Privacy Policy

1. Introduction 
1.1 Nordic Smiles established in Sweden with the address: Prästgatan 44A, 111 29 Stockholm, Sweden, corporate registry number 559262-9678 (herein ”NS”, ”we”, or ”us”). 
1.2 NS through its affiliates registers prospective customers for aligner treatments (”Prospective Customers” or “Customers”). This process is herein referred to as our ”Services”.

2. Controller of personal data and legal basis for processing 
2.1 This privacy policy applies when NS processes personal information about those who use our Services (herein “you” or “your”). 
2.2 Our processing of personal data is carried out in accordance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (herein “GDPR”). 
2.3 Our processing of your personal data is based on:

· the performance of a contract with you;

· for the purpose of our legitimate interest to keep a register of Prospective Customers or Customers;

· when necessary to comply with legal obligations pursuant to EU and Member State law.

3. Our purposes for processing 
3.1 NS needs to process personal data in order to deliver our services to Prospective Customers and Customers. You can not be a Prospective Customer or Customer unless we can process your personal data.
3.2 Customer’s personal data is used for delivery of Services, invoicing, customer service and communicating with you as a Customer. Some of your personal data is also processed to comply with legal obligations, such as for medical records, compliance and bookkeeping.

4. How we collect your personal data 
4.1 We collect personal data such as contact information and signed forms from you as a Customer. 
4.2 We collect personal data from you as a Prospective Customer when you contact us or have a contractual relationship with us.

5. The personal data that we process 
5.1 ”Personal data” is any information that can be attributed to a living, natural person. We collect and process the below categories of personal data, to deliver our Services. 
5.2 NS collects the following data from you as a Customer:

· Identifiers –first and last name of the Customer 

· Contact information –at least one of the following; e-mail address and phone number.

5.3 NS collects the following data from you as a Prospective Customer:

· Identifiers – such as first and last name.

· Contact information –such as your e-mail address, phone number.

6. Who we share the data with 
6.1 We will share your data with other companies and organisations in order to deliver our Services. If you are a Customer, we will share your personal data only when you have agreed to. If you are a Prospective Customer, we will not share any personal data unless we have your consent to do so. 
6.2 We may also share your data with other parties when this is necessary in order to (i) fulfil our contractual obligations toward you, (ii) fulfil legal obligations pursuant to laws, other regulations or decisions made by courts or authorities.
6.3 We use Google Analytics for aggregated, anonymized website traffic analysis. In order to track your session usage, Google drops a cookie (_ga) with a randomly-generated ClientID in your browser. This ID is anonymized and contains no identifiable information like email, phone number, name, etc. We also send Google your IP Address. We use GA to track aggregated website behavior, such as what pages you looked at, for how long, and so on. This information is important to us for improving the user experience and determining site effectiveness. If you would like to access what browsing information we have – or ask us to delete any GA data – please delete your _ga cookies, reach out to us via this form, and/or install the Google Analytics Opt-Out Browser Add-On.

The following categories of recipients may receive your personal data as described below:

· Authorities – We may be required to give personal data to authorities. We will only do so when required by Union or Member State law. We will inform you of the obligation unless we’re prevented to do so by law.

· Developers and consultants – We work with developers and consultants from other companies to develop our IT-infrastructure and further develop services. A developer may need access to basic personal data when necessary to provide support and develop the service. Everyone engaged by us in this way is bound by confidentiality and only has access to the data that is necessary to perform their services.

· Payment providers – Payment providers such as banks are controllers of their own processing of personal data. The personal data involved in financial transactions is always collected by a payment provider, which applies separate terms and conditions for that service.

6.3 We carry out as much personal data processing as possible here in the EU/EEA. Should any data be shared with a service provider outside of the EU/EEA, by us or one of our service providers, the recipient will always enter into standard contractual clauses with us that ensure the recipient maintains a data protection standard equal to the EU/EEA.

7. How long we keep your data 
7.1 Personal data is only kept for as long as necessary to fulfil the purposes described above or if the person is interested in continuing the business relationship over time. 
7.2 We are obligated to keep financial information under the Swedish Bookkeeping Act, including personal data in invoicing and similar bookkeeping information, for seven years. Personal data kept for bookkeeping reasons will only be processed for that purpose.

8. Deletion of personal data 
8.1 Personal data is erased or anonymized when the data is no longer necessary. ”Anonymized” means to remove any connection to an individual from the information. 
8.2 When we erase or anonymize personal data, we have no means to recreate or restore that personal data.

9. Security measures 
9.1 As controller of personal data, we take appropriate technical and organisational measures to protect the personal data in accordance with Chapter IV, Section 2 of the GDPR. We have internal policies and guidelines in place to handle information security and to prevent and investigate any leak or breach. 
9.2 Should your personal data be involved in a security incident (so called “personal data breach”) we will contact you and inform you in accordance with the GDPR.

10. Your rights 
10.1 You have the right to request that our processing is limited to storage, and to object to our processing. 
10.2 You have the right to request information about how we process your personal data, to be provided electronically or in paper. We will compile information about how your personal data is processed and provide you with this, normally within one month. 
10.3 You have the right to request that we correct any personal data that you consider to be incorrect, and to provide complementary personal data (in certain cases) should you consider that the personal data that is being processed by us gives an incorrect image of you. 
10.4 You also have the right to request that we erase your personal data. We will erase personal data on your request to the extent that we are not obligated to keep the personal data under Union or Member State law. We will also continue to process personal data in specific situations, for example when your personal data is still required to fulfil contractual obligations against you. We will always respond to you and explain position. 
10.5 You always have the right to lodge a complaint with the relevant authority in particular where you live, work or where an alleged infringement of the GDPR has occurred. For Sweden, the relevant authority is Datainspektionen.
10.6 If you want to exercise your rights above we ask you to contact us at info[at]nordicsmiles[dot]com.

Legal Disclaimer

 Nordic smiles and its affiliates own the trademarks, designs, and logos displayed on this site. The use or misuse of these trademarks, designs, or logos without our written consent is strictly prohibited. The contents and functionality on this site are the exclusive property of nordic smiles and its affiliates.

They are provided to you without any warranties or representations about accuracy or completeness. You are granted access to this site as well as the right to download, display, and print its contents, provided you do not modify, reproduce, or distribute them without our written consent.