DenGro Platform Privacy Policy

This policy sets out the personal data collected and used via our platform to help dental practices catch, nurture and convert more leads to dental treatment.

WHO WE AREWe are DenGro Limited. We provide a platform for dental practices to attract and convert new patients.Our registered office is: 1 Widcombe Parade, Bath, BA2 4JT, United Kingdom. We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZA304057.We (DenGro) primarily act as a data processor on behalf of our customers (dental practices) in providing our services.You (the Dental Practice) are the Data Controller. You own, store and are responsible for data about your patients, and those who may be interested in treatment (your leads).
WHAT PERSONAL DATA WE COLLECTNameEmail addressPhone numberAddressUsage dataUnique device identifiers (Google Advertiser ID or IDFA, for example)Details of patient enquiriesMarketing preferencesUser login detailsTo set up new usersTo provide support to usersTo deactivate usersTo store lead and patient data on behalf of dental practices for their defined purposesTo analyse user preferencesAdvertising and customer retargetingWe also use information about how users interact with DenGro to analyse and improve the platform. We act as a controller for this purpose. This information will be used at an aggregated level wherever possible.
HOW WE USE YOUR PERSONAL DATA
WHO WE SHARE YOUR PERSONAL DATA WITHThe DenGro platform integrates with several third-party providers to help us provide our service, as set out below:Third partyPurposePrivacy informationAmazon Web Services (AWS)Hosting serviceshttps://aws.amazon.com/compliance/data-privacy-faq/DripTo send automated and transactional emailshttps://www.drip.com/privacyFacebook APIApp integration with account lead ad formshttps://www.facebook.com/about/privacyFacebook PixelConnects data from the Facebook advertising network with actions performed on DenGro. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Audience Networkhttps://www.facebook.com/about/privacyGoogle Ads RemarketingRemarketing and behavioural targeting service provided by Google LLC that connects the activity of DenGro with the Google Ads advertising network and the DoubleClick Cookie.https://policies.google.com/privacyGoogle APIMaps and geocodinghttps://policies.google.com/privacyGoogle AnalyticsUser tracking and analyticshttps://policies.google.com/privacyGoogle Tag ManagerTag and script management in a centralised manner. This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data.https://policies.google.com/privacyHotjarHeat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyse web traffic and keep track of User behaviour.https://www.hotjar.com/privacy/HubspotCustomer relationship managementhttps://legal.hubspot.com/product-privacy-policyIntercomSupport and lead communicationshttps://www.intercom.com/legal/privacyLinodeHosting serviceshttps://www.linode.com/legal-privacy/MailgunEmail address management and message sending servicehttps://www.mailgun.com/privacy-policy/RollbarApplication logging and telemetryhttps://rollbar.comMessageBirdTransactional SMS messaginghttps://www.messagebird.com/en/legal/privacyPusherPush notifications (app)https://pusher.com/legal/privacy-policyAccess to third party accountsDenGro can also be configured to allow the platform to access data from an account on a third-party service (such as Facebook) and perform actions with it. These services are not activated automatically and require explicit authorisation by the user.We may also be required to comply with a request or legal order to disclose personal data to a third party, for example in relation to a police investigation or insurance claim.
LAWFUL BASISUnder data protection law, we have to identify relevant lawful bases for our use of your personal data. We primarily rely on:Legitimate interests – to provide and administer the DenGro platform to users and customers.Legal obligation – in meeting our legal obligations under financial, health and safety and employment laws (among others).Dental practices (as “controllers”) define their lawful bases for processing personal data relating to their leads and clients.
HOW LONG DO WE KEEP YOUR PERSONAL DATADenGro usersWe hold personal data of DenGro users for as long as they are active users.We will delete account data and subscriber data 12 months after an Account was last active (i.e. where an Account has no active Subscription).
INTERNATIONAL TRANSFERSDenGro Ltd is based in the UK and therefore subject to the UK GDPR and related UK data protection legislation. Our main IT infrastructure (Amazon Web Services) is hosted in Ireland but some of the third parties DenGro integrates with store data outside the UK and the European Economic Area (EEA).Where this is the case, we have arrangements in place to ensure that personal data is afforded the same level of protection as within the UK or EEA, as required by UK GDPR Articles 45-49.
YOUR RIGHTSUnder data protection legislation, you have rights in relation to your personal data, as below:The right of access (obtaining a copy of your data)The right to rectification (correcting your data)The right to erasure (deleting your data)The right to restrict processing (to stop use of your data for a time limited period)The right to data portability (to move your data to another organisation)The right to object (to object to our use of your data)Rights in relation to automated decision making and profiling (to know if and how we use any technology to make decisions about you)There are some limited exemptions to these rights, so they may not apply in every scenario. For further information on these rights, please see the Information Commissioner’s Office (ICO) website.If you wish to make a request in relation to any of these rights, please contact us as: data-protection@dengro.com . Where we act as a processor on behalf of our customers, we will pass any requests to the customer to respond to (as a controller).
INFORMATION SECURITYWe have information security measures in place to reduce the risk of unauthorised access to, misuse or loss of personal data. These include:Appropriate access controls and user authenticationIncident and breach processesAppropriate internal IT and network securityBusiness continuity processesContracts with our suppliers covering data protection and information security
QUERIES OR COMPLAINTSIn the first instance, we would hope to resolve any queries or concerns you have in an informal way, if you contact us at: data-protection@dengro.comIf you are not satisfied with our response, you also have a right to complain to the Information Commissioner’s Office (ICO) as the regulator of data protection. For further information, please see: https://ico.org.uk/make-a-complaint/