GDPR COMPLIANCE NOTICE

GDPR Compliance and European Data Protection

This notice provides specific information for individuals in the European Economic Area (EEA) and United Kingdom about how DSM Solutions processes personal data in compliance with the General Data Protection Regulation (GDPR) and UK GDPR.


Data Controller and Contact Information


DSM Solutions as Data Controller For EEA/UK website visitors and direct customers:


DSM Solutions as Data Processor For patient data processed on behalf of dental practices, the dental practice is the Data Controller and DSM Solutions is the Data Processor.


Legal Basis for Processing

We process personal data under these legal bases:


Contract Performance

  • Providing dental practice management services
  • Processing payments and billing
  • Customer support and account management


Legitimate Interests

  • Website analytics and improvement
  • Security monitoring and fraud prevention
  • Marketing to existing customers (with opt-out option)


Legal Obligation

  • Compliance with healthcare regulations
  • Tax and financial reporting requirements
  • Law enforcement cooperation when required


Consent

  • Marketing communications to prospects
  • Non-essential cookies and tracking
  • Optional service features


Categories of Personal Data


Direct Collection

  • Contact information (name, email, phone)
  • Professional details (practice information, role)
  • Account and authentication data
  • Payment and billing information


Automatic Collection

  • IP address and device identifiers
  • Website usage and analytics data
  • Technical logs and performance data


Health Data (as Processor) When processing on behalf of dental practices:

  • Patient demographic information
  • Clinical and treatment records
  • Health insurance information
  • Appointment and care coordination data


International Data Transfers


Primary Processing Location Personal data is primarily processed in the United States.


Transfer Safeguards For transfers outside the EEA/UK, we use:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant data protection authorities
  • Other legally approved transfer mechanisms
  • Additional security measures for sensitive data


Data Processor Agreements All third-party processors sign Data Processing Agreements with appropriate transfer safeguards.


Data Retention Periods


Customer Account Data

  • Active accounts: Duration of relationship plus 7 years
  • Billing records: 10 years from last transaction
  • Support communications: 5 years from resolution


Marketing Data

  • Consented communications: Until withdrawal of consent
  • Legitimate interest processing: 3 years from last interaction
  • Website analytics: 26 months from collection


Health Data (as Processor)

  • As directed by dental practice (Data Controller)
  • Generally 7-10 years per healthcare regulations
  • Longer retention for legal requirements


Your GDPR Rights

Right of Access Request confirmation of processing and copies of your personal data.

Right to Rectification Correct inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten") Request deletion of personal data (subject to legal obligations).

Right to Restrict Processing Limit how we process your personal data in certain circumstances.

Right to Data Portability Receive your data in a structured, machine-readable format.

Right to Object Object to processing based on legitimate interests or direct marketing.

Rights Related to Automated Decision Making We do not use automated decision-making that produces legal or significant effects.


Exercising Your Rights


How to Submit Requests

  • Online: Privacy request form at dsmsolutions.ai/gdpr-requests
  • Email: gdpr@dsmsolutions.ai
  • Phone: (555) 123-4567
  • Mail: DSM Solutions GDPR Officer,


Request Processing

  • We respond within 30 days (extendable to 90 days for complex requests)
  • Identity verification required for data access
  • No fee for reasonable requests (excessive requests may incur charges)
  • Appeal process available for denied requests


Special Protections for Health Data


Enhanced Security Measures

  • End-to-end encryption for all health data
  • Role-based access controls with audit trails
  • Regular security assessments and penetration testing
  • Incident response procedures with regulatory notification


Data Controller Relationship For patient health data:

  • Dental practices remain the Data Controller
  • We process only as instructed by the practice
  • Patients should contact their dental provider for health data requests
  • Data Processing Agreement governs our obligations


Cookies and Tracking Technologies


Essential Cookies

  • Required for website and service functionality
  • Cannot be disabled while using services
  • Include authentication and security cookies


Analytics Cookies

  • Google Analytics (with IP anonymization)
  • Performance monitoring tools
  • User experience improvement data


Marketing Cookies

  • Advertising platform pixels
  • Remarketing and conversion tracking
  • Social media integration features


Cookie Controls

  • Cookie banner for consent management
  • Browser settings for cookie control
  • Opt-out links for marketing cookies
  • Regular cookie policy updates


Data Protection Officer


DPO Contact Information

  • Name: [DPO NAME]
  • Email: dpo@dsmsolutions.ai
  • Address: DSM Solutions DPO, [ADDRESS]
  • Responsibilities: GDPR compliance oversight, data protection impact assessments, regulatory liaison


Supervisory Authority

You have the right to lodge a complaint with your local data protection authority:


UK Residents Information Commissioner's Office (ICO)

  • Website: ico.org.uk
  • Phone: 0303 123 1113


EU Residents Contact your national data protection authority or: European Data Protection Board

  • Website: edpb.europa.eu


Data Breach Notification


Our Obligations

  • Notify supervisory authorities within 72 hours of awareness
  • Notify affected individuals if high risk to rights and freedoms
  • Maintain records of all data breaches
  • Conduct breach impact assessments


Your Rights

  • Notification of breaches affecting you
  • Information about breach scope and mitigation
  • Assistance with protective measures
  • Complaint rights to supervisory authorities


Changes to GDPR Compliance

We will notify you of material changes through:

  • Email to account holders
  • Website notice with 30-day advance notice
  • In-service notifications where applicable
  • Updated effective date on this notice


Contact for GDPR Matters

General GDPR Questions

Data Protection Officer

Legal Department