Processamento de dados pessoais

This Privacy Policy is issued on behalf of SMILE2IMPRESS, S.L. (hereinafter, SMILE2IMPRESS or IMPRESS), as the Data Controller and operator of this website. It is addressed to users of SMILE2IMPRESS and DR SMILE products and services, patients, suppliers, website visitors, and any individuals interested in contacting SMILE2IMPRESS or DR SMILE.

We collect, use, and are responsible for certain personal data about you. In doing so, we are subject to different data protection laws depending on the location of our patients and the delivery of our services. However, we are committed to providing the highest levels of privacy protection, regardless of where in the world you interact with us.

Please note that we may update this policy from time to time. We recommend reviewing it periodically. This version is effective as of March 2025.

We, the data controllers responsible for your data

Identity: SMILE2IMPRESS, S.L. Tax ID (NIF): B67402032 Registered address: CALABRIA 169, 08015 BARCELONA Email address: gdpr@smile2impress.com

Our Data Protection Officer (DPO)

The Data Protection Officer is AURIS CONSULTORÍA LEGAL I TRIBUTARIA S.L.P., Tax ID: B65951055. If you have any questions, concerns, or suggestions regarding how we use your personal data, you may contact the Data Protection Officer via the following email address: dpo@smile2impress.com

AFFILIATED COMPANIES – IMPRESS GROUP 

SMILE2IMPRESS

  1. UK Name: SMILE2IMPRESS CLINICS, LTD. Tax ID: 13682612 Address: One Fleet Place, London, England, EC4M 7WS Name: SMILE2IMPRESS, LTD. Tax ID: 12957895 Address: 54 Brushfield Street, London, England, E1 6AG

  2. ITALY Name: SMILE2IMPRESS, S.R.L. Tax ID: 12266090963 Address: VIA BENEDETTO MARCELLO 91 - 20124 - MILANO

  3. SWITZERLAND Name: SMILE2IMPRESS, SARL Tax ID: UID CHE-365.532.137 Address: Rue Jacques-Balmat 5, c/o BianchiSchwald Sàrl, 1204 Geneva

  4. PORTUGAL Name: SMILE2IMPRESS, LDA. Tax ID: 516423614 Address: Rua Camilo Castelo Branco No. 44 and 44-A, 1050-045 Lisboa

  5. FRANCE Name: SMILE2IMPRESS, S.L. Tax ID: FR14892663485 RCS Address: 36 AVENUE HOCHE, 75008 PARIS

  6. UKRAINE Name: SMILE2IMPRESS, LLC. Tax ID: 44629915 Address: Ukraine, 30601, Khmelnytskyi district, Khmelnytskyi region, Teofipol urban-type settlement, Svobody Street 27A, apartment 18

  7. USA Name: CVSTOM CO Tax ID: 81-1540779 Address: 999 SUTTER ST, STE 102, SAN FRANCISCO, CA 94109

DR SMILE

  1. ITALY Name: DRSMILE ITALIA S.R.L. VAT: 11865840968 Address: VIA MESSINA 38 - 20154 - MILAN

  2. FRANCE Name: DR SMILE FRANCE, SAS. Tax ID: 980742530 Address: 28 BOULEVARD DE LA CORDERIE, 13007 MARSEILLE

  3. SPAIN Name: DRSMILE IBERIA, S.L.U. Tax ID: B88481924 Address: CALLE CLAUDIO COELLO, 92, 28006, MADRID

  4. SWEDEN Name: DRSMILE SVERIGE AB Registration Number: 559314-8454 Address: Drottninggatan 97, 113 60 Stockholm

  5. NETHERLANDS Name: DRSMILE BeNeLux B.V. BSN: 86141562 Address: Nicolaas Beetsstraat 222, 3511 HG, Utrecht, Utrecht, Netherlands Name: PlusDental Netherlands B.V. BSN: 82375941 Address: Barbara Strozzilaan 101, 1083 HN, Amsterdam

  6. GERMANY Name: DZK Deutsche Zahnklinik GmbH VAT ID: HRB 191540 B Address: Königsallee 92 a, D-40212 Düsseldorf Name: Urban Technology GmbH VAT ID: HRB 186974 B Address: Brunnenstraße 128, 13355 Berlin, Deutschland

What type of information might we collect about you?

The personal data we collect from users and customers on our website is strictly limited to what is necessary, in accordance with the data minimization principle set out in Article 5(c) of the GDPR, and can be grouped into the following categories:

  • Basic and contact information: such as your name, surname, email address, and phone number.

  • Professional and employment information: this category includes your professional interests and any data you may voluntarily submit in our Careers section, such as your CV.

  • Technical data: including your IP address, log data, browser and version used, time zone and usage settings, browser plugins, operating system, and other technology used to access our platform.

  • User account data: such as your email address and password, feedback submitted by you, and any surveys you may have answered.

  • Browsing data: includes information about your browsing behavior when visiting our platform.

  • Marketing and communication preferences: we collect your preferences regarding receiving marketing communications and updates from us, the consents you have provided, and your preferred communication channel.

  • Images captured by video surveillance systems: this includes images that may be recorded by CCTV cameras installed in our clinics and offices.

  • Health data (collected at the clinic): patient data. We inform you that the purpose of collecting and processing personal data in this context is the creation, maintenance, and management of the patient's medical record, in order to fulfill the objectives of the medical center, which consist in providing the healthcare treatment required by each patient.

How do we collect your personal data?

As a general rule, most of the personal information we collect is provided directly by you—whether in person at our clinics, by phone, email, instant messaging services (such as WhatsApp), web forms, or through your responses to surveys. However, we may also obtain information from third parties connected with us.

How do we collect your data through our website?

  • Whenever a user needs to, they may contact us using the communication channels provided on the website, in order to request a service or submit an inquiry.

  • When the user submits their CV and related data through the Careers section of our website.

  • When completing the contact form to schedule an appointment, by providing necessary and proportionate data such as name, surname, email address, and mobile phone number.

  • Through our cookies, as detailed in our Cookie Policy. This will only occur with your consent, and you may manage your preferences at any time.

  • When you expressly authorize us to send you commercial communications by checking the corresponding box on the contact form.

For what purpose do we process your personal information?

We provide a detailed table below outlining the purposes for which we collect your data and the legal basis that justifies such processing.

Purpose of Processing

Legal Basis

Manage appointment requests through the website.

(1) Explicit consent of the data subject

Manage our relationship with users/customers, including:

(1) Notify of changes to our terms or policies

(2) Request participation in surveys or reviews.

(1) Contract performance

(2) Compliance with legal obligation

(3) Data subject’s consent

Request and manage informed consent from the user.

(1) Contract performance

(2) Explicit consent of the data subject

Fulfill legal, tax, accounting, administrative, and contractual obligations related to the provision of requested services.

Compliance with legal obligation

Provide information about SMILE2IMPRESS products and treatments.

(1) Explicit consent of the data subject

Handle claims, incidents or inquiries via Contact Form, Online Chat, email, instant messaging (WhatsApp), and customer service phone line.

(1) Data subject’s consent

(2) Legitimate interest

Send users commercial information from IMPRESS that may be of interest. Profiling may be used to predict preferences and timing of offers.

(1) Explicit consent of the data subject

(2) Legitimate interest (if no opt-out request has been made)

Perform necessary commercial and administrative tasks with website users.

(1) Data subject’s consent

Deliver the services and/or treatments contracted or subscribed to by the user and follow up accordingly.

(1) Explicit consent of the data subject

(2) Contract performance

Improve our services through profiling and usage analysis based on user history. Analytical data is also used to improve website/app experience, implement marketing strategies, and optimize booking processes via cookies.

(1) Legitimate interest

(2) Consent (e.g. acceptance of analytical cookies)

Administer and protect our business and website, including troubleshooting, data analysis, web/app testing, etc.

(1) Legal obligation

(2) Legitimate interest (e.g. fraud prevention, IT security)

Manage registration for participation in IMPRESS promotions.

(1) Data subject’s consent

Manage user interactions on our social media.

(1) Legal obligation (e.g. remove offensive or harmful content)

(2) Legitimate interest (e.g. remove third-party ads)

Provide personal data to authorities or comply with judicial requirements.

Legal obligation

Follow up on dispute resolution procedures through the European Commission's ODR platform: http://ec.europa.eu/consumers/odr/ and with consumer protection agencies.

Legal obligation

Provide complaints forms upon user request via contact form, phone, or email.

Legal obligation

Provide our services.

(1) Contract performance

(2) Explicit consent of the data subject

Accept and process payments.

(1) Contract performance

(2) Legitimate interest

Enhance physical security of our facilities (CCTV surveillance, access control).

Legitimate interest and the interest of third parties (e.g. detecting harmful acts)

Finance treatments through third-party financial institutions.

(1) Contract performance

Who might we share your personal data with?

We may need to share your personal information with:

  • Local IMPRESS affiliates previously detailed, in order to provide our services.

  • Third-party companies or service providers we subcontract to deliver our products and services, such as payment gateway providers, warehouses, or shipping companies.

  • Other third parties necessary for the operation of our business, such as advertising agencies, legal advisors, mutual insurance companies, etc.

  • External companies that offer financing for the treatments contracted.

All providers we work with are contractually bound to us. We can guarantee that they comply with all necessary security measures to safeguard your personal data and will only use such data for the specified purposes and in accordance with our instructions.

We will also share personal information with law enforcement agencies or authorities when required by law.

Where do we store your personal data?

All information you provide us—either through this website or via other channels—will be stored on Google Cloud and Amazon Web Services (AWS) servers.

These servers are located within the European Economic Area (EEA).

International Transfer of Personal Data

To provide you with the best possible service, we may occasionally need to transfer your personal data outside the European Economic Area (EEA). For example:

  • When we need to communicate with our offices located outside the EEA;

  • To communicate with you or with our service providers when they are located outside the EU;

  • When there is an international component to the products or services we offer you.

International data transfers are subject to special rules governed by data protection law principles. This means we may only transfer your data to countries or international organizations outside the EU when:

  • The destination country is deemed “adequate” by the competent authority in terms of the level of protection applied to personal data;

  • All necessary safeguards have been taken to ensure your legal rights are protected and that you can file complaints or exercise your rights appropriately;

  • A relevant exception applies under data protection laws.

In such cases, we inform you that we transfer your data with appropriate safeguards, always maintaining its security. We use the most suitable tools for international data transfers, such as Standard Contractual Clauses (SCCs) or other appropriate supplementary measures. You can view the content of the Standard Contractual Clauses at the following link:

https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transferpersonal-data-third-countries_en

How long do we retain your personal data?

In accordance with Article 5.1(e) of the General Data Protection Regulation (GDPR), personal data will only be stored for as long as necessary to fulfill the purposes for which it was collected. However, your data may be retained in the following cases:

  1. Compliance with legal and contractual obligations:

    • While liabilities may still arise from a contractual, pre-contractual, or non-contractual relationship.

    • When legally required to do so (e.g., clinical record retention or accounting data storage periods).

  2. Security measures applied to retained data:

    • While data is stored, we will adopt appropriate technical and organizational measures to ensure its security. This includes avoiding active processing or viewing and limiting access exclusively to courts, the public prosecutor’s office, or public administrations, and only when strictly necessary.

  3. Retention periods according to applicable regulations:

    • Our data retention policy complies with timeframes established under various applicable laws, depending on the legal responsibilities or statutory limitations of the data’s country of origin.

    • Once the legal retention period has expired, the data will be permanently and securely deleted, ensuring it cannot be recovered.

If you need more information, you can contact us at gdpr@smile2impress.com.

Our Communications

All personal information you provide will be incorporated into our information systems. By accepting this Privacy Policy, you expressly consent to IMPRESS carrying out the following activities and/or actions, unless you tell us otherwise:

To send you commercial, promotional, and direct marketing communications by any means you have expressly authorized, to inform you about activities, services, promotions, advertisements, news, and other information related to our services, products, and group companies.

How to opt out of marketing communications?

You may revoke any previously granted consent for commercial communications at any time. You can unsubscribe by using the opt-out option when available in our app or website, or by emailing us with the subject “unsubscribe” at gdpr@smile2impress.com.

We never engage in SPAM. Therefore, we will not send you marketing emails unless you have requested or authorized them. However, all our communications include a way to withdraw your consent.

In order to improve customer loyalty and ensure service quality, IMPRESS may carry out profiling activities to predict which products or services similar to those already contracted may interest you, or to determine the most appropriate time to offer them.

We will not process your personal data for any other purpose than those described, unless required by law or court order.

User Responsibility – Truthfulness Statement

By providing us with your personal data via electronic means, the user declares that they are over 18 years old and that all data provided to IMPRESS is true, accurate, complete, and up to date.

The user acknowledges responsibility for the truthfulness of the data provided and undertakes to keep it updated to reflect their actual situation, being liable for any false or inaccurate information and for any direct or indirect damage or harm that may result.

Social Media

We maintain official accounts on Instagram, Facebook, and LinkedIn, and act as Data Controller of the data processed on these profiles.

By interacting with our posts (e.g., liking, commenting), you accept this Privacy Policy, which ensures confidentiality and compliance with your data protection rights, and explains how we use your data and the rights you have.

Each social media platform has its own privacy policy, which users accept when registering. IMPRESS is not responsible for how these platforms process your data for their own purposes or for uses beyond those described here.

On our social media profiles, you will find content about our products and services, as well as topics of interest related to our activity. IMPRESS is not responsible for the appearance of such content on your personal feed or profile within each platform.

Submission of CVs

If the user submits their CV, this will be processed through the job offers on LinkedIn, which acts as the data processor on behalf of IMPRESS. The data provided will be used to include the applicant in current or future recruitment processes, assessing the applicant’s profile in order to select the best candidate for the role in question. This is the only official method for receiving CVs; any CVs sent through other means will not be accepted.

If any changes occur in the information submitted, users are requested to notify us in writing as soon as possible in order to keep their data up to date.

Data will be retained for a maximum of two years, after which it will be securely deleted, with full respect for confidentiality both during processing and at the time of destruction. If the user wishes to continue participating in future recruitment processes, they will need to resubmit their CV.

The data may be processed and/or shared with companies within our corporate group, during the retention period of the CV, and solely for the same purposes previously stated.

How do we keep your information secure?

We take the protection of your data very seriously. For this reason, we implement physical, organizational, and technological security measures, controls, and procedures to prevent your information from being accidentally lost, accessed, or misused.

Although no system is 100% secure, SMILE2IMPRESS does its best to prevent security breaches. Each user is solely responsible for the security measures they apply in relation to their own data. SMILE2IMPRESS will not be held responsible for consequences derived from users failing to apply appropriate security measures, nor for damage caused by third parties, unforeseen events, or force majeure.

We limit access to your data to authorized individuals or entities, ensure all personnel involved in data processing are properly trained, and are subject to confidentiality obligations.

We also apply technical procedures to detect and respond to any suspected data breaches. If required, we will notify both you and the relevant supervisory authority, in compliance with applicable regulations.

How can you exercise your data protection rights (ARCOPOL)?

Under the General Data Protection Regulation (GDPR), you have the right to exercise the following:

Right

Description

Access

The right to receive a copy of your personal data.

Rectification

The right to request correction of inaccurate personal data.

Erasure (Right to be Forgotten)

The right to request the deletion of your personal data – under certain conditions.

Restriction of Processing

The right to request that processing be restricted.

Objection

The right to object to:

(i) direct marketing (including profiling);

(ii) processing based on our legitimate interest, under certain circumstances.

Data Portability

The right to receive your data in a structured, commonly used and machine-readable format, or to have it transmitted to a third party – in specific situations.

Automated Decision-Making

The right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or significant effects.

These rights may be exercised at any time and free of charge.

To exercise your rights, you may write to us at: gdpr@smile2impress.com

Alternatively, you may contact our Data Protection Officer directly: AURIS CONSULTORÍA LEGAL I TRIBUTARIA SLP – dpo@smile2impress.com

Data Protection Authority

We aim to resolve any concern you may have regarding your personal information. However, if you believe your rights have been violated, you have the right to lodge a complaint with the relevant data protection authority in your country.

Changes to this Privacy Policy

IMPRESS reserves the right to update or amend this Privacy Policy to reflect legislative or case law developments.