Privacy Policy for EarlySmile.com

1. Introduction

At EarlySmile.com (“we,” “our,” or “us”), we are committed to protecting the privacy and personal data of our users. Safeguarding your information is at the core of our operations, and we handle all personal data in compliance with applicable privacy laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). This Privacy Policy outlines how we collect, process, store, and protect your data when you visit our website or interact with our services.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all users of EarlySmile.com and related services, regardless of location. For the purposes of GDPR, we act as the Data Controller in respect of your personal data collected through our website and services. By using EarlySmile.com, you acknowledge the processing of your personal data in accordance with this Privacy Policy.

3. Categories of Data We Process

We may collect and process the following categories of data:

a. Usage Data: Includes information such as IP address, browser type and version, operating system, geographical location, website navigation paths, session data, and time spent on particular pages. This data helps us optimize website performance and improve user experience.

b. Account Data: If you register an account with us, we collect your name, email address, mailing address, and phone number to provide our services and communicate with you.

c. Profile Data: Information you provide including preferences, purchase history, behavioral patterns, and settings personalized on your account.

d. Communication Data: Includes correspondence records, customer support inquiries, and any other contact history you initiate or respond to via EarlySmile.com.

e. Technical Data: Device-identifying information such as MAC address, device model, browser configurations, plug-ins, operating system specifications, and other software-related data.

f. Transaction Data: Payment and billing details, order history, shipping/delivery information, and invoice records.

g. Preference Data: Marketing and communication preferences, opt-in/opt-out status, and product interests gathered through user interactions and surveys.

4. Legal Bases for Processing

We process your personal data only when a lawful basis applies, which includes:

– Legitimate Interest: When processing is necessary for the functioning of our website, fraud prevention, and improving services.
– Contractual Necessity: When data processing is necessary to fulfill the contract between you and us (e.g., providing access to services through EarlySmile.com).
– Consent: Where required, we rely on your explicit and voluntary consent for processing certain types of personal data, including for marketing activities.
– Legal Obligation: When we are required to process your data to comply with applicable legal requirements.

5. Your Rights

Under applicable data protection laws, you maintain the following rights which we fully respect and uphold:

– Right to Access: You may request details of the personal data we hold about you.
– Right to Rectification: You can correct or update inaccurate or incomplete data.
– Right to Erasure (“Right to be Forgotten”): You may request deletion of your personal data, subject to our legal obligations.
– Right to Restrict Processing: You have the right to block or suppress further use of your data.
– Right to Data Portability: You can request that your data be provided in a structured, commonly used, machine-readable format for transfer to another controller.
– Right to Object: You may object to processing based on legitimate interest or direct marketing.
– Right to Withdraw Consent: You can withdraw previously given consent at any time.

To exercise any of these rights, contact us at [email protected].

6. Security Measures

We implement robust technical and organizational measures to ensure the integrity and confidentiality of your data, including but not limited to:

– End-to-end data encryption in transit and at rest.
– Access controls and authentication protocols to restrict unauthorized access.
– Regular backups and disaster recovery testing.
– Staff training on best practices for data protection and cybersecurity.

7. International Data Transfers

When transferring personal data outside of your country of residence, we utilize appropriate legal safeguards, including Standard Contractual Clauses approved by the European Commission, to ensure such transfers comply with applicable data privacy legislation. Data collected may be processed in data centers located in jurisdictions compliant with GDPR, CCPA, or similar regulations as required.

8. Data Retention

We retain your personal data only as long as necessary:

– Account and Profile Data: Retained for the duration of your active relationship with us and up to 24 months thereafter.
– Transaction Data: Retained for a minimum of 7 years for tax and auditing purposes.
– Communication Data: Typically retained for 12 to 24 months unless required longer for legal defense.
– Preference and Marketing Data: Retained for 2 years following last user interaction.
– Usage and Technical Data: Aggregated and anonymized or removed after 12 months where appropriate.

After expiration of these periods, your data is securely deleted or anonymized.

9. Cookie Policy

We use cookies and similar technologies to enhance functionality and analyze usage data. Our cookie categories include:

– Essential Cookies: Necessary for website operation and user authentication.
– Functional Cookies: Enable improved functionality such as remembering login preferences or region selection.
– Analytics Cookies: Collect statistics on site use, performance, and behavior patterns.
– Performance Cookies: Help us optimize responsiveness and test UI variations.

10. Cookie Management and Compliance

In compliance with the GDPR and CCPA, visitors from regulated jurisdictions will be prompted to consent to cookie usage where required. You can manage your cookie preferences at any time via our cookie settings center available on EarlySmile.com, or through browser-level settings including disabling cookies entirely. Your choices may impact site usability.

11. Children’s Privacy

We do not knowingly collect or process personal data from children under the age of 13. If we become aware that we have inadvertently gathered such information, we will take immediate steps to delete it. Parents or guardians who believe their child has provided us data without consent should contact us at [email protected].

12. Policy Updates and Notifications

To maintain compliance and reflect operational changes, we may update this Privacy Policy periodically. We will take appropriate steps to notify you of material updates, which may include website notifications, email communications, or other reasonable means. Your continued use of EarlySmile.com after such updates signifies acceptance of the modified policy.

13. Contact

For any privacy inquiries, concerns, or to exercise your data rights as described above, you may contact us at:

Email: [email protected]

We are committed to maintaining the highest standards in data protection and transparency. If you have questions about this Privacy Policy or your personal data, our team will respond promptly and in accordance with relevant legal requirements.

Thank you for trusting EarlySmile.com with your information.

This Privacy Policy is written with a commitment to GDPR and CCPA compliance. Users with further inquiries are encouraged to reach out at [email protected].