Privacy policy of AI Dental

This Privacy Policy of AI Dental (“Privacy Policy”) should provide you with an information about how your data is processed when you decide to cooperate with us as our commercial partner, our supplier, or as a user of our online AI Dental Application offering X-ray image diagnoses by artificial intelligence (the “Application”), available on App Store, Google Store and on www.aidental.ai (the “Website”).

Please note that we can update the Privacy Policy from time to time, but you can always find the latest version available on the Website. Current version of the Privacy Policy is effective as of 1. August 2023.

This Privacy Policy provides you with the following information:

1. Who will process your data?

  1. Whose data will be processed?
  2. Why do we process your personal data, which data do we process and on which legal basis?
  3. With whom may we share your personal data?
  4. How do we use cookies?
  5. Do we transfer your personal data to third countries?
  6. Are you subject to automated decision making or profiling?
  7. Which measures do we use to protect your personal data?
  8. How long do we process your personal data?
  9. What are your rights?

In case you wish to obtain more detailed information as mentioned herein, please do not hesitate to contact us on the e-mail address stated below.

For the purposes of this Privacy Policy, the abbreviation “GDPR” means General Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Please be informed that the information provided in this Privacy Policy shall fulfil our information obligation based on art. 13 of GDPR and we use all our efforts to ensure our compliance with the applicable data protection legislation.

Please note that this Privacy Policy applies exclusively to the processing of personal data carried out by us as a data controller. When we process personal data as a data processor, it is obligation of the respective data controller to provide you with the information about data processing as required by GDPR. For the purposes mentioned below we do not process personal data of persons younger than 18 years old, however, the X-ray images processed through the Application can belong also to the minors.

1. Who will process your data?

Your personal data will be processed by us, company AID s.r.o. , having its registered seat at Námestie SNP 3, Bratislava - Staré Mesto 811 06, Slovakia, Business ID no.: 518 526 83, registered with the Commercial Registry of the District Court Bratislava I, section: Sro, insert no.: 130255/B (“we”, “us”, or “our”).

If you want to learn more about the processing and protection of your personal data or if you have any other questions or comments related to data privacy, you can contact us via e-mail sent to: privacy@aidental.com.

2. Whose data will be processed?

We process personal data of you:

a) visitor browsing the Website;

b) representative of our suppliers commercially cooperating with us and supporting us in our business and in development and operation of the Application;

c) private individual, who decided to use the Application for its own private purposes;

d) testing user, who uses the Application for purposes of testing and assessing its functions;

e) representative of our partners (e.g. dental clinics, universities), who use the Application for professional purposes, or who cooperate with us on various research and development projects related to the Application;

f) individual user of the Application, who wants to evaluate new X-ray images by artificial intelligence via Application

(“you”, or “your”).

3. Why do we process your personal data, which data do we process and on which legal basis?

We process your data from the beginning of our cooperation, either when you decide to use the Application as an organization, or as an individual for professional, private, educational or research purposes, or when you become our supplier, with whom we cooperate in our business activities. Sometimes we process your data even prior the business cooperation, if you decide to contact us, or if you participate in the social events, where we present our Application.

The main purpose of the Application is to evaluate oral and dental radiographs for easier diagnoses of dental defects. The development of the Application is an ongoing process due to use of artificial intelligence (“AI”), which is learning from each radiograph. We are engaged in various research and educational projects and cooperations to promote the Application and to technically develop its functionalities.

In order to achieve these purposes of the Application, we will process your personal data for several reasons, and so based on multiple legal bases. More detailed information can be found in the table below:

Purpose of data processing

Detailed description

Scope of processed data

Legal basis

Visit our Website

When you decide to browse our Website, we may process your personal data for several purposes – to ensure functioning and technical operation of the Website, to understand your preferences to provide you with relevant content, and to improve functionality of our website. You can read more details in part 5. of this Privacy Policy.

We will primarily process technical information about the device you use when you browse the Website (e.g., IP address, device type, device location) and certain information about the way you use the Website (how do you behave on the Website, what are your preferences, choices, and interests). We also process your data you filled in on our Website to remember it for you next visit. More detailed information can be found further below in part 5. of this Privacy Policy.

Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to ensure proper functioning and technical operation of our Website (through necessary cookies)

Art. 6 (1) (b) of GDPR to fulfil a contract between you and us for services requested by you via our Website (through necessary cookies)

Art. 6 (1) (a) of GDPR based on your consent with processing of your data through other types of cookies

Use of “Contact us” form

You can reach out to us via contact form on the Website to get some information about the Application and to start potential cooperation with us.

We process your identification data (name, surname), your contact details (country, phone number, email), information about organization you represent (name), your profession, details about patient software and X-ray type you use.

Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to develop our business and start new cooperation

Art. 6 (1) (b) of GDPR to take steps necessary prior concluding contract between you and us

Request demo version of the Application and test the Application

If you are interested in the Application, you may request a demo and try its functionalities. In some cases, we allow you to test the Application also during conferences and other social events. You will need to register for demo use and then you can test the Application with the prepared set of images. Occasionally we may allow you to also use your own scans or scans of other data subject (when scans of other data subjects are used, you are in the role of data controller, and we are your data processor).

When you request demo version or when you test the Application differently, we process your name, surname, email address, third-party account data (e.g., if you decide to use your Google account or other account to log into the Application), your online activity and further information you decide to tell us, including your feedback.

We may also process health data resulting from the loaded dental scans, diagnosis and scan evaluation as provided by the Application, and dental scan description and diagnosis provided by you.

This personal data will be deleted in 30 days after you enter them.

Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to test the functionalities of the Application, to ensure positive experience when using the Application and to provide you with the desired outputs from the Application

Art. 6 (1) (b) of GDPR to fulfil a contract between you and us for use of demo version of the Application

Art. 9 (2) (a) of GDPR based on your consent with processing of your health data (if you load your own scan into the Application)

Conclusion of contract and its administration

When you decide you want to use the Application, we will enter into an agreement, under conditions of which we will provide you with the Application and our services. Throughout our relationship, we may need to update the agreement and keep the records about our contractual relationship.

We will process your identification data (name and surname), your professional or private contact details (address, phone number, email), name of organization you represent, information about the position within the organization and the content of the contract itself.

Art. 6 (1) (b) of GDPR for the purpose of fulfilment of the contract between you and us

Registration in the Application

When you decide to actively use the Application, you will need to register for the use of Application and create your profile.

We process your login details (name, surname, email), third party account data (e.g., if you decide to use Google account or other account for logging into the Application), your language preferences and other data related to account creation.

Art. 6 (1) (b) of GDPR for the purpose of fulfilment of the contract between you and us

The use of the Application for diagnostic purposes

The main purpose of the Application is to serve you as a supporting tool for dental X-ray images evaluation by AI.

You may load your own dental scan to the Application. In such case, you are a data subject, and we process your personal data resulting from the scan by its evaluation and to provide you with a diagnose.

If you load dental scan of other data subjects (e.g., your patients), you are in the role of data controller towards this data, and we are your data processor. We process this data for you, under your responsibility, based on your instructions and under the conditions of the agreement concluded between us.

We process health data resulting from the loaded dental scans, diagnosis and scan evaluation as provided by the Application, dental scan description and diagnosis provided by you, identification number of data subject, to whom the scan belong to, and in some cases also information about age, sex and ethnicity of data subject.

Art. 9 (2) (a) of GDPR based on your consent with processing special categories of personal data (if you load your own scan into the Application)

Application development and AI learning

To ensure proper functioning of the Application, the AI used by the Application needs to learn from the loaded dental scans and from the descriptions and diagnosis as provided by you.

We process health data included in the loaded dental scans, dental scan description and diagnosis as provided by you, and in some cases also information about age, sex and ethnicity of data subject.

Art. 9 (2) (a) of GDPR based on your consent with processing special categories of personal data

Research in the Application

We may participate in research projects that contribute to the Application development. Depending on the nature of the research, we may process data either as a data controller, or as your data processor.

We process your data required for the registration as Application user. We process health data included in the loaded dental scans, dental scan description and diagnosis as provided by you, diagnosis and scan evaluation as provided by the Application, and in some cases also information about age, sex and ethnicity of data subject.

Art. 6 (1) (b) of GDPR for the purpose of fulfilment of the contract between you and us

Art. 9 (2) (a) of GDPR based on your consent with processing special categories of personal data

Art. 9 (2) (j) of GDPR for scientific research purposes

Consultation on health issues

In your professional practice you may need to consult certain cases and health issues of your patients. The Application may help you to reach out to the professionals, who have already dealt with similar cases.

We process your name, surname and email to enable you to contact other professional.

Art. 6 (1) (b) of GDPR for the purpose of fulfilment of the contract between you and us

Customer support in the Application

From time to time you may need our support with the Application. We strive to ensure the proper functioning of the Application, but in case of some issues, we will support you and try to find the solution.

We process your registration information, information about how you use the Application, including technical details of your device, content of our communication, details necessary to solve your issue.

Art. 6 (1) (b) of GDPR for the purpose of fulfilment of the contract between you and us

Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to provide you with the best customer experience and to support you in solving the issues

Ensure security of the Application

We want the Application to be safe for its users, therefore we adopt security measures to prevent hacker attacks and other security incidents and breaches. We also take some additional measures, the implementation and application of which is required to maintain the safety of the Application and personal data processed through the Application. These actions require processing of your personal data.

We will primarily process technical information about the device you use when working with the Application (e.g., IP address, device type) and certain information about the way you use the Application.

Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to ensure security of the Application and security of its users

Marketing and promotion of the Application

We can use results and feedback from test use of the Application to promote the Application. We can also send you the newsletter or other marketing communication with the news about the Application as part of our direct marketing.

For promotion of the Application, we will process your name, surname, email address as well as your user experience with the Application.

When providing you with marketing communication we will process mostly your name, surname, and email. We will delete those after you choose that you opt out from marketing communication.

Art. 6 (1) (f) of GDPR for the purpose of our legitimate interest to market services provided by the Application.

Art. 6 (1) (a) of GDPR based on your consent with processing of your data for the purpose of sending you marketing communications.

Dispute solving, exercise and defence of our rights and legal claims

We may process your personal data for the purposes of solving legal disputes, claims complaints or other similar proceedings.

Within this purpose, we may process any personal data that is necessary to achieve the stated purpose, even if your personal data was originally obtained for one of the other purposes. This will mainly concern your name and surname, your contact details (address, phone number, email), information related to your suggestions, complaints and requests, information related to the use of the Application etc. The scope of processed personal data may be wider, depending on the concrete claim or dispute.

Art. (6) (1) (f) of GDPR for the purpose of our legitimate interest to handle disputes that may arise during our collaboration and in relation to the use of the Application.

Art. 6 (1) (c) of GDPR for compliance with a legal obligation to which we are subject.

Fulfilment of our legal obligations

We are obliged to process your personal data to fulfill our various legal obligations (e.g., tax obligations, accounting obligations). We may also be obliged to provide your personal data in case of inspection by public authorities, when requested by them and for preventing, monitoring and proving fraud, combating money laundering and other criminal activities.

We will process personal data about you that are necessary to fulfill our legal obligations.

Art. 6 (1) (c) of GDPR for compliance with a legal obligation to which we are subject

In case where we process your personal data based on our legitimate interest according to art. 6 (1) (f) of GDPR, you are entitled to object to such processing according to art. 21 of GDPR. If you decide to object to the processing, please do so by contacting us through the contact information above.

If the processing of your personal data is a contractual requirement according to art. 6 (1) (b) of GDPR and you decide not to provide us with this personal data, such action may result in the impossibility of entering into a contractual relationship with you, i.e., in the impossibility of providing you with the services related to the Application, or other complications related to the fulfillment of our contractual obligations.

Whenever we process your personal data based on your consent given to us in accordance with the art. 9 (2) (a) of GDPR, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. If you wish to withdraw your consent to the processing of your personal data, please contact us via the contact information below.

If we are legally required to process personal data, you may have an obligation to provide us with that personal data. If you refuse to do so, it may have various legal consequences for you and for us, including adverse consequences (e.g., impossibility to perform relevant action, impossibility of further cooperation, etc.).

As mentioned above, if you act as a data controller of the data processed by the Application, you are responsible for fulfilling of all legal obligations applicable to you under the GDPR, mainly you need to transparently inform data subjects about processing of their data in the Application and you need to ensure that you have sufficient legal basis for processing of their data in the Application. In cases when we act as your data processor, we conclude with you a data processing agreement containing your instructions about how we should process personal data on your behalf.

4.With whom may we share your personal data?

We take the protection of your personal data very seriously, so we try to limit the scope of their recipients as much as possible. Only certain of our employees and co-workers may have access to your personal data. In such a case, access shall be granted only if it is necessary for the purposes described and only if the respective employee is bound by the confidentiality duty.

We may share your personal data with our suppliers who support us in our business or provide us with partial services, e.g. marketing services, legal and audit services, tax advisors, various IT and support services, technical subcontractors, etc. These entities include:

1. Microsoft Corporation Inc., seated at Redmond, Washington, USA, providing us with digital infrastructure.

2. Büro Milk s.r.o., seated at Klemensova 4 811 09 Bratislava - Staré Mesto, providing us with marketing services and personalized content creation.

3. PS: Digital, s.r.o., seated at Šustekova 5 851 04 Bratislava - Petržalka, providing us with marketing services, personalized content and other marketing distribution.

4. khn, s.r.o., seated at Fraňa Kráľa 23, 811 05 Bratislava - Staré Mesto, providing us with design and survey services.

5. Aston ITM, spol. s r.o., seated at nám. SNP 3 811 06 Bratislava, providing us with IT services.

6. Curaden AG, Amlehnstrasse 22, 6010 Kriens, Switzerland, providing us with access to dental student associations.

If we participate in research projects, we may share your data with relevant research institutions, including dental clinics, universities and other research centres.

We do not permit our suppliers to sell any personal data we share with them, or to use any personal data we share with them for their own purposes or for other purposes than to perform the services they provide to us. Before engaging any supplier, we perform due diligence, including detailed privacy, security and legal analysis. We do not engage a supplier unless our quality standards are met. Our suppliers are all subject to contract terms that enforce compliance with applicable data protection laws.

Further, please be informed that our suppliers may engage additional contractors to support them in their business and to provide them with certain services, which can possibly also require processing of your data. Such services may include but are not limited to: cloud services and website hosting, data analysis, information technology and related infrastructure, customer service, email delivery, banks and payment method providers, accounting, legal, tax and audit services. These further contractors should provide their services based on the contract, under which they are obliged to follow applicable law, especially with respect to observance of applicable data protection legislation.

Lastly, please note that we may share your personal data if required to do so by law or decision of respective public authority or court order, for example with our suppliers or clients, tax authorities, social security agencies, law enforcement agencies or other governmental agencies.

5. How do we use cookies?

When visiting and using the Website cookies or other technologies such as pixels are activated on your device (hereinafter collectively referred to as "cookies").

Cookies are small content files that are used to store and receive identifiers and other information about computers, phones and other devices from which you access the Website, and thus help us to provide, protect and improve the services offered. Cookies processing activities will concern not only customers or registered users, but also ordinary visitors to the Website. The use of cookies allows us to offer you content and services that best match your needs and interests. We also use cookies to improve the Website, customise content and enable targeted advertising and social media functionality. We share information about how you use our site with certain partners, including Google LLC. and Meta Platforms, Inc. (the “Facebook”). We use necessary, analytical, performance and marketing cookies on the Website.

Necessary cookies

When visiting and using the Website for informational purposes only, i.e. unless you register or give us consent, we only collect personal data that your browser transmits to our server, which is necessary to be able to display the Website to you and to guarantee the stability and security of their use. Our legal basis for processing of your data through necessary cookies is our legitimate interest under art. 6 (1) (f) GDPR to operate our Website and to ensure its functioning as well as our contractual obligation under art. 6 (1) (b) of GDPR to provide you with the services requested by you on our Website.

Analytical and Performance cookies

These cookies serve to improve the functionality of the Website. They allow us to recognise and determine the number of visitors and track how visitors use the Website. They help us improve how the Website works, for example by making it easier for users to find what they are looking for. These cookies do not collect information that could directly identify you personally. When using analytical and performance cookies, we process your personal data based on your explicit consent under art. 6 (1) (a) of GDPR.

Marketing cookies

These are used to track the preferences of the Website user in order to target advertising, i.e. to display marketing and advertising messages (also on third-party sites) in accordance with these preferences. Marketing cookies use tools from external companies. These marketing cookies will only be used with your consent and your personal data will be processed under art. 6 (1) (a) of GDPR.

We use the following marketing tools on our Website:

  • Google Analytics advertising functions beyond the basic analytics functions (more information HERE );
  • Facebook's marketing services, which enable the display of advertising to users of the Website when visiting Facebook or other websites that also use these tools (more information HERE );

You can reject cookies in your internet browser settings or, depending on the type of browser, accept only certain cookies. However, if you do not allow us to use cookies, some functions of the Website may not work as they should. The privacy settings on your computer, where the use of cookies can be rejected or disabled, can be found in the menu of the respective internet browser. You can find cookie settings in the most commonly used browsers at the following links:

6. Do we transfer your personal data to third countries?

We may process your personal data also outside the EU/EEA, since some of our partners with whom we cooperate are located outside the territory of the EU/EEA, respectively, have their subcontractors located in those countries or process personal data in third countries in a different way. In this case, we strive to ensure that your personal data is transferred exclusively to countries that are considered to have an equivalent level of personal data protection in accordance with the relevant European Commission decision, or where the appropriate personal data protection measures are in place. In general, we use standard contractual clauses for data transfers to third countries or require compliance with other additional guarantees and measures. Regardless of the country in which your personal data is processed, we take appropriate technical, security and organizational measures to ensure that the level of protection is the same as in the EU/EEA. If you would like to know more about the international transfer of your personal data and the relevant safeguards, we have in place to govern the transfer of your personal data, you can contact us via email sent to the address mentioned above.

7.Are you subject to automated decision making or profiling?

Your personal data are not subject to automated decision making or profiling.

8.Which measures do we use to protect your personal data?

We make reasonable efforts to ensure a level of security appropriate to the risk associated with the processing of your personal data. We maintain technical and organizational measures designed to protect your personal data within our organization against relevant security threats, including against unauthorized access, destruction, loss, alteration, or misuse. As already mentioned above, your data are accessible only to a limited number of personnel who need access to perform their duties. In case you wish to learn more about our technical and organizational measures, please do not hesitate to contact us on the contact details mentioned above or on our websites.

9. How long do we process your personal data?

We store your personal data as long as is necessary to fulfil the purpose mentioned in this Privacy Policy, for which the data were obtained, to pursue our legitimate interests and to comply with applicable laws. This means that we will retain most of your personal data throughout the duration of our cooperation, or for the period of given consent (please see more concrete data processing periods for certain purposes above in part 3. of this Privacy Policy). However, if possible, we will erase certain of your data even before, once it is not needed for the original purpose, or when you withdraw your consent, or if you request us to delete your data. Please note that we may process some of your personal data for longer period of time, even after the termination of our contractual relationship, if e.g.: (i) the applicable law (e.g. tax and accounting laws requires us to do so), (ii) if there is an ongoing legal proceeding, or (iii) in exceptional cases, if you gave us the permission to keep your personal data on record for a longer period of time. The above stated period may be prolonged in case of the request of the relevant public authority or of the court. If you are interested in detailed retention periods we apply, contact us via email mentioned above.

10.What are your rights?

You are entitled to exercise your rights as a data subject with respect to the processing of your personal data. Please see the table below for more details.

your right

what does it mean?

Right to access

You have the right to obtain the information whether your personal data are processed, and if yes, you can request a copy of your personal data we process, for which we may charge you with a fee.

If we process your personal data, you can request information about why we process your personal data, which personal data we process, with whom do we share your personal data, for how long we store your personal data and how do we determine the period, your rights to rectification or erasure, restriction or objection of processing of your personal data, your right to lodge a complaint with a supervisory authority, from where we collected your personal data, if not directly from you, whether you are subject to automated decision making or profiling, whether we transfer your personal data to third countries. All of the mentioned information is included in this Privacy Policy.

Right to rectification

It is important that we have the correct information, and we request you to notify us if any of your personal data is incorrect or if any of your personal data have been changed. We will rectify your personal data without undue delay upon your notification.

Right to erasure (“right to be forgotten”)

If the processing of your personal data is no longer necessary or has been unlawfully processed, you withdraw your consent or object to the processing of your personal data, you may request us to erase your personal data.

Right to restrict processing

From the moment when you (i) asked for rectification of your personal data, or (ii) objected the processing, until we assess your request (e.g. to confirm the accuracy of your personal data or to rectify them according to your instructions), you are entitled to request us to restrict the processing.

You may also request us to restrict the processing of your personal data if the processing was unlawful, but you do not want us to delete your personal data, or if we do not need your data anymore for the original processing purposes, however the data are important for defending your legal claims.

This means that we (except for the retention of personal data) may process your personal data for which the processing was restricted, only if you consented with such processing, if it is necessary in connection with legal claims, to protect someone else's rights, or if there is a significant public interest in processing.

Right to object processing

If we process your personal data based on our legitimate interest or for direct marketing purposes, you may object to such processing.

We can process your personal data further if we can demonstrate the compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

Right to data portability

You may request us to provide you with the personal data that you provided to us for the processing based on the consent or for fulfillment of the contract. We should provide you with your personal data in a structured, commonly used and machine-readable format. You also have the right to request the transfer of these data directly to another data controller, if it is technically feasible.

Right to withdraw your consent

If some processing activities are based on the consent, you will have the right to withdraw such consent at any time. Please note that the withdrawal of your consent does not affect legality of the processing previously performed based on the originally granted valid consent.

Rights related to automated decision making and profiling

You have the right not to be subjected to automated decision-making, including profiling, which produces legal effect for you or has a similar significant effect. We do not use automated decision-making or profiling for the outlined purposes of data processing. However, if you have been subject to an automated decision and do not agree with the outcome, you can contact us using the details below and ask us to review the decision in a non-automated manner.

If you would want to exercise any of your abovementioned rights, if you would like to file a complaint about how we process your personal data or if you have any further questions regarding the processing of your personal data, you can contact us via the contact information mentioned above and we will review your request, suggestions and reply to your questions.

If you are not satisfied with our response or if you believe that we process your data unfairly or unlawfully, you may lodge a complaint with a relevant supervisory authority, which is the Office for Personal Data Protection of the Slovak Republic; for more information, please visit www.dataprotection.gov.sk .