessary for the operation of the Site.
In the context of processing carried out as a subcontractor, the Publisher acts only on the instructions of the Practitioner in his capacity as data controller within the meaning of the GDPR and does not determine the data retention period himself.
At the end of the retention periods, the personal data of users of the Site are permanently deleted or anonymized.
Given the legal archiving obligations imposed on healthcare professionals, they may retain, on their own tools, the User’s personal health data for periods longer than those indicated above in order to ensure optimal medical monitoring and care for patients.
6. What are the User’s rights regarding the use of personal data?
Terms of exercise of rights
In accordance with the regulations on the protection of personal data, the User may (i) exercise his rights (access, rectification, deletion, opposition, limitation and portability where applicable) and (ii) define the fate of his personal data “post mortem”.
In order to allow the Practitioner to respond quickly to any request from the User in this regard, the User must indicate in support of his request his surname, first name, e-mail, address and specify the address to which the response to his request should be sent.
The Practitioner may carry out identity checks in order to guarantee the confidentiality and security of the User’s data. In certain cases, a copy of a valid identity document bearing his signature may be requested. A response will then be sent to him within one (1) month following receipt of the User’s request.
The User also has the right to file a complaint with the National Commission for Information Technology and Civil Liberties (CNIL), in particular on its website www.cnil.fr.
Definitions – Data Controller and Delegate
The person responsible for processing the User’s personal data is the Practitioner whose contact details are as follows: Cabinet dentaire MAST / info@cabinetdentairemast.ch
The User’s personal data (including health data) is hosted and managed by a physical infrastructure subcontractor who has received HDS (Health Data Host) certification.
The Practitioner has appointed a Data Protection Officer (DPO) within the firm responsible for ensuring the protection of personal data. You can contact the Practitioner’s Data Protection Officer at: info@cabinetdentairemast.ch et dpo@webdentiste.eu.
