Privacy Policy

Last updated: 8.06.2023

Introduction

This Policy is intended to help you understand:

  • why we collect your personal data;
  • how we collect, use and store your personal data;
  • which rights relating to your personal data you have; how you can exercise the rights relating to your personal data;
  • how we use cookies and other tracking technologies;
  • how we share and disclose your personal data.

Cristaline Aligners  is located in Germany.

We act as a data controller in relation to your personal data. However, we act as data processors with respect to the data processing activities we carry out on behalf of our clients.

Cristaline Aligners GmbH (“we”, “us”, “our”, “Company”) values your privacy and therefore provides you with the information on the Company’s privacy practices. On this page, you can learn about the information we collect about you while you interact with us, what for and how it is used, stored, disclosed etc.

This Privacy Policy (“Policy”) describes how we handle the data you provide us with through the website https://cristaline-aligners.com (“Site”), email address info@cristaline-aligners.net, our social media accounts such as Facebook, Instagram, LinkedIn (“social media accounts”), phone and video calls, and via cooperation in our offices. Such treatment may include, but is not limited to, the following:

  • collection,
  • recording,
  • organisation,
  • storage,
  • structuring,
  • adaptation,
  • alteration,
  • retrieval,
  • consultation,
  • use,
  • disclosure by transmission,
  • dissemination or otherwise making available,
  • alignment or combination,
  • restriction,
  • erasure or destruction.

Company can act as a data controller OR a data processor in relation to the personal data you provide depending on the factual circumstances of the processing.

You can be our visitor or client (collectively “users”):

  • You are a visitor when you merely surf this Site;
  • You are a client when:
    • you, as a dentist or dental clinic representative (“Doctor”) submit personal data of your Patient(s) through the Site, our social media accounts, email, and cooperation in our offices in order to receive our aligners development services;
    • you submit your personal data as a Patient through the Site, our social media accounts, email, and cooperation in our offices in order to receive our aligners development services.

When you submit your personal data as a client through our Site, you may be asked to give your consent to some kind of processing of your personal data as explained in this Policy to enable us to provide you with the information or service requested, if no other legal ground can be used.

You may contact us using the following details:

Our address:

  • Hanauer strasse 1-5, Pforzheim, 75181 Germany

Our email: info@cristaline-aligners.net

Definitions

To facilitate your understanding of this Policy, we explain the usage of the definitions listed here in accordance with the GDPR.

We use the following definitions in this Policy, as prescribed by Article 4 of the General Data Protection Regulation (GDPR):

data controller” means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is processed.

data processor” means the natural or legal person who processes personal data on behalf of the data controller.

data subject” is any living individual who is using our Site.

personal data” means any information relating to you and helping identify you (directly or indirectly) such as your name, last name, email, location data, etc.

processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Collection

We collect and process the information you provide us with in accordance with this Policy.

With respect to the data captured from our clients, we act as a data processor.

We do NOT use decision-making and profiling based solely on automated processing which produces legal effects concerning individuals or similarly significantly affects them.

We act as a data controller with regard to visitors’ and clients’ data when we process it for our own purposes. Also, we are data processors when clients submit their data to us and we process it on their behalf.  

We use the personal data we collected only for the purposes listed in this Policy. We may share your personal data with third parties solely for the purposes listed herein.

We do not sell your data.

Personal Data We Collect

We may process the following personal data of our visitors:

Purposes

Type of personal data

Legal grounds

Third Parties recipients

Source
  • To prevent any fraudulent actions or intervention of the malware and improve our technical and information security measures;
  • To enable the functionality of the Site. 

Identifiers: IP address, data obtained from the cookies. 

Usage data: language settings, access time, address of the requested page, information about the user’s browser (or another program through which the Site is accessed).

Our legitimate interest (Article 6(1)(f))

Google, Contractors

Site

You can find more information regarding how we use cookies in our Cookie Policy.

We may process the following personal data of our clients:

Purposes

Type of personal data

Legal grounds

Third Parties recipients

Source

  • To verify our counterparties and sign service agreements; 
  • to keep accounting records;

Contact information: full name, company-employer, email, address, country.                          

Performance of a contract (Article 6(1)(b))

Aligner Developers, Sales Manager, Auditor, Quality Manager, Customer Support, Production personnel (“Contractors”), Hetzner, Bitrix24, ABS

Site, email, social media, communication in our office, social media accounts
  • to register an account on the Site;
  • for maintenance of the account on the Site

Registration information: country, email, first name, last name, phone number, shipping address, billing address, clinic, language. 

Performance of a contract (Article 6(1)(b))

Contractors, Hetzner, Bitrix24, ABS

Site
  • to issue invoices for our services;

Payment information: requisites for payments.

Performance of a contract (Article 6(1)(b))

Contractors, Hetzner, Bitrix24, ABS

Site, email, social media, communication in our office, social media accounts
  • to communicate with Patients and/or Doctors regarding the provision of services;

Contact information: full name, workplace, social media account username, phone number.                                                                                           Message information: any information if it contains personal data.

Performance of a contract (Article 6(1)(b))

Contractors, Hetzner, Bitrix24, ABS

Site, email, social media, communication in our office, social media accounts
  • to provide other orthodontic-related services.

Medical data: photo (teeth), computer tomography results, X-ray/panoramic photo (teeth), consent to processing personal data, any other medical data collected with regard to the Patient’s treatment. 

Contact information: full name, date of birth, gender, age.

Your consent (Article 9(2)(a))

Performance of a contract (Article 6(1)(b))

Contractors, Hetzner, Bitrix24, ABS

Site, email, social media, communication in our office, social media accounts

 

IMPORTANT: upon processing of payments using services of a payment processor, such payment provider may collect your e-mail address, phone number, billing address, phone number, credit card details and expiry date and other personal data it considers as necessary for the provision of services. Such collection of personal data is regulated under the rules and policies of payment processors. We are not responsible and hold no liability regarding your personal data collected by third-party websites. We advise you to access the payment processors’ websites carefully and always check their policies and rules regarding the collection of your personal data.   

Cookies

Cookies are small text files containing information that websites send to your browser. They are stored on your device, which might be a personal computer, a mobile phone, a tablet or any other device.

We use them to enhance your user experience and provide a significant level of protection to your personal data.

We use cookies and other tracking technologies on our Site for a number of purposes, including enabling the functionality of the Site, enhancing user experience, understanding the online behaviour of people who interact with our Site, namely

  • To enhance user experience; prevent any fraudulent actions or intervention of the malware and improve our technical and information security measures; 
  • To enable the functionality of the Site.   

We use three types of cookies:

  • Necessary;
  • Preferences;

You may advise yourself with detailed information on the categories of cookies we use here.

Grounds for processing

Our grounds for processing your personal data are:

  • your consent;
  • our legitimate interests;
  • performance of a contract;
  • our legal obligations.

We do NOT intentionally collect and process the personal data of children under the age of 13. We may process children’s personal data only if consent is given or authorised by the holder of parental responsibility over the child.

We may collect special categories of your personal data (medical data) for the provision of our services. We collect such data ONLY when the data subject has provided his/her explicit consent to do so in accordance with Article 9(2)(a) GDPR.

We collect and process your personal data in accordance with the provisions of the GDPR.

GDPR provides an exclusive list of lawful bases allowing us to process your personal data. During personal data processing we rely only on four of them, namely:

Article 6.1(a), 9(2)(a): consent

We collect the information you choose to give us, and we process it under your consent for marketing purposes. 

You may withdraw your consent to the processing of your personal data at any time. Please remember that the withdrawal of consent does NOT automatically mean that the processing before the withdrawal is considered unlawful.

You may withdraw the consent to the processing of your personal data by sending us an email at info@cristaline-aligners.net, using the suitable Site’s options or by contacting us in any other way convenient for you.

Article 6.1(f): legitimate interests

We process your personal data to prevent any fraudulent actions and to provide you with the desired services. Also, we need some data to enable our Site to run smoothly and give you a pleasant user experience. We use only strictly necessary data under this legal ground.

Article 6.1(b): performance of a contract

We require the minimum amount of your personal data that is necessary to provide you with our aligners development services.

Article 6.1(c): legal obligation

We process your personal data to fulfil the applicable legal obligations arising mainly from the GDPR. In the event of you sending us the request to fulfil the rights granted by the GDPR, we may ask you for some personal data we already have to identify you and achieve compliance with the applicable law.

Data Security, Integrity and Retention

We will store and process your personal data for as long as needed to provide you with the services.

Also, you may request erasing of your personal data by contacting us in any way convenient for you.

We store and process your personal data until we do not need it for any of the purposes defined in this policy unless longer storage is required or expressly permitted by law.

In any case we store personal data we obtained from you, as described under the ‘Personal Data We Process’ section, for no longer than 3 years from the last time we communicated with you.

We store identifiers and usage data for the period specified in our Cookie Policy 

Your messages left within the social media platforms will be kept visible as long as the privacy policies of these platforms promise you.

We may not delete or anonymise your data if we are compelled to keep it under Article 30 of the GDPR and other applicable laws for the retention period prescribed by law or this Policy.

You may request to delete your personal data by sending us an email at info@cristaline-aligners.net

We have implemented appropriate organisational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

Data Sharing and Disclosure

We only transfer your personal data to third parties within the requirements of the GDPR.

Where possible, we always sign data processing agreements (DPAs) and Non-Disclosure Agreements (NDAs) with our third parties.

We may disclose your personal data to third parties, including those located outside the EU and EEA, provided that proper safeguards are put in place and their law doesn’t put your rights at risk.

We may share your personal data as a data controller to data processors in accordance with provisions specified hereafter.

Sharing personal data with data processors

There are many features necessary to provide you with our services that we can not complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services.

Therefore, we may share and disclose your personal data to other data processors:

  • Hetzner (Hetzner Online GmbH, Germany): to provide secure transfer and storage of personal data on the servers. You may familiarise yourself with its Privacy Policy here.
  • Bitrix 24 (Bitrix24 Ltd., Cyprus): to manage our customers and tasks. You may find its Privacy Policy here.
  • ABS (ABS MEDICAL LLC, Ukraine): it is our representative in Ukraine and it helps us to provide our services.
  • Google (Google LLC, USA): to manage cookie banners. You may find its Privacy Policy here
  • We may disclose some of your personal data to other service providers, including our Contractors.

We may transfer your personal data to countries outside the EU and EEA (Ukraine, USA) that are not determined to offer an adequate level of data protection on the basis of Article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.

We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always sign data processing agreements (DPAs) with Standard Contractual Clauses approved by the Commission and Non-Disclosure Agreements (NDAs) with them and treat them seriously. 

Transferring your personal data outside of the European Economic Area

We may transfer your personal data to third countries outside the EU and the EEA under Article 46 of the GDPR on the appropriate safeguards, including the standard contractual clauses (SCC).

For transfers to countries that do not fall under requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to the third countries outside the EU and the EEA under Article 46 of the GDPR with the appropriate safeguards, including the standard contractual clauses (SCC).

We disclose your personal data to the countries outside the EU and the EEA, in compliance with the standard contractual clauses (SCC) approved by the European Commission in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons. We put supplementary measures in place when transferring data outside the EU and the EEA, where appropriate, for example, such as conducting transfer impact assessments (TIA) when necessary.

Your Rights

You may exercise the following rights under the GDPR:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object to processing;
  • right to data portability;
  • right to lodge a complaint;
  • right to consent withdrawal;
  • right to lodge a complaint with a supervisory data protection authority

You may exercise the following rights by submitting your request at info@cristaline-aligners.net

When we act as a joint controller with regard to particular processing of personal data, you may exercise your rights under the GDPR in respect of and against other joint controllers and us.

Rights under the GDPR

  • right of access means that you may ask us to send you the copy of your personal data collected together with information regarding the nature, processing and disclosure of that personal data;
  • right to rectification means that you may ask us to update and correct the false data, missing or incomplete personal data.
  • right to erasure (to be “forgotten”) means that you may ask us to delete your personal data collected, except insofar it is prohibited by appropriate laws.
  • right to restriction of processing means that you may ask us to restrict processing where:
  1. your personal data is not correct or outdated;
  2. the processing is unlawful.
  • right to object to the processing means that you may raise objections on grounds relating to your particular situation;
  • right to data portability means that you may ask us to transfer a copy of your personal data to another organisation or to you;
  • right to withdraw the consent when your personal data is processed under your consent (see section “Grounds for processing”).
  • right to lodge a complaint with a supervisory data protection authority pertaining to the processing of your personal data.

You have the right to submit the complaint to the supervisory authority of your place of residence within the EU or to the data protection authority. However, we would appreciate a letter with feedback from you: we want to make your experience as pleasant as it can be, and will be happy to discuss your concerns.

Data Protection Authority

We kindly ask you to contact us directly so that we can quickly answer your question.

As we said, we kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may use the following channels to address your inquiries: info@cristaline-aligners.net

In some cases, you have the right to lodge a complaint about our use of your personal data with a data protection authority. For more information, please contact your national data protection authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us.

Supervisory Authority

In case of any questions regarding data protection, you can apply to the Supervisory Authority.

You may find the contact details of the German Supervisory authority below : 

Die Bundesbeauftragte für den Datenschutz und die Informationsfreiheit , Husarenstraße 30, 53117 Bonn

Tel. +49 228 997799 0; +49 228 81995 0

Fax +49 228 997799 550; +49 228 81995 550

e-mail: poststelle@bfdi.bund.de

Website: http://www.bfdi.bund.de/

Also, you may find the full list of EU supervisory authorities through the link

Copyright

The commercial use of our contents without permission of the originator is prohibited.

Contents and compilations published on the Site are subject to German copyright laws. Reproduction, editing, distribution as well as the use of any kind outside the scope of the copyright law require a written permission of the author or originator. Downloads and copies of these websites are permitted for private use only.

Copyright laws of third parties are respected as long as the contents on these websites do not originate from the provider. Contributions of third parties on this Site are indicated as such. However, if you notice any violations of copyright law, please inform us in any way convenient for you. Such contents will be removed immediately.

Liability for contents

Illegal contents will be removed immediately at the time we get knowledge of them.

As service providers, we are liable for our own contents of the Site according to Sec. 7, paragraph 1 German Telemedia Act (TMG). However, according to Sec. 8 to 10 German Telemedia Act (TMG), service providers are not obligated to permanently monitor submitted or stored information or to search for evidence that indicate illegal activities.

Legal obligations to remove information or to block the use of information remain unchallenged. In this case, liability is only possible at the time of knowledge about a specific violation of law.

Liability for links

Our Site includes links to external third party websites. We have no influence on the contents of those websites, therefore we cannot guarantee for those contents.

The linked websites had been checked for possible violations of law at the time of the establishment of the link. Illegal contents were not detected at the time of the linking. A permanent monitoring of the contents of linked websites cannot be imposed without reasonable indications that there has been a violation of law. Illegal links will be removed immediately at the time we get knowledge of them.

Providers or administrators of linked websites are always responsible for their own contents. 

Dispute resolution

We do not take part in online dispute resolutions at consumer arbitration boards.

The European Commission provides a platform for online dispute resolution (OS): https://ec.europa.eu/consumers/odr.   Please find our email in the Impressum available on the Site. 

Changes to the Privacy Policy

We may change this Policy from time to time due to the different purposes.

We will notify you of such material changes through means available to us.

This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. We will send notice to you if these changes are dramatic and where required by applicable laws, we will obtain your consent. Also, we encourage you to regularly review this Policy to check for any changes.

Such notification may be provided via your email address, post in our social media accounts or announcement on the Site and/or by other means, consistent with applicable law.

Contact us

Please contact us if you have any questions about your personal data or problems with our Site.

If you have any issues concerning the usage of our Site, please do not hesitate to contact us through:

Email address: info@cristaline-aligners.net