1. Introduction

This GDPR Compliance Statement explains how Dentplicity Systems ("Dentplicity," "we," "us," or "our") handles data protection for users in the European Economic Area (EEA). While our platform is designed primarily for U.S.-based dental practices, we respect the privacy rights of all users globally.

🌍 Service Focus: Dentplicity is designed specifically for dental practices in the United States. While we welcome users from around the world, please be aware that our platform, features, and compliance measures are optimized for the U.S. dental market. All data is stored and processed in the United States.

2. Data Controller and Data Processor

Dentplicity acts as a data controller for personal data we collect directly from you when you use our Services. We act as a data processor when we process personal data on behalf of our customers (dental practices) who are the data controllers.

As a data controller, we determine the purposes and means of processing personal data. As a data processor, we process personal data only on behalf of and under the instructions of our customers.

3. Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing your personal data. We rely on the following legal bases for processing:

Consent: When you have given clear consent for us to process your personal data for a specific purpose.
Contract: When processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
Legal Obligation: When processing is necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests: When processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

4. Your Rights Under GDPR

The GDPR provides you with certain rights regarding your personal data. These rights include:

Right to Access: You have the right to request a copy of the personal data we hold about you.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
Right to Erasure: You have the right to request that we delete your personal data in certain circumstances.
Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
Right to Data Portability: You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.
Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including processing for direct marketing purposes.
Right Not to Be Subject to Automated Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

To exercise any of these rights, please contact us using the information provided in Section 9.

5. Data Protection Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data
Regular testing, assessing, and evaluating the effectiveness of our security measures
Restricting access to personal data to authorized personnel
Implementing data protection policies and procedures
Regular staff training on data protection
Conducting data protection impact assessments where required

6. Data Location and Transfers

⚠️ Important Notice: All data is stored and processed exclusively in the United States. By using our Services from the EEA, you explicitly consent to the transfer of your data to the U.S., which may have different data protection laws than your country.

We implement appropriate safeguards including:

Industry-standard encryption for all data transfers
Contractual commitments to protect your data
Technical and organizational security measures

7. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of the breach.

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

8. Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with data protection laws.

For privacy inquiries, please contact: privacy@dentplicity.com

9. Contact Information

If you have any questions or concerns about our GDPR compliance or how we handle your personal data, please contact us at:

Dentplicity Systems
30 N Gould Street Suite 6610
Sheridan, WY 82801
United States

Email: contact@dentplicity.com
Privacy: privacy@dentplicity.com

🏦 EU Rights: You also have the right to lodge a complaint with a supervisory authority in the EU member state where you reside, work, or where an alleged infringement of the GDPR has occurred.