The Smile Makers

Privacy Policy

Last Updated: 06/03/2025

1. Introduction

At thesmilemakers.org ("we", "our", "us"), protecting your personal and sensitive health data is a fundamental priority. This Privacy Policy is designed to inform you about how we collect, process, store, and safeguard your information. Our practices are intended to ensure full compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. This document applies to all users, patients, and healthcare professionals interacting with our website and services, clarifying our commitments to transparency and data protection.

  • Scope: This policy applies to all data processing activities on our website and any affiliated services.
  • Commitment: We implement robust technical and organisational measures to protect your data and uphold your rights.

2. Definitions

For clarity, the following terms are defined as follows:

  • Personal Data: Any information relating to an identified or identifiable natural person. Examples include names, contact details, and health records.
  • Sensitive Data: A special category of personal data, such as health-related information, that requires additional safeguards.
  • Processing: Any operation or set of operations performed on personal data, whether automated or manual, including collection, recording, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
  • Data Subject: The individual whose personal data is being processed.
  • Controller: The entity that determines the purposes and means of processing personal data.
  • Processor: Any entity that processes personal data on behalf of the controller.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes to allow processing of personal data.
  • Data Breach: A security incident that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data.

3. Data Collection

We collect personal data through both direct submissions and automated processes. Our data collection practices include:

3.1. Information You Provide Directly

Consultation Data:

  • Content: Health information, medical history, diagnostic details, treatment plans, and other data provided during dental consultations.
  • Method: Information is gathered during in-person or online consultations with dental professionals.

Registration and Contact Data:

  • Content: Names, email addresses, telephone numbers, and other identifying details provided when contacting us or registering for services.

Supplementary Information:

  • Content: Optional information you may provide in feedback forms, surveys, or inquiries.

3.2. Automated and Technical Data Collection

Usage Data:

  • Details: When you visit our website, we automatically collect technical data such as your IP address, browser type, operating system, and browsing behavior (pages visited, duration, clickstream).

Cookies and Similar Technologies:

  • Purpose: To personalize your experience, remember your preferences, and compile aggregated data for site analytics.
  • Consent: For non-essential cookies, your explicit consent will be sought prior to deployment.

Note: No payment information is collected or stored on our website.

4. Legal Basis for Processing

Our processing of your personal data is grounded in lawful bases as set out under GDPR. We process data on the following grounds:

Consent:

  • Application: Non-essential data processing activities, including cookies and marketing communications.
  • Mechanism: Consent is obtained through clear opt-in procedures.

Contractual Necessity:

  • Application: Processing required to perform a contract, such as providing dental consultation services.
  • Scope: This includes scheduling, record-keeping, and care coordination.

Legal Obligation:

  • Application: To fulfill statutory obligations and regulatory requirements in the healthcare sector.
  • Examples: Compliance with record-keeping laws, professional guidelines, and data protection regulations.

Legitimate Interests:

  • Application: For ensuring website functionality, improving user experience, performing analytics, and safeguarding network security.
  • Balancing: We ensure that our legitimate interests do not override your fundamental rights and freedoms, with additional measures in place when processing sensitive health data.

5. Purpose and Limitation of Data Processing

We process your data exclusively for the purposes outlined below, ensuring that it is not used in ways that are incompatible with these objectives:

Provision of Dental Services:

  • Objective: To facilitate, document, and manage dental consultations and treatment plans.
  • Scope: Involves collection, storage, and sharing of necessary health information.

Coordination Among Healthcare Professionals:

  • Objective: To securely share consultation data with authorized dental professionals only after a consultation has occurred.
  • Limitation: Data sharing is strictly confined to professional use and is governed by confidentiality agreements.

Website and Service Optimization:

  • Objective: To analyze site usage through Google Analytics and improve our online services.
  • Data: Usage data is aggregated and anonymized where possible.

Compliance and Security:

  • Objective: To meet our legal and regulatory obligations and to protect our systems and your data against unauthorized access.
  • Measures: Implementation of access controls, encryption, and regular security audits.

6. Data Sharing and Disclosure

We have strict policies governing how your data is shared and with whom:

6.1. Sharing Within the Healthcare Network

Authorized Healthcare Professionals:

  • Access: Consultation and health-related data is shared only with healthcare professionals directly involved in your treatment.
  • Criteria: Access is granted strictly on a need-to-know basis and under professional confidentiality obligations.

Role-Based Access Control:

  • Mechanism: Data access is controlled using role-based permissions to ensure that only authorized personnel can view sensitive information.

6.2. Third-Party Service Providers

Analytical Services:

  • Example: Google Analytics receives aggregated and anonymized data to help us monitor website performance.
  • Contractual Obligations: These providers are bound by contracts to process data only for specified purposes and in compliance with GDPR.

6.3. No Commercial Data Sharing

Policy: We will not sell, lease, or otherwise commercially distribute your personal data to any third party without your explicit consent.

7. Data Security Measures

We are committed to maintaining the security and integrity of your personal data through the following measures:

Secure Storage Systems:

  • Implementation: Data is stored in encrypted databases with robust physical and network security.

Encryption Standards:

  • In-Transit: All data transmitted over the internet is encrypted using industry-standard protocols (e.g., TLS).
  • At-Rest: Data stored on our servers is protected by encryption to prevent unauthorized access.

Access Control Mechanisms:

  • Authentication: Use of multi-factor authentication (MFA) and strong password policies for system access.
  • Authorization: Role-based access ensures that only those with a legitimate need can access sensitive data.

8. International Data Transfers

When your personal data is transferred outside the European Economic Area (EEA), including to our affiliated healthcare professionals in Turkey, we adhere to the following guidelines:

Adequate Level of Protection:

  • Mechanism: Data transfers are conducted only if the destination country ensures an adequate level of protection as determined by the European Commission, or via legally binding instruments such as standard contractual clauses.

Consistent Security Measures:

  • Application: Data transferred internationally is subject to the same security measures and access controls as data stored within the EEA.

9. Data Retention

Our data retention policies are designed to comply with legal obligations while ensuring that personal data is not held longer than necessary:

9.1. Retention Periods

  • Consultation and Health Data: Retained for the period necessary to provide dental care, in accordance with professional guidelines and legal requirements.
  • Usage and Analytics Data: Retained in aggregated or anonymized form for analytical purposes for as long as necessary to achieve our analytical objectives.

9.2. Deletion and Anonymization

  • Process: Once data is no longer required, it is securely deleted using methods that prevent its recovery.
  • Technique: Where possible, data is anonymized so that it can no longer be associated with any individual.

10. Your Rights Under GDPR

We respect your rights as a data subject and have established processes to ensure you can exercise these rights effectively:

  • Right of Access: You can request details of the personal data we hold about you, including the purposes of processing and the categories of data.
  • Right to Rectification: If your data is inaccurate or incomplete, you may request corrections.
  • Right to Erasure: You may request the deletion of your data when it is no longer necessary for the purposes it was collected.
  • Right to Restrict Processing: You may ask us to limit the processing of your data in certain circumstances.
  • Right to Data Portability: You can request a copy of your data in a structured, commonly used, and machine-readable format.
  • Right to Object: You have the right to object to processing based on legitimate interests or direct marketing.

11. Updates to This Privacy Policy

We may revise this Privacy Policy periodically to reflect changes in our practices, legal obligations, or technological advancements. Significant changes will be communicated by updating the "Last Updated" date and, when appropriate, by direct notification through email or prominent notices on our website.

12. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of the European Union, as applicable under GDPR, and any other relevant local data protection laws.

  • Legal Framework: All aspects of data processing, storage, and sharing are subject to GDPR and national data protection laws.
  • Jurisdiction: Any disputes arising from this Privacy Policy will be subject to the exclusive jurisdiction of the competent courts in the relevant legal region.

Contact Information

Should you have any questions, requests, or concerns regarding this Privacy Policy or our data processing practices, please contact us using the details below:

  • Email: info@thesmilemakers.org
  • Postal Address: 86-90 Paul St, London EC2A 4NE

Response Commitment: We aim to respond to all inquiries promptly and in accordance with applicable legal requirements.

We use cookies to enhance your browsing experience, analyze site traffic, and provide personalized content. To learn more, read our Cookie Policy.