Privacy Policy for Dentistry Dashboard

Last Updated: 19/05/2025
Version: 3.0

1. Introduction and Who We Are

Welcome to Dentistry Dashboard. This Privacy Policy explains how Outlook Aesthetics Ltd., operating under the brand name MyFormatic ("we," "us," "our"), collects, uses, shares, and protects personal data when you ("User," "you," "your practice") use our web-based platform, Dentistry Dashboard, including all its features (such as AI Notes, Boards, Rota, Lab Work Tracker, CPD Requirements Portal), functionalities, and associated services (collectively, the "Service").

Dentistry Dashboard is designed for the whole dental team. Certain features, like "Dentistry Dashboard AI Notes" which utilises Artificial Intelligence (AI) for clinical documentation support, are in the process of being verified as a Class I medical device with the UK's Medicines and Healthcare products Regulatory Agency (MHRA). Our processing of data in relation to such features adheres to relevant regulatory standards, including clinical safety (e.g., DCB0129) and data protection requirements. This policy, along with our Terms and Conditions and any specific Usage Guidelines for features like AI Notes, outlines responsibilities regarding data handling.

Owner and Data Controller (for User Data):
Outlook Aesthetics Ltd. (trading as MyFormatic)
Registered Address: 340 Clapham Road, London, SW9 9FA, United Kingdom
Company Number: [Your Company Registration Number - PLEASE INSERT]
Contact Email: info@myformatic.com

Data Processor (for Patient Data and Practice-Specific Operational Data Processed via the Service):
For patient personal data and practice-specific operational data (e.g., detailed rota assignments, specific lab case details, content of checklists on Boards) processed through the Service, your dental practice is the Data Controller. Outlook Aesthetics Ltd. (trading as MyFormatic) acts as a Data Processor on your behalf, in accordance with our Data Processing Addendum (DPA) and Terms of Service.

2. Scope of This Privacy Policy

This policy applies to:

• Personal data of individual users who register for and use Dentistry Dashboard (e.g., dentists, nurses, practice managers).

• Personal data, including patient data and other sensitive practice information, that is processed by our Service when used by your practice across all its features.

• Data collected through our website (www.dentistrydashboard.com and potentially www.myformatic.com if it directly relates to Dentistry Dashboard services) and other interactions with us related to Dentistry Dashboard.

3. What Personal Data We Collect and How

We collect various types of personal data depending on your interaction with our Service. Unless specified otherwise, all Data requested by Dentistry Dashboard for core functionality is mandatory, and failure to provide this Data may make it impossible for us to provide the Service. In cases where we specifically state that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service. Users who are uncertain about which Personal Data is mandatory are welcome to contact us.

3.1. Data You Provide Directly (as a User of Dentistry Dashboard):

• Account Registration Data: Full name, email address, phone number, practice name, practice address/zip code, professional role (e.g., Dentist, Nurse – important for CPD/Lab Tracker), GDC number (important for CPD certificates).

• Subscription and Payment Data: Billing address, payment information (e.g., purchase history, processed by third-party payment processors like Stripe – we do not store full card details).

• Profile Data: Profile image (optional), and any other information you choose to add to your user profile.

• Communication Data: Information you provide when you contact us for support (e.g., via contact forms, email), provide feedback, or otherwise communicate with us ("Data communicated while using the service").

• CPD Portal Data: CPD certificates, issue dates, CPD hours, other professional documents you upload (e.g., Medical Forms, Hep B History, Indemnity, DBS, PDPs), GDC number for certificate generation.

• User-Generated Content & Configuration Data (across all features):

  • Boards & Checklists/Logs: Content of cards, custom fields, lists, checklist items, log entries (which may include practice operational data or de-identified patient references if inputted by the User).

  • Dental Team Rota: Staff names (linked to user accounts), roles, shift times, locations, time off requests and reasons.

  • Lab Work Tracker: Lab service definitions, capacity settings, technician details (if users), order details (which may include de-identified patient references or specific case information inputted by the User or lab).

  • User Configuration Data for AI Notes: User-defined settings such as selected appointment types, content toggles, custom instructions provided to the AI, and custom note templates.

3.2. Data Processed When You Use Specific Features (Primarily Patient Data or Sensitive Practice Data for which Your Practice is Controller):

• Dentistry Dashboard AI Notes:

  • The AI Notes feature is designed and recommended for use as a post-consultation dictation tool. Users dictate information (e.g., from memory, handwritten notes, or other sources) into the system for transcription and note generation.

  • User Responsibility for Input: Users are responsible for the content of their dictation. Users are strongly advised to avoid inputting direct Patient Identifiable Data (PID) into the AI Notes dictation process where possible. If patient-specific context is necessary for note generation, Users should aim to use anonymized or de-identified references during dictation. Specific PID should only be added by the User when transferring the verified notes to their secure Practice Management System.

  • Voice data from User dictation is processed in real-time for transcription purposes by the AI Notes feature but is not stored or saved by Dentistry Dashboard once the transcription is complete.

  • Transcripts: Text transcriptions automatically generated by the AI from the real-time processing of User dictation.

  • AI-Generated Clinical Notes & Summaries: Draft structured and unstructured clinical notes and summaries generated by the AI Notes feature based on transcripts of User dictation and selected User settings. These transcripts and generated notes may be saved by the User within the "Saved Chats" feature of AI Notes for their reference and subsequent transfer to their primary Practice Management System.

• Boards, Rota, Lab Tracker: May include specific patient identifiers, detailed case notes, or sensitive staff information if directly inputted by Users. The practice is the Controller for this data and is responsible for ensuring its lawful input and management.

3.3. Data Collected Automatically (Usage Data):

• Device and Connection Information: IP address, browser type and version, operating system, device identifiers, time zone setting, and location (approximate).

• Usage Data: Information about how you use our Service, such as features accessed, pages viewed (page events), time spent on pages, links clicked (clicks), interaction events, and error logs. This data is often collected using Trackers (defined below).

• Trackers: We use cookies and similar tracking technologies (e.g., web beacons, pixels, scripts – collectively "Trackers"). For more detailed information, please see our Cookie Policy available at: https://www.iubenda.com/privacy-policy/70143420/cookie-policy.

3.4. User Responsibility for Third-Party Data:
Users are responsible for any third-party Personal Data (e.g., patient data, data of colleagues) obtained, published, or shared through Dentistry Dashboard and confirm that they have the third party's consent or other lawful basis to provide the Data to us for processing via the Service. This includes responsibility for the content of dictation into AI Notes.

4. How and Why We Use Your Personal Data (Purposes and Lawful Bases)

The Data concerning the User is collected to allow us to provide our Service, enable specific functionalities chosen by the User, comply with our legal obligations, respond to enforcement requests, protect our rights and interests (or those of our Users or third parties), detect any malicious or fraudulent activity, as well as for the following specific purposes:

4.1. To Provide and Manage the Entire Dentistry Dashboard Service:

• Purpose: To set up and maintain User accounts (Registration and authentication); provide access to all Dentistry Dashboard features (AI Notes, Boards, Rota, Lab Tracker, CPD Portal, etc.); enable Users to manage practice operations, communication, and compliance (Handling activities related to productivity); process subscriptions (Handling payments); and deliver customer support (Contacting the User).

• Data Used: Account Registration Data, Subscription and Payment Data, Profile Data, Communication Data, User-Generated Content & Configuration Data (across all features), data processed within specific features as initiated by the User.

• Lawful Basis: Performance of a contract (our Terms of Service with you).

4.2. To Process Practice-Specific and Patient-Related Data via Service Features (as a Data Processor):

• Purpose: To enable Users to:

  • Process User dictation in real-time to generate transcripts and draft clinical notes using AI Notes. AI Notes is a documentation aid and not a substitute for professional dental judgment.

  • Organize tasks, checklists, logs, and workflows using Boards.

  • Manage staff schedules, assignments, and time off using the Dental Team Rota.

  • Manage lab work orders and track capacity using the Lab Work Tracker.

  • Manage CPD requirements and store certificates using the CPD Requirements Portal.

• Data Used: Data inputted and processed by Users within these specific features, including Transcripts from User dictation, AI-Generated Clinical Notes, content of Boards, Rota details, Lab Tracker orders, and CPD documents. (Note: Audio from dictation is processed but not stored by us).

• Lawful Basis (determined by the User/Practice as Data Controller, processed by us as Data Processor):

  • For patient-related health information (e.g., in AI Notes based on User dictation, or if patient references are in Boards/Lab Tracker): Typically, the provision of health or social care (Article 9(2)(h) UK GDPR) or, where applicable, explicit patient consent (Article 9(2)(a) UK GDPR) for the underlying patient data being summarized or documented by the User.

  • For other practice operational data (e.g., staff rotas, general checklists): Necessary for the User's legitimate interests in managing their practice, or for the performance of employment contracts (for staff data), as determined by the User/Practice.

  • Our processing is governed by our DPA with the User/Practice.

4.3. To Improve and Develop Our Service (Analytics, Heat mapping and session recording):

• Purpose: To analyze how Users interact with all aspects of Dentistry Dashboard (Analytics, Heat mapping and session recording), identify areas for improvement, develop new features, enhance usability, and improve the accuracy and efficiency of specific tools like AI Notes. For AI model training, data will be anonymized or pseudonymized.

• Data Used: Usage Data, Feedback Data, anonymized/pseudonymized data derived from feature interactions.

• Lawful Basis: Legitimate interests (to improve and develop our Service), or consent where we explicitly ask for it.

4.4. To Comply with Legal and Regulatory Obligations:

• Purpose: To meet our legal requirements, including those related to our medical device verification process and future compliance (e.g., for AI Notes), financial record-keeping, and responding to lawful requests from authorities.

• Data Used: Relevant transaction data, audit logs, communication records, data required for medical device vigilance.

• Lawful Basis: Compliance with a legal obligation.

4.5. For Communication and Marketing (Contacting the User, Advertising):

• Purpose: To send service-related updates, administrative messages, and information about new features or changes. To display advertising on our marketing website (not within the logged-in application) (Advertising).

• Data Used: Account Registration Data, Communication Data, Usage Data, Trackers.

• Lawful Basis: Performance of a contract (essential service communications); Legitimate interests (information about the Service, on-site advertising); Consent (for direct marketing communications if any are introduced, and for certain types of advertising).

4.6. To Ensure Security and Prevent Misuse:

• Purpose: To protect the security and integrity of our Service, prevent fraud, unauthorized access, and enforce our Terms of Service.

• Data Used: Usage Data, IP addresses, Account Registration Data.

• Lawful Basis: Legitimate interests.

4.7. To Manage Tags and Scripts (Tag Management):

• Purpose: To manage tags or scripts needed on Dentistry Dashboard in a centralized fashion, which may result in User Data flowing through these services.

• Data Used: Tracker; Usage Data.

• Lawful Basis: Legitimate interests (for efficient website/application management).

5. Detailed Information on Data Processing and Third-Party Services

Personal Data is collected for the purposes outlined above using the following services. This section details specific third-party services we may use as Data Processors:

• Access to Third-Party Accounts (User-Initiated):

  • Google OAuth (Google Ireland Limited): A registration and authentication service connected to the Google network, if chosen by the User.

    • Personal Data processed: Various types of Data as specified in Google's privacy policy.

    • Place of processing: Ireland – Privacy Policy: https://policies.google.com/privacy

  • Adherence to Google API Services User Data Policy: Our use or transfer to other apps of information received from Google APIs will adhere to the Google API Services User Data Policy (available at https://developers.google.com/terms/api-services-user-data-policy#additional_requirements_for_specific_api_scopes), including the Limited Use requirements.

• Advertising (Primarily for our marketing website, not the core application):

  • Google Ad Manager (Google Ireland Limited): May be used to run advertising campaigns.

    • Personal Data processed: Tracker; Usage Data.

    • Place of processing: Ireland – Privacy Policy: https://policies.google.com/privacy (Users can manage Google Ad Settings).

• Analytics:

  • Google Analytics (Universal Analytics) (Google LLC / Google Ireland Limited): Web analysis service. We may use the version with anonymized IP.

    • Personal Data processed: Tracker; Usage Data.

    • Place of processing: United States / Ireland – Privacy Policy: https://policies.google.com/privacy – Opt Out: https://tools.google.com/dlpage/gaoptout?hl=en.

• Contacting the User & Support:

  • Contact Form (This Application): To reply to requests.

    • Personal Data processed: Email address; first name; last name.

• Handling Activities Related to Productivity (Integrations):

  • Google Workspace (Google LLC / Google Ireland Limited): May be integrated for productivity if configured by the User (e.g., Google Forms/Sheets with Boards).

    • Personal Data processed: Email address; first name; last name.

    • Place of processing: United States / Ireland – Privacy Policy: https://policies.google.com/privacy.

• Handling Payments:

  • Stripe (Stripe Payments Europe, Ltd. / Stripe, Inc.): Payment processing.

    • Personal Data processed: Billing address; first name; last name; payment info; purchase history; Usage Data.

    • Place of processing: Ireland / USA – Privacy Policy: https://stripe.com/ie/privacy.

• Heat Mapping and Session Recording (for usability analysis):

  • Microsoft Clarity (Microsoft Corporation): Session recording and heat mapping.

    • Personal Data processed: Clicks; interaction events; page events; Usage Data.

    • Place of processing: United States / United Kingdom – Privacy Policy: https://privacy.microsoft.com/PrivacyStatement.

• Hosting and Backend Infrastructure:

  • Amazon Web Services (AWS) (Amazon Web Services, Inc.): Hosting and backend services.

    • Personal Data processed: Various types of Data as specified in AWS's privacy policy.

    • Place of processing: United Kingdom (primarily for Dentistry Dashboard data). – Data Privacy Information: https://aws.amazon.com/compliance/data-privacy-faq/.

  • Microsoft Azure (Microsoft Corporation): Hosting services.

    • Personal Data processed: Various types of Data as specified in Azure's privacy policy.

    • Place of processing: United Kingdom (primarily for Dentistry Dashboard data). – Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement.

• Tag Management:

  • Google Tag Manager (Google LLC / Google Ireland Limited): To manage tags or scripts.

    • Personal Data processed: Tracker; Usage Data.

    • Place of processing: United States / Ireland – Privacy Policy: https://policies.google.com/privacy.

(The updated list of these parties may be requested from us at any time.)

6. Mode and Place of Processing the Data

• Methods of Processing: We take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to us (the Owner), in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of Dentistry Dashboard (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by us.

• Place: Data is processed at our operating offices (340 Clapham Road, London, SW9 9FA, United Kingdom) and in any other places where the parties involved in the processing are located (as detailed in Section 5 for third parties). For Dentistry Dashboard, primary data storage is within the United Kingdom. Depending on the User's location or the services used, data transfers may involve transferring User Data to a country other than their own. (See Section 7 for International Data Transfers).

7. International Data Transfers

Personal data we collect is primarily processed and stored on secure servers located in the United Kingdom (UK) or the European Economic Area (EEA). If we transfer your personal data outside the UK/EEA (e.g., when using certain third-party services based in the US, as listed in Section 5), we will ensure that appropriate safeguards are in place to protect your data, such as:

• The UK Addendum to the EU Standard Contractual Clauses (SCCs) or an Adequacy Decision.

• Binding Corporate Rules.

• Other transfer mechanisms recognized under UK GDPR.

We will provide further information on these safeguards upon request. Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organisation governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard their Data by checking the relevant sections of this document or inquiring with us using the information provided in the contact section.

8. Data Security

We are committed to protecting the security of your personal data. We implement appropriate technical and organizational measures to safeguard your data against unauthorized access, disclosure, alteration, loss, or destruction. These measures include:

• End-to-end encryption for data in transit and encryption for data at rest.

• Strict access controls and authentication mechanisms.

• Regular security assessments and penetration testing (if applicable).

• Adherence to industry best practices, including relevant aspects of the Data Security and Protection Toolkit (DSPT) where applicable to our role as a supplier.

• Secure software development practices.

• A designated Clinical Safety Officer responsible for overseeing the safety of features classified as medical devices.

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

9. Data Retention

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:

• Personal Data collected for purposes related to the performance of a contract between us and the User shall be retained until such contract has been fully performed.

• Personal Data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by us within the relevant sections of this document or by contacting us.

• We may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn.

• Furthermore, we may be obliged to retain Personal Data for a longer period whenever required to fulfil a legal obligation (e.g., medical device regulations, financial records, tax obligations) or upon order of an authority.

Specific retention considerations:

• Account Data: Retained for as long as your account is active and for a reasonable period thereafter (e.g., 6 years after contract termination for legal/financial records) or as needed to comply with our legal obligations.

• AI Notes Data (Saved Chats): Transcripts from User dictation and AI-generated notes saved by the User within the "Saved Chats" feature are retained to allow Users to revisit sessions. Users may have the ability to delete these saved sessions. Audio recordings from dictation are not stored by Dentistry Dashboard. Deletion of saved transcripts/notes from Dentistry Dashboard does not affect records stored by the User in their primary Practice Management System.

• Medical Device Data: Data retained for our medical device verification process and future regulatory requirements (e.g., audit logs, performance data, clinical safety records) will be kept in accordance with applicable legal retention periods for such devices (which may be, for example, 10 years after the last product has been placed on the market for certain device classes).

• Usage Data: Retained for analytical purposes for a period necessary to achieve those purposes, often in aggregated or anonymized form.

• CPD Portal Data: Retained as long as your account is active or as you manage it within the portal.

Once the retention period expires, Personal Data shall be securely deleted or anonymized. Therefore, the right of access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

10. Your Data Protection Rights (UK GDPR)

Under UK data protection law, you have several rights regarding your personal data. These include the right to:

• Access your data: Request a copy of the personal data we hold about you. Users have the right to learn if Data is being processed by us, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.

• Rectification: Request correction of inaccurate or incomplete personal data. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.

• Erasure (Right to be Forgotten): Request deletion of your personal data under certain conditions. Users have the right to obtain the erasure of their Data from us.

• Restrict processing: Request that we limit the processing of your personal data under certain conditions. In this case, we will not process their Data for any purpose other than storing it.

• Data portability: Request to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another controller where technically feasible.

• Object to processing: Object to our processing of your personal data where we rely on legitimate interests as our lawful basis, or for direct marketing purposes.

• Withdraw consent: If we process your data based on your consent, you have the right to withdraw that consent at any time.

• Rights related to automated decision-making and profiling: The AI Notes feature assists in generating clinical documentation but does not make automated decisions that produce legal or similarly significant effects on individuals without human review. All clinical decisions are made by the qualified healthcare professional.

• Lodge a complaint: Users have the right to bring a claim before their competent data protection authority (see Section 20).

11. Details About the Right to Object to Processing

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in us, or for the purposes of the legitimate interests pursued by us, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the User objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether we are processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

12. How to Exercise These Rights

Any requests to exercise User rights can be directed to us through the contact details provided in this document (Section 21). Such requests are free of charge and will be answered by us as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by us to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, we will inform them about those recipients.

13. Role of the User (Dental Practice) as Data Controller and User Responsibilities Regarding AI Notes

As a User of Dentistry Dashboard (e.g., a dental practice), you are the Data Controller for the patient personal data that you and your team members input, upload, or otherwise process using our Service. You are responsible for:

• Establishing and documenting the lawful basis for processing patient data.

• Ensuring transparency with patients regarding the use of Dentistry Dashboard for clinical documentation, including the use of AI Notes based on User dictation. This includes informing them about what data is being processed, the purpose, how outputs are used and stored, and who has access.

• Obtaining any necessary consents from patients as per your professional, ethical, and legal obligations for the underlying patient care and record-keeping.

• Adhering to recommendations for using features like AI Notes. This includes:

  • Understanding that AI Notes is intended as a documentation aid for post-consultation dictation and not as a real-time consultation recording tool, nor is it a diagnostic tool.

  • Following advice to avoid inputting direct Patient Identifiable Data (PID) into the AI Notes dictation process where possible. If patient-specific context is needed, use de-identified references during dictation and add specific PID only when transferring verified notes to your secure Practice Management System.

  • Recognizing that the AI functionality within AI Notes is designed to assist practitioners, and the final responsibility for all professional and medical decisions related to patient diagnosis, advice, treatment, or the quality or accuracy of medical notes rests solely with the dental practitioner.

• Ensuring the accuracy of clinical records, including reviewing and verifying any outputs generated by AI Notes before finalizing them in patient records.

• Complying with your obligations under UK GDPR and other relevant legislation (e.g., Common Law Duty of Confidentiality).

• Conducting your own Data Protection Impact Assessment (DPIA) for the use of Dentistry Dashboard within your practice, particularly for features like AI Notes. We will provide information to support you in this.

• Managing access to Dentistry Dashboard within your practice and ensuring your team members are trained on its appropriate and secure use.

MyFormatic (Outlook Aesthetics Ltd.) acts as a Data Processor for this patient-related data, processing it only on your documented instructions as set out in our Terms of Service and Data Processing Addendum.

14. Clinical Safety and Medical Device Considerations (AI Notes)

• The AI Notes feature of Dentistry Dashboard is in the process of being verified as a Class I medical device with the UK's MHRA. It is designed solely for administrative assistance in generating draft clinical documentation from User dictation.

• Our Service, particularly AI Notes, is intended to support, not replace, the professional judgment of qualified dental professionals. Outputs from AI Notes are drafts and must be meticulously reviewed and verified for accuracy, completeness, and clinical appropriateness by a qualified User before being relied upon for any clinical decision-making or entered into official patient records.

• Users are responsible for using AI Notes in accordance with its intended use (as a post-consultation dictation aid for documentation), supplied instructions, and this Privacy Policy. It should not be used for direct diagnosis or treatment recommendations.

• We have a designated Clinical Safety Officer to oversee the clinical safety aspects of our medical device features.

• Incidents or safety concerns related to AI Notes or other features should be reported to us promptly at support@dentistrydashboard.com and, where appropriate, to relevant regulatory bodies.

15. Cookies and Trackers & Information on Opting-Out of Interest-Based Advertising

We use Cookies and other Trackers. Any use of Cookies – or of other tracking tools — by Dentistry Dashboard or by the owners of third-party services used by Dentistry Dashboard serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and our Cookie Policy (available at: https://www.iubenda.com/privacy-policy/70143420/cookie-policy).
In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more about how to generally opt out of interest-based advertising within the dedicated section of our Cookie Policy or by visiting industry opt-out pages.

16. Third-Party Services and Links

Our Service may integrate with or contain links to other third-party websites or services that are not operated by us (e.g., Zapier, Google Workspace integrations initiated by you). If you click on a third-party link or use a third-party integration, you will be directed to that third party's site or service. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit or service you use. This policy lists third-party services we use as sub-processors in Section 5.

17. Children's Privacy

Dentistry Dashboard is not intended for direct use by individuals under the age of 16. We do not knowingly collect personal data directly from children under 16. If you are a parent or guardian and you are aware that your child has provided us with personal data without your consent, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers. Patient-related data processed via User dictation into AI Notes may include information about children if they are patients at a User's dental practice; in such cases, the dental practice (as Data Controller) is responsible for ensuring lawful processing of the underlying patient information.

18. Additional Information About Data Collection and Processing

• Legal Action: The User's Personal Data may be used for legal purposes by us in Court or in the stages leading to possible legal action arising from improper use of this Service or related services. The User declares to be aware that we may be required to reveal personal data upon request of public authorities.

• Additional information about User's Personal Data: In addition to the information contained in this privacy policy, Dentistry Dashboard may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.

• System Logs and Maintenance: For operation and maintenance purposes, Dentistry Dashboard and any third-party services may collect files that record interaction with this Service (System logs) or use other Personal Data (such as the IP Address) for this purpose.

• Information not contained in this policy: More details concerning the collection or processing of Personal Data may be requested from us at any time. Please see the contact information at the beginning of this document.

19. Changes to This Privacy Policy

We reserve the right to make changes to this privacy policy at any time by notifying our Users on this page and possibly within Dentistry Dashboard and/or - as far as technically and legally feasible - sending a notice to Users via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the top.
Should the changes affect processing activities performed on the basis of the User’s consent, we shall collect new consent from the User, where required.

20. Complaints

We hope to resolve any privacy concerns you may have directly. However, if you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

21. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy, our data practices, or your data protection rights, please contact us at:

Outlook Aesthetics Ltd. (trading as MyFormatic)
Attn: Privacy Team [Or "Data Protection Officer" if applicable]
340 Clapham Road
London
SW9 9FA
United Kingdom
Email: info@myformatic.com

22. Definitions and Legal References

• Personal Data (or Data): Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.

• Usage Data: Information collected automatically through Dentistry Dashboard (or third-party services employed in Dentistry Dashboard), which can include: the IP addresses or domain names of the computers utilised by the Users who use Dentistry Dashboard, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server's answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User's IT environment.

• User: The individual using Dentistry Dashboard who, unless otherwise specified, coincides with the Data Subject. For the purposes of this policy, "User" often refers to the dental professional or practice representative engaging with the Service.

• Data Subject: The natural person to whom the Personal Data refers (this can be a User or a patient whose data is processed by a User).

• Data Processor (or Processor): The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy. Outlook Aesthetics Ltd. (trading as MyFormatic) acts as a Data Processor for patient-related data and specific practice operational data.

• Data Controller (or Owner): The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Service. Outlook Aesthetics Ltd. (trading as MyFormatic) is the Data Controller for User data. The dental practice is the Data Controller for patient data they process using the Service.

• Service: The service provided by Dentistry Dashboard as described in the relative terms (if available) and on this site/application.

• Patient Identifiable Data (PID): Information that directly identifies an individual patient or for which there is a reasonable basis to believe it can be used to identify an individual patient.

• European Union (or EU): Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area. (References to UK GDPR mean this policy is primarily oriented towards UK law but acknowledges EU GDPR principles where relevant).

• Cookie: Cookies are Trackers consisting of small sets of data stored in the User's browser. Our full Cookie Policy is available at: https://www.iubenda.com/privacy-policy/70143420/cookie-policy.

• Tracker: Tracker indicates any technology - e.g Cookies, unique identifiers, web beacons, embedded scripts, e-tags and fingerprinting - that enables the tracking of Users, for example by accessing or storing information on the User’s device.

This privacy policy relates solely to Dentistry Dashboard, if not stated otherwise within this document.