Southern Cross Dental - Privacy Policy (May 2018)

This document describes the Privacy Policy of Southern Cross Dental Laboratories Limited (Company Number NI045484) also known as ‘SCD’, ‘we’, ‘us’, ‘our’ or ‘it’ and its related body corporate. By providing your personal information to SCD, through the website, or otherwise, you agree to the collection, use and disclosure of that information in accordance with this Privacy Policy.


It is important that you read this privacy notice so that you are fully aware of how and why we are using data. This version was last updated on 25th May 2018 to comply with GDPR legislation and previous versions can be obtained by contacting us.

1. What is this policy about?

This policy is about how we manage your personal information. It aims to answer the questions you might have about how we collect and use your personal information. This policy may be revised from time to time, including as and when new features are added to the site or the legislation changes. Please check back periodically for changes, updates and additions. By using the website or providing us with your personal information, you consent to the collection and use by us of any personal and other information you provide in accordance with our Privacy Policy (Privacy Policy). If you do not agree to the Privacy Policy, please do not use the website or provide us with your information.

Controller/Processor

Subject to the next paragraph, Southern Cross Dental Laboratories Ltd trading as Southern Cross Dental (referred to as we, us or our in this privacy notice) is the controller and responsible for your personal data. If you have any questions about this privacy notice (including any requests to exercise any of your legal rights) please contact us by emailing ireland@scdlab.com.

We are, from time to time, appointed to use (or otherwise process) personal data on behalf of other organisations. Such appointments will be made in accordance with relevant data protection legislation. Whenever we are appointed as processor, we will be restricted in the manner and purpose for which we can use personal data and will be subject to other obligations under that legislation. We will apply the same security and data handling processes to the personal data which we have been provided with by the controller as we do to personal data over which we are the controller.

2. What information do you collect and hold about me?

We collect and hold information that is provided to us by you or a third party. This includes information about you, and if you are a dental practitioner, you have provided to us about your patients and information about your use of our products.

Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about individuals which we have grouped together follows:

• Identity Data includes first name, last name, online username or similar identifier, title etc.;
• Contact Data includes email address, physical address and telephone numbers;
• Financial Data includes payment method;
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website;
• Usage Data includes information about how you use our website and services; and
• Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences;

Personal information can also include transactional information such as the type and quantity of products that you purchase, and any other information of a personal nature which you provide including payment methods. Please keep in mind that whenever you give out personal information via bulletin boards or chat on the website it may be viewed, collected and used by other people visiting the website. While we strive to protect our users’ information and privacy, we cannot guarantee the security of any information you disclose online and you do so at your own risk.

We collect that information:

(a) via forms you complete and give to us; or
(b) on our website; or
(c) from third party providers, such as organisations that contain lists of dental practitioners.

Where you provide personal information about someone else, you must direct them to this Privacy Policy.

We typically hold your personal information within electronic databases and hard copy records.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

Your duty to inform us of changes

It is important that the personal data we hold about you or otherwise provided by you is accurate and current. Please keep us informed if any such personal data changes during your relationship with us.

3. Purposes for which information is collected, held, used and disclosed

We collect, hold, use and disclose information about you to provide you with a particular product or service and for related purposes such as:

• assisting you with information about the use and application of our products;
• maintaining our relationship with you, including responding to your questions;
• helping us to identify and inform you about other products or services that are likely to
be useful for you;
• protecting you (and us) from error and fraud;
• preventing a serious legal or financial infringement;
• improving the website; and
• developing a better understanding of our customers’ needs.

We also collect, hold, use and disclose such personal information so that we may:

• provide you with the products you purchase;
• provide you with information about the products;
• tell you about products and services and provide information to our third party marketing
partners, subject to this policy;
• respond to your requests for information;
• process data you provide;
• process online purchases and payments;
• send you products you order;
• filter the products and information we offer; and
• open, maintain and administer user accounts.

We may also collect non-personal information via our website such as your IP address, browser type, the date and time of your visit, the particular pages you accessed and the information you download. For more information, please read the section on cookies below.

We also use personal information for editorial and feedback purposes (to the extent that is explained when guests provide the information), to process sales or to contact you about products or services or send you information that may be of interest to you.

4. Are there any other times when you use my information for any other purpose or give this information to someone else?

We recognise the trust you place in us when you give us your personal information. Other than disclosure as required by law (for example, disclosure to various Government departments or to courts) or to the extent necessary to fulfil any order for goods placed by you (including to our manufacturing partners and service providers) or for another purpose set out above or in the event of a sale of all or part of our business, our policy is that we do not give your personal information to other organisations unless you have given us your consent to do so or we are otherwise permitted by the Privacy Act to do so.
Some of our manufacturing partners and service providers are located overseas, which means we are likely to disclose your personal information overseas.

How we use personal data

We will only use personal data when the law allows us to. Most commonly, we will use personal data under the following conditions:

• where we need to perform a contract we are about to enter into, or have entered into, with the
individual;
• where it is necessary for our legitimate interests (or those of a third party) and the individual’s
interests and fundamental rights do not override those interests; or
• where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing personal data other than where expressly asked for separately than in this notice, in relation to certain cookies and if necessary for sending third party direct marketing communications via email or text message (and recipients have the right to withdraw consent to marketing at any time by contacting us).

Purposes for, and legal basis on, which we will use personal data

We have set out below a description of all the ways we may use personal data, and which of the legal basis we rely on to do so (including a description of the legitimate interest pursued). Note that we may process personal data for more than one basis depending on the specific purpose for which we are using your data, but will only rely on the “performance of a contract” basis whenever the contract is with the individual to whom the personal data relates.

Purpose/Activity  
To register an individual as a new customer  
   
   
   
   
   
   
   
   

NOTE:

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

5. Do I have to receive marketing information from SCD?

SCD strives to offer the best products and service to you, so we like to keep you up to date with any new products, offers and services, unless you have specifically asked us not to and from time to time, we and our affiliates may communicate with you regarding current products, special offers, invitations to events, offers for services, new product previews, updates to our products, press releases and announcements concerning the products we provide, contests and our rewards program, as well as important changes in our Terms of Use and this Privacy Policy. By providing us with your contact details, you consent to receiving such communications. If at any time you decide for any reason that you no longer wish to receive such communications, you may “opt out” of receiving them by using one of the following methods:

• Use the ‘Unsubscribe’ link on the email sent to you
• Email us on ireland@scdlab.co.uk
• Calling (ROI) 048 8772 7100 or (NI & UK) 028 8772 710

Please be aware that when you opt out of receiving communications, it will not affect administration and transaction related communications.

Other websites accessible through the site (through hyperlinks, advertisements or otherwise) have their own privacy policies and data collection, use and disclosure practices.

Please consult their terms and conditions and privacy policies prior to use. We do not, even periodically, review the privacy policies or terms of use of third parties and we are not responsible or liable for their privacy practices, availability or reliability of the products they may provide, or the accuracy or completeness of their content.

6. Disclosures of personal data

We may have to share personal data with the parties (all established in the European Union unless otherwise stated) set out below for the purposes set out in the table in paragraph 4 above:

• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers who require reporting of processing activities in certain circumstances;
• Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the European Union or United Kingdom who provide consultancy, banking, legal, insurance and accounting services;
• Other members of our group of companies, who may be based within the European Union or New Zealand, Australia or Hong Kong, in order to manufacture, or contribute to the manufacture of, our products;
• Service providers acting as processors, including (as at the date noted above and who may be updated from time to time):
o Modern Dental Group who are engaged in product processing and manufacture.

We require all third parties to respect the security of the personal data we share with them and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. International Transfers

We do not transfer your personal data outside the European Economic Area (EEA) other than with the Modern Dental Group.

For these recipients, we ensure that a similar degree of protection is enforced as is required within the EEA by ensuring that the recipients have Privacy Shield certifications, if established in the USA, or the recipient countries have been deemed to provide an adequate level of protection by the European Commission or (if neither of the preceding options may apply) that the transfer is necessary for the performance of a contract concluded in the interest of the individual.

8. Data Security

We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected personal data breach and will notify the individuals concerned and any applicable regulator of a breach where we are legally required to do so. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions.

SCD has security measures in place to protect personal information from loss, misuse, interference and from unauthorised access, modification or disclosure.

9. Data Retention

We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, how long a legal claim may be taken and whether we can achieve those purposes through other means, and the applicable legal requirements. We are also under regulatory requirements to retain data, and will retain the data for at least as long as those requirements state.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

10. Individuals’ Legal Rights

Under certain circumstances, individuals have rights under data protection laws in relation to their personal data, such as the right to:

Request access to personal data (commonly known as a “data subject access request”). This
enables individuals to receive a copy of the personal data we hold about them.

Request correction of the personal data that we hold about the individual. This enables the
individual to have any incomplete or inaccurate data we hold about them corrected, though we
may need to verify the accuracy of the new data provided to us.

Request erasure of personal data. This enables individuals to ask us to delete or remove personal
data where there is no good reason for us continuing to process it, where exercising the right to
object to processing is successful (see below), where we may have processed information
unlawfully or where we are required to erase personal data to comply with local law. Note,
however, that we may not always be able to comply with a request of erasure for specific legal
reasons which will be notified to the individual, if applicable, at the time of request.

• Object to processing of personal data where we are relying on a legitimate interest (or those of
a third party) and there is something about the individual’s particular situation which makes
them want to object to processing on the ground of it impacting on fundamental rights and
freedoms. Individuals also have the right to object where we are processing your personal data
for direct marketing purposes. In some cases, we may demonstrate that we have compelling
legitimate grounds to process information which overrides individual’s rights and freedoms.

Request restriction of processing of personal data. This enables individuals to ask us to suspend
the processing of their personal data in the following scenarios: (a) to establish the data’s
accuracy; (b) where our use of the data is unlawful but the individual does not want us to erase
it; (c) to hold the data even if we no longer require it as the individual needs it to establish,
exercise or defend legal claims; or (d) where the individual has objected to our use of the data but
we need to verify whether we have overriding legitimate grounds to use it.

• Request the transfer of personal data to the individual or to a third party. We will provide to
the individual, or a nominated third party, their personal data in a structured, commonly used,
machine-readable format. Note that this right only applies to automated information which the
individual initially provided consent for us to use or where we used the information to perform a
contract with the individual.

• Withdraw consent at any time where we are relying on consent to process the individual’s
personal data. However, this will not affect the lawfulness of any processing carried out before
consent is withdrawn. If the individual withdraws consent, we may not be able to provide certain
products or services. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required

The individual will not have to pay a fee to access their personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in these circumstances.

What we may need

We may need to request specific information from the individual to help us confirm their identity and ensure the right to access relevant personal data (or to exercise any other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask the individual for further information in relation to their request, to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if the request is particularly complex or a number of requests are made. In this case, we will notify the individual and keep them updated.

Supervisory Authority Contact

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

11. Do you use cookies and other tracking methods on your web site?

Site visitorship data is information about the way a website is used that is not associated with an individual’s identity. We use anonymous data regarding online behavior to better understand how people use our site. To that end, we may use aggregated, anonymous online traffic behavior along with information from third parties to track usage trends and thereby improve our site. The kind of information we may collect includes:

• the date and time you access the site;
• your internet service provider, mobile carrier, or data services provider;
• your Internet Protocol (IP) address;
• the pages you visit;
• the links you click;
• the features used;
• how and when you interact with the site;
• the content, images and advertisements you select; and
• how you arrived at the Products and where you go when you leave.

Like most other websites, most site visitorship data is collected using data collection tools such as web beacons, cookies, embedded web links and other software (together, “Data Collection Tools”). Data Collection Tools are typically small data files or software that are sent to your browser and stored on your computer or mobile device hard drive. Most browsers and display software can be set to inform you when Data Collection Tools are being used or other tracking software is being sent to your computer or Personal Communication Device. They also provide you with the option of refusing such Data Collection Tools. However, refusing to allow the use of Data Collection Tools may, in some cases, preclude you from using, or negatively impact the display or function of, certain areas or features of the site, including preventing you from purchasing products.

Data Collection Tools may store the information in your shopping cart and allow us to relate your use of the site to other information about you, including your Personal Information. We may do this to improve and personalise your experience and help resolve problems you experience through your use of the website.

12. How can I access or seek to correct the information you keep about me?

You may request us to provide access to your personal information or to request its correction by calling us on (ROI) 048 8772 7100 or (NI & UK) 028 8772 710 or email us on ireland@scdlab.com. We aim to respond to most requests within 14 days, or if the request is more detailed, within 30 days. SCD may recover from you its reasonable cost of supplying you with access to your personal information.

13. What to do if you have a problem, question or complaint?

If you have any further queries relating to our Privacy Policy, or you have a problem or complaint, please call us on (ROI) 048 8772 7100 or (NI & UK) 028 8772 710, or email us on ireland@scdlab.com. We will review your query, problem or complaint and we will endeavour to issue a reply as soon as reasonably practicable (and in any event, usually within 30 days). If we need more information from you, we will contact you and let you know. If it is a complaint and you are not satisfied with our response, you may make a complaint to the relevant regulator.