Last updated: July 23, 2020
Welcome to Denther!
Verified Diagnosis Inc. ( “Denther”, “we” and “us”) respects your privacy. We offer services that enable patients to purchase and receive dental services.
Denther is controller of your personal data provided to, or collected by or for, or processed in connection with our Services. We strive to comply with General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA).
We invite you to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changes have been made and we have notified you of them, the way we use your personal data will be subject to the terms of the updated policy.
If you have any further questions about how we process your information, please don't hesitate to get in touch by contacting our Data Protection Officer:
Data Protection Officer, Verified Diagnosis ltd., Dračevac 7, 21000 Split, Croatia
1. How We Collect Your Data
Denther obtains Personal Data about you from various sources to provide our Services and to manage our Sites. “You” may be a visitor to one of our websites, or a user of one or more of our Services (“User”).
If you visit or use our Sites, we may collect your Personal Data. For example, we collect Personal Data that you submit to us via online forms and surveys, and when you contact us by email.
If you are a User, we generally categorize the personal information we collect about you in three categories:
- Personal data
- Health data
- Usage data
2. Personal Data We Collect
2.1. Personal Data
Personal Data is any information that relates to an identified or identifiable individual. The Personal Data that you provide directly to us through our Sites and Services will be apparent from the context in which you provide the data.
When you register for a Denther account, we collect either your Reddit username, or full name and email address from Google.
When you fill-in our online form to contact our sales team, we collect your full name, email, country, and anything else you tell us about your needs and timeline. When you use the “Remember Me” feature of Payment Checkout, our Payment Processor collects your email address, payment card number, CVC code and expiration date. When you respond to Denther emails or surveys, we collect your email address, name and any other information you choose to include in the body of your email or responses. If you contact us by phone, we will collect the phone number you use to call Denther. If you contact us by phone as a Denther User, we may collect additional information in order to verify your identity.
If you are a Denther User, you will provide your contact details, such as name, postal address, telephone number, and email address. As part of your relationship with us, we may also receive financial and personal information about you, such as your date of birth and government identifiers associated with you and your organization (such as your social security number, tax number, or Employer Identification Number).
You may also choose to submit information to us via other methods, including:
- (i) in response to marketing or other communications,
- (ii) through social media or online forums,
- (iii) through participation in an offer, program or promotion,
- (iv) in connection with an actual or potential business relationship with us, or
- (v) by giving us your business card or contact details at trade shows or other events.
2.2. Health Data
The main type of information we hold about you is health and medical information: information about your health, symptoms, treatments, consultations and sessions, opinions, diagnoses, recommendations, health care reviews, medications, procedures, purchases of health services and related financial information.
This includes details of your consultations and interactions with our dental providers. Your interactions with our digital services may be shared with our dental providers in order to provide you with a better experience and for the purposes of providing you health care.
We get some of this information directly from you, when you register with us and when you use our Services. If you share your Add records form with a dental provider, we will receive your health data from them. If you have given consent for us to do so, we will send your case records to your dental provider. Any such correspondence we receive from you is uploaded electronically to your Denther dental record or personal profile.
We retain records of our consultations and interactions with you. This is so that we can ensure high quality care is provided to you, and, with your consent, to allow us to learn from them to improve our services. To monitor our service quality, we may retain records of when you contact our support teams. Recordings are held securely in accordance with our retention policy. You can access recordings or transcripts of your consultations or interactions with us (depending on the format) for a limited time from us. Please refer to the ‘Retention Periods’ section of this policy.
We may also hold information about you and your health from other apps, devices and services where you have given your consent to that data being shared with us.
Our HIPAA Notice of Privacy Practices describes our privacy practices for your HIPAA Protected Health Information. It does not apply to the Personal Data or Usage Data that we collect from you through the Services. We include a link to our HIPAA Notice of Privacy Practices on webpages where we collect information from you is treated as “Medical Information” or “HIPAA Protected Health Information”.
2.3. Usage Data
Browser and device data, such as IP address, device type, operating system and Internet browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons and the language version of the Sites you are visiting; Usage data, such as time spent on the Sites, pages visited, links clicked, language preferences, and the pages that led or referred you to our Sites. We use Google Analytics on our Sites to help us analyze Your use of our Sites and diagnose technical issues.
3. How We Use Personal Data
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
3.1. Providing you a service
We obtain and use your personal details and financial details in order to establish and deliver our contract with you and (if applicable) charge you correctly.
We obtain and use your medical information because this is necessary for medical purposes, including medical diagnosis and the provision of healthcare or treatment. This includes the information collected through our consultations with you (such as notes and recordings), our digital services, and medical history from your previous dentist (in the same way that any dental practice would receive your medical history if they become your dentist). It may also include sharing information with other healthcare professionals, chosen by you, as necessary for the provision of care to you.
Our HIPAA Notice of Privacy Practices describes our privacy practices for your HIPAA Protected Health Information.
In the course of daily operations, access to private, sensitive and confidential information is restricted to authorized employees who have a legitimate business purpose and reason for accessing it. For example, when you call us, or email us, our designated employees will access your information to assist you in providing services to you. It is important to note that only dental professionals or others on a need-to-know basis will have access to your Health Information.
As a condition of their employment, all employees of Denther are required to abide by the privacy standards we have established. They are also required to work within the principles of ethical behaviour as set out in our internal employee rules and must follow all applicable laws and regulations. Employees are well informed about the importance of privacy and they are required to sign either a code of conduct or a confidentiality agreement that prohibits the disclosure of any Personal Information to unauthorized individuals or parties.
Unauthorized access to and/or disclosure of client information by an employee of Denther is strictly prohibited. All employees are expected to maintain the confidentiality of Personal Information at all times and failing to do so will result in appropriate disciplinary measures, which may include dismissal.
3.2. Making healthcare accessible
Where you have provided your explicit consent, we will use your medical information (always having removed personal identifiers) to improve our healthcare products and services, so that we can deliver better healthcare to you and other Denther users. This medical information (with your personal identifiers removed in the way described above) may include your medical record (both records received and created by us), transcripts and recordings of your consultations, and your interactions with our services. This does not involve making any decisions which would have a significant effect on you – it is only about improving our products, services and software so that we can deliver a better experience to you and other Denther users, and help achieve our aim of making healthcare affordable and accessible to everyone. Strict confidentiality and data security provisions apply at all times. This consent relates to information that can identify you.
We may obtain and use data about your precise location where you give your consent (through providing us access to your location through your App or browser settings or your address), for example, to help direct you to the nearest dentist. We may also derive your approximate location from your IP address.
3.3. Keeping you up to date
We use your email address, phone number and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time.
As part of providing you with high quality preventative and occupational health care services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make appointments, for example for free healthcare screening programmes.
3.4. Other uses
Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within the App or our website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times.
Where necessary, we may need to share personal and financial details for the purposes of fraud prevention and detection.
We also store your medical information, such as uploaded dental images, examination notes, findings and comments given by our dentists, as well as your interactions with our digital services, for safety, regulatory, and compliance purposes. For example, we may need to review your information and, where necessary, make disclosures in compliance with reasonable requests by regulatory bodies, or as otherwise required by law or regulation.
Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
4. How We Disclose Personal Data
We consider all information we collect from you to be confidential. We do not sell, rent or lease your Personal Information to third parties. We may disclose your Personal Information to third parties, as follows:
- Dental providers. We may disclose your health information to dental providers in order to provide you with dental services you requested.
- Other healthcare providers. We will, where necessary for your treatment or care, share your information with your other health and social care providers. For example, your GP and other health and care bodies. This may include sharing information with such services for safeguarding purposes in accordance with our legal obligations.
- Service providers. We use third party service providers to assist us in delivering our Services to you, including internet service hosting, technical integration, marketing, analytics, customer service and fraud detection providers. These service providers are obligated by contract to use your Personal Information only on our behalf and at our direction.
- With your authorized representatives. While you may choose to share your Denther account credentials with someone, we have no way of verifying whether or not that person is really you, or whether they are authorized to access your Personal Information. You should only grant access to your Clover Health account with individuals you trust.
- With our affiliates. We may share data with companies within our corporate family in order to coordinate our Services.
- Anonymised data. We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
- Corporate changes. We may sell or otherwise transfer some or all of our assets to a third party in connection with a merger, consolidation, corporate reorganization, acquisition, reorganization or sale of equity or assets, or in the event of a bankruptcy. In such an event, your Personal Information may be transferred to that third party.
- For legal purposes. We also may share your Personal Information that we collect, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support internal functions. We will disclose Personal Information as we deem necessary to respond to a subpoena, order, governmental request, or other legal or regulatory process. We also may share Personal Information as required to pursue available remedies or limit damages we may sustain.
- California Privacy Act Notice. Under California Civil Code sections 1798.83-1798.83, California residents are entitled to ask us, once per year, for a notice identifying the categories of information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for these affiliates and/or third parties. requests will apply to information provided during the previous calendar year (for example, if your request information in 2019, you will receive information regarding 2018). If you are a California resident and would like a copy of this notice, please submit a written request, subject heading: “California Civil Code copy of notice request)” to the address provided below under “how to contact us”.
5. Retention Periods
The below is a summary of our retention policy, but we may retain records that do not identify you for legitimate business purposes such as managing or planning our business, or records for other periods as required by law or regulation. We retain your Personal Data as long as we are providing the Services to you. We retain Personal Data after we cease providing Services directly or indirectly to you, even if you close your Denther account or complete a transaction with a Denther User, to the extent necessary to comply with our legal and regulatory obligations, and for the purpose of fraud monitoring, detection and prevention. We also retain Personal Data to comply with our tax, accounting, and financial reporting obligations, where we are required to retain the data by our contractual commitments to our financial partners, and where data retention is mandated by the payment methods that we support. Where we retain data, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.
Dental Records are retained for 10 years after death or after the patient has permanently left the country unless the patient remains in the European Union. In the case of a child, if the illness or death could have potential relevance to adult conditions or have genetic implications for the family of the deceased, the advice of clinicians should be sought as to whether to retain the records for a longer period.
Electronic patient records (EPRs) must not be destroyed, or deleted, for the foreseeable future. Dental records include medical and dental records, consultations with dentists.
6. Data storage, security and transfers
We do not store your personal health data on your device. We store all your personal health data, including your primary care information, medication information and diagnostic information, on secure servers.
We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of Personal Data. We maintain organizational, technical and administrative measures designed to protect Personal Data within our organization against unauthorized access, destruction, loss, alteration or misuse. Your Personal Data is only accessible to a limited number of personnel who need access to the information to perform their duties. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.
Where you have chosen a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
Your data may be processed or stored via destinations outside of the European Economic Area (EEA) or US, but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the US or EEA. For further information on the safeguards we take if we transfer data outside of the EEA, contact DPO@denther.com.
7. Your Rights and Choices
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time by accessing the privacy settings in the App.
7.1. Opting out of communications
If you no longer want to receive marketing-related emails from us, you may opt-out via the unsubscribe link included in such emails. We will try to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you important administrative messages that are required to provide you with our Services.
7.2. See or change your Personal Data
If You would like to review, correct, or update Personal Data that You have previously disclosed to us, You may do so by signing in to your Denther account or by contacting us.
7.3. Your data protection rights
Depending on your location and subject to applicable law, you may have the following rights with regard to the Personal Data we control about you:
- The right to, wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App;
- The right to request confirmation of whether Denther processes Personal Data relating to you, and if so, to request a copy of that Personal Data;
- The right to request that Denther rectifies or updates your Personal Data that is inaccurate, incomplete or outdated;
- The right to request that Denther erase your Personal Data in certain circumstances provided by law;
- The right to request that Denther restrict the use of your Personal Data in certain circumstances, such as while Denther considers another request that you have submitted (including a request that Denther make an update to your Personal Data); and
- The right to request that we export to another company, where technically feasible, your Personal Data that we hold in order to provide Services to you.
Where the processing of your Personal Data is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
7.4. Exercising data protection rights
In order to exercise your data protection rights, you may contact Denther as described in the Contact Us section below. We take each request seriously. We will comply with your request to the extent required by applicable law. We will not be able to respond to a request if we no longer hold your Personal Data. If you feel that you have not received a satisfactory response from us, you may consult with the data protection authority in your country.
For your protection, we may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. If we no longer need to process Personal Data about you in order to provide our Services or our Sites, we will not maintain, acquire or process additional information in order to identify you for the purpose of responding to your request.
8. Use by Minors
The Services are not directed to individuals under the age of thirteen (13), and we request that they not provide Personal Data through the Services.
10. Links To Other Websites
The Services may provide the ability to connect to other websites. These websites may operate independently from us and may have their own privacy notices or policies, which we strongly suggest you review. If any linked website is not owned or controlled by us, we are not responsible for its content, any use of the website or the privacy practices of the operator of the website.
11. Specific Provisions for California residents
11.1. How We Collect, Use, and Disclose your Personal Information
11.2. Your CCPA Rights and Choices
As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information:
Exercising the right to know
You may request, up to twice in a 12-month period, the following information about the personal information we have collected about you during the past 12 months:
- the categories and specific pieces of personal information we have collected about you;
- the categories of sources from which we collected the personal information;
- the business or commercial purpose for which we collected the personal information;
- the categories of third parties with whom we shared the personal information; and
- the categories of personal information about you that we disclosed for a business purpose, and the categories of third parties to whom we disclosed that information for a business purpose.
Exercising the right to delete
You may request that we delete the personal information we have collected from you, subject to certain limitations under applicable law.
Exercising the right to opt-out from a sale
You may request to opt out of any “sale” of your personal information that may take place. We do not use, share, rent or sell the Personal Data of our Users’ Customers for interest-based advertising. We do not sell or rent the Personal Data of our Users, their Customers or our Site visitors.
The CCPA provides that you may not be discriminated against for exercising these rights.
To submit a request to exercise any of the rights described above, you may contact Denther at firstname.lastname@example.org. We may need to verify your identity before responding to your request, such as verifying that the email address from which you send the request matches your email address that we have on file. Authentication based on a government-issued and valid identification document may be required. If you are a Customer of a Denther User, please direct your requests directly to the Denther User with whom you shared your personal information.
12. Contact Us