Software Data Privacy Statement
We only process personal data (generally referred to hereinafter as just “data”) where necessary or for the purpose of providing functional and user-friendly software.
According to Article 4(1) of Regulation (EU) 2016/679, known as the General Data Protection Regulation and referred to hereinafter just as “GDPR,” “processing” means any operation or set of operations that is performed in connection with personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, querying, use, disclosure through transmission, dissemination, or other means of making available, alignment or combination, restriction, erasure, or destruction.
This data privacy statement provides you with information in particular about the type, scope, purpose, and duration of personal data processing, along with its legal basis, insofar as the decision about the purpose and means of processing is made by us – either alone or in consultation with other parties. In addition, it also includes information below about the third-party components we use for optimization purposes and in order to improve quality of use insofar as, as a result, third parties process data, again under their own responsibility.
Our data privacy statement is divided into the following sections:
I.Information about us as the data controller
II. Legal basis for the processing of personal data
III. Information about data collection and processing
V. Objection to the processing of your data or withdrawal of consent
IV. Rights of users and data subjects
I. Information about us as the data controller
The party responsible under data protection law for providing this website is:
DÜRR DENTAL SE
Höpfigheimer Str. 17
74321 Bietigheim-Bissingen
Germany
Postfach 12 64
74302 Bietigheim-Bissingen
Germany
Tel.: +49 (0)7142 / 705-0
E-mail: info@duerrdental.com
The data protection officer acting on behalf of the provider is:
VDE Service GmbH
Sandro Berger
Eduard-Pfeiffer-Straße 48
70192 Stuttgart
Germany
Tel.: +49 (0)711 / 22333 26
II. Legal basis for the processing of personal data
In cases where the data subject has given us consent to process their personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
In cases where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, Article 6(1)(b) GDPR serves as the legal basis. This also applies to data processing operations required in order to take steps prior to entering into a contract.
If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.
In cases where processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6(1)(d) GDPR serves as the legal basis.
If data processing is necessary for the purpose of legitimate interests pursued by our company or by a third party and such interests outweigh the interests or fundamental rights and freedoms of the data subject, Article 6(1)(d) GDPR serves as the legal basis.
III. Information about data collection and processing
1. Systems whose use requires the collection of data.
For the provision of Dürr Dental systems and their functions, for which communication with the Dürr Dental servers is necessary, personal data is also transmitted to Dürr Dental and processed there - if necessary for the use of the various services - as described below.
- VistaSoft
- VistaSoft Cloud
- VistaSoft Monitor
- Dealer platform DD.net
- Learning platform Avendoo
- Dürr Dental ID (Single Sign On)
2. Purposes of data collection
Software functions and software-based services of the above systems, which require processing of personal data:
- User account creation, user authentication and management.
- Electronic software and device registration as well as for the activation of software functions and related contacting
- Provision of software functions (e.g., device health monitoring, VistaSoft Cloud, newsletter service) and contact for service delivery and support
- Provision of media and learning content.
- Troubleshooting and support
- Improving the stability, functionality and security of Dürr Dental products and services.
3. Data collected
1. Creation of the user account, user authentication and administration
- Name, first name, e-mail address
2. Electronic software and device registration as well as for the activation of software functions and related contacts
- Address of the site/billing address, telephone number and fax number of the operator and dealer
- Windows ID of the server
- Name, serial number and order number of the connected devices
3. Provision of software functions (e.g., device health monitoring, VistaSoft Cloud, newsletter service) and contact for service provision and support
- Company name, e-mail address of the dealer and other service partners such as disposal companies
- Device data The detailed data list can be requested via info@duerrdental.com).
- Operating data generated by the device during operation (such as pressure, temperature, voltage values)
- Message data, which the device outputs to indicate changing states (such as warnings and error messages)
- Maintenance data (maintenance counter, due date and confirmation of maintenance tasks)
4. Provision of media and learning content.
- Learning history, assessments, learning achievements
5. Troubleshooting and support
- IP address
6. Improving stability, functionality, and security of Dürr Dental products and services
- Access data to web services (date, time and pages viewed) are stored on the servers of our provider (Amazon Web Services) in Frankfurt am Main, Germany. The storage and analysis is done in anonymized form only.
- Interaction measurement between users and software features via the provider Mixpanel. No personal data is collected in this process.
4. Data processing
- For the use of our software applications, we will collect and store the data entered by you and otherwise collected (i.e., for example, your name, address and e-mail address) exclusively for pre-contractual services, for contract fulfillment and service provision, for the purpose of customer care, for improving our service offering and for product improvement of Dürr Dental products.
- Conclusion and processing of the contract is not possible without the provision of your above-mentioned data.
- Your data processed when using our software will be deleted or blocked as soon as the purpose of the storage no longer applies, the deletion of the data does not conflict with any statutory retention obligations and no other information is provided below on individual processing procedures. In this context, however, we must observe retention periods under tax, commercial and medical product law.
The legal basis for the processing of the data is Art. 6 Para. 1 lit. b DSGVO.
5. Data transfer
- In the context of contract processing, we pass on your data to the transport company commissioned with the delivery of goods or to the financial service provider, insofar as the transfer is necessary for the delivery of goods or for payment purposes.
- In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. Contracts for order data processing have been concluded with all service providers.
- Any further transfer of data to third parties will only take place with your express consent, e.g.:
- When connecting a device to y, you as a user have the option of adding a depot to your device. For this purpose, the data entered by you will be forwarded by us to this depot, together with your practice and device data. The data is forwarded for the purpose of service improvement and maintenance & repair of x devices. x has no influence on the further use of the data.
- When using the software, we give you as a user the opportunity to perform certain functionalities for x devices directly from the software. These functionalities can also be made available to depots within the scope of the service and repair use cases.
The legal basis for the transfer of the data is then Art. 6 para. 1 lit. b DSGVO.
6. Further functions and offers
- If you register for our free newsletter, the data you requested for this purpose, i.e. your e-mail address, country and - optionally - your name and address, will be transmitted to us. At the same time, we store the IP address of the Internet connection from which you access our website as well as the date and time of your registration. During the further registration process, we will ask for your consent to send you the newsletter, describe the content in detail and refer to this privacy policy. We use the data collected in this process exclusively for sending the newsletter - in particular, they are therefore not passed on to third parties. The legal basis for this is Art. 6 para. 1 lit. a) DSGVO. In accordance with Art. 7 (3) DSGVO, you can revoke your consent to the sending of the newsletter at any time with effect for the future. To do so, you only need to inform us of your revocation or use the unsubscribe link contained in each newsletter.
- Furthermore, we may pass on your personal data to third parties if promotional participations, competitions, contract conclusions or similar services are offered by us together with partners. You will receive more detailed information on this when you provide your personal data.
- If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you about the consequences of this circumstance in the description of the offer.
IV. Objection to the processing of your data or withdrawal of consent
If you have provided consent to the use of your data, you are entitled to withdraw such consent at any time. Such withdrawal of consent affects the legitimacy of processing of your personal data once you have told us you wish to withdraw consent.
If our processing of your personal data is based on a balancing of interests, you can lodge an objection against data processing. This is the case if, in particular, processing is not necessary in order to fulfill a contract with you, which will be explained by us in each case in the subsequent description of the functions. If you wish to object or withdraw your consent, we ask that you provide reasons why we should no longer be processing your personal data in the way that we are. If your objection is justified, we will check the facts and either stop or change the way we process your data, or we will provide you with compelling and legitimate grounds that justify continued processing of your data by us.
You can, of course, at any time object to the processing of your personal data for the purposes of advertising and data analysis. To tell us that you object to your data being processed for advertising purposes, please send an e-mail to Datenschutz@duerrdental.com or write to our postal address for the attention of “The Data Protection Officer.”
V. Rights of users and data subjects
If your personal data is processed, you are a data subject within the meaning of the Data Protection Regulation DSGVO and you have the following rights vis-à-vis the person in charge:
- You have the right to obtain confirmation about whether data concerning you is being processed, as well as information about the processed data, further information about data processing, and copies of the data (see also Article 15 GDPR).
- You have the right to have inaccurate data corrected or incomplete data completed (see also Article 16 GDPR).
- You have the right to have data concerning you erased without undue delay (see also Article 17 GDPR) or, alternatively, in the event that further processing is required pursuant to Article 17(3) GDPR, to obtain a restriction of processing in accordance with Article 18 GDPR.
- You have the right to receive a copy of the data concerning you, which you have provided to us, and you have the right to transmit such data to another provider/controller (see also Article 20 GDPR).
- You have the right to lodge a complaint with a supervisory authority if you consider that the processing of data relating to you by the provider infringes the pertinent data protection regulations (see also Article 77 GDPR).
In addition, the provider is obliged to inform all recipients to whom data has been disclosed by the provider about any correction or deletion of data or about any restriction of processing that has taken place pursuant to Article 16, 17(1), or 18 GDPR. However, this obligation shall not apply if notification is impossible or requires disproportionate effort. Nevertheless, the user has the right to obtain information about such recipients.
In accordance with Article 21 GDPR, users and data subjects also have the right to object to future processing of data concerning them if the data is processed by the provider in accordance with Article 6(1)(f) GDPR. In particular, it is admissible to object against data processing for the purpose of direct marketi