Legal

Data Protection Policy

Effective From: April 20, 2026

  1. Purpose

This Data Protection Policy establishes the principles, standards, and controls adopted by Dentazon to ensure the secure, lawful, and transparent processing of personal and sensitive data across all platform services.

Dentazon is committed to protecting user data, particularly health-related information, in accordance with global best practices and applicable data protection laws.

  1. Scope

This policy applies to:

  • All Dentazon platforms and modules:
    • Dentazon Care (Patient Portal)
    • Ai-Dentify (AI Diagnostics)
    • Lexadent (Legal Services)
    • Dentevents (Events Platform)
    • Dentazon Marketplace
    • Clinic Management Systems (MIS)
  • All employees, contractors, partners, and third-party service providers
  • All users (patients, dentists, vendors, and stakeholders)

  1. Definitions

  • Personal Data: Any information identifying an individual (name, phone, email, etc.)
  • Sensitive Data: Health records, diagnostic images, financial information
  • Processing: Collection, storage, use, sharing, or deletion of data
  • Data Subject: Individual whose data is processed
  • Controller: Dentazon (determines purpose of data processing)
  • Processor: Third parties handling data on behalf of Dentazon

  1. Data Protection Principles

Dentazon adheres to the following principles:

4.1 Lawfulness, Fairness, Transparency

Data is processed legally and transparently with user awareness.

4.2 Purpose Limitation

Data is collected only for specific purposes such as:

  • Booking and healthcare services
  • AI diagnostics
  • Payments and transactions
  • Platform improvement

4.3 Data Minimization

Only necessary data is collected to perform services.

4.4 Accuracy

Users can update or correct their information.

4.5 Storage Limitation

Data is retained only as long as necessary.

4.6 Integrity & Confidentiality

Data is protected against unauthorized access, loss, or misuse.

  1. Categories of Data Processed

5.1 Personal Data

  • Name, phone number, email
  • Address and location

5.2 Health & Clinical Data

  • Dental history
  • Appointment records
  • Uploaded diagnostic images (Ai-Dentify)

Classified as highly sensitive data

5.3 Financial Data

  • Payment transactions
  • Billing records

5.4 Technical Data

  • IP address
  • Device and browser details
  • Platform usage analytics

  1. Legal Basis for Processing

Dentazon processes data based on:

  • User consent
  • Contractual necessity (e.g., booking services)
  • Legal obligations
  • Legitimate business interests

  1. Data Collection Methods

  • User registration forms
  • Appointment booking
  • AI diagnostic uploads
  • Payment transactions
  • Website cookies and analytics

  1. Data Security Measures

Dentazon implements:

8.1 Technical Controls

  • SSL encryption (HTTPS)
  • Encrypted databases
  • Firewalls and intrusion detection systems
  • Secure APIs

8.2 Organizational Controls

  • Role-based access control
  • Employee confidentiality agreements
  • Data access logs and monitoring

8.3 Data Backup

  • Regular backups
  • Disaster recovery protocols

  1. AI Data Protection

  • AI tools process anonymized or minimally identifiable data where possible
  • Diagnostic outputs are assistive, not definitive medical advice
  • Images and data used for AI improvement are:
    • De-identified
    • Used only with consent

  1. Data Sharing & Transfers

10.1 Internal Sharing

  • Between Dentazon modules for service delivery

10.2 Third-Party Sharing

With:

  • Payment providers
  • Cloud hosting services
  • Communication tools

All third parties must comply with data protection standards.

10.3 Cross-Border Data Transfer

If data is transferred internationally:

  • Adequate safeguards must be implemented
  • Data protection standards must be maintained

  1. Data Retention Policy

  • Personal data: retained as long as account is active
  • Health data: retained for continuity of care
  • Financial data: retained as per legal requirements

Users may request deletion, subject to compliance obligations.

  1. User Rights

Users have the right to:

  • Access their data
  • Correct inaccurate data
  • Request deletion (“Right to be forgotten”)
  • Restrict or object to processing
  • Withdraw consent

Requests can be made via official Dentazon contact channels.

  1. Data Breach Management

In case of a data breach:

  1. Immediate identification and containment
  2. Internal reporting and investigation
  3. Notification to affected users (if necessary)
  4. Corrective actions to prevent recurrence

  1. Employee & Partner Responsibilities

All personnel must:

  • Follow data protection practices
  • Access only necessary data
  • Report any suspected breaches

Non-compliance may result in disciplinary or legal action.

  1. Privacy by Design & Default

Dentazon ensures:

  • Data protection is integrated into system design
  • Minimal data collection by default
  • Secure architecture for all modules

  1. Compliance & Standards

Dentazon aims to align with:

  • Global data protection standards (e.g., GDPR principles)
  • Healthcare data protection best practices

  1. Policy Updates

This policy may be updated periodically.
All updates will be published with revised effective dates.