Privacy Policy

ClickDent SRL ("ClickDent", "we") respects the privacy of your personal data and is committed to processing it in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (GDPR) and applicable Romanian legislation. This policy describes our data processing practices in detail.

1. Data Controller

The data controller within the meaning of the GDPR is:

The supervisory authority for GDPR compliance in Romania is the National Supervisory Authority for Personal Data Processing (ANSPDCP), available at dataprotection.ro.

2. Data Collected

We collect the following categories of personal data:

2.1. Data provided directly by the User

• First and last name — for identifying the applicant;
• Email address — for communicating confirmations and received offers;
• Phone number — optional, for direct contact by partner clinics;
• Country of origin — for identifying relevant partner clinics;
• Desired treatment type — e.g. dental implants, veneers, orthodontics;
• Estimated budget — optional, for filtering relevant offers;
• Messages and additional information — voluntarily provided in the free text field.

2.2. Automatically collected data

• Technical data: IP address, browser type and version, operating system, screen resolution;
• Browsing data: pages visited, session duration, traffic source (referrer), actions performed on the Platform;
• Cookies and similar technologies: detailed in the Cookie Policy.

Note on medical data: Information about the desired treatment type may constitute medical data within the meaning of GDPR (special category of data). This data is provided solely at the User's initiative and is processed only for the purpose of transmitting the quote request, with the User's explicit consent.

3. Purpose of Data Processing

We process your personal data for the following purposes:

• Providing the intermediation service — transmitting your quote request to relevant Partner Clinics and sending acknowledgement confirmations;
• Operational communication — responding to questions, complaints or requests submitted through the Platform;
• Service improvement — analysing browsing behaviour to optimise the User experience and Platform functionalities;
• Statistics and analytics — generating aggregate and anonymised reports on Platform usage;
• Legal compliance — fulfilling applicable legal obligations, including tax and accounting requirements.

We do not use your data for direct marketing purposes without your explicit consent and we do not sell, rent or exchange your data with third parties for their own commercial purposes.

4. Legal Basis for Processing

We process your data on the basis of the following legal grounds provided by the GDPR:

• Consent — Art. 6(1)(a) GDPR: when you complete the quote request form, you are informed and give your explicit consent for the processing of your personal data and its transmission to Partner Clinics. Consent may be withdrawn at any time without affecting the lawfulness of prior processing;
• Performance of a contract — Art. 6(1)(b) GDPR: processing necessary for the provision of the intermediation service you have requested;
• Legitimate interest — Art. 6(1)(f) GDPR: service improvement, Platform security, fraud prevention and anonymised statistical analyses. The legitimate interest has been assessed through a balancing test and does not override the rights and freedoms of Users;
• Legal obligation — Art. 6(1)(c) GDPR: compliance with applicable tax, accounting and other legal obligations.

5. Data Recipients

Your personal data may be transmitted to or accessed by:

• Selected Partner Clinics — receive your contact details and treatment request information solely for the purpose of providing a quote. Each Partner Clinic is contractually required to comply with GDPR and not to process your data for other purposes;
• Technical service providers — hosting, databases, transactional email and web analytics services, acting as data processors with contractual confidentiality and security obligations (see section 8);
• Public authorities — where we are legally required to disclose data (e.g. requests from tax authorities, courts or law enforcement agencies).

We do not share your data with third parties for their own marketing purposes without your consent.

6. Data Retention Period

We retain your personal data only for as long as necessary for the purpose for which it was collected:

• Quote request form data (leads): maximum 2 years from the date of submission, after which they are deleted or irreversibly anonymised;
• Analytics data (browsing behaviour): maximum 1 year, in aggregate and/or anonymised form;
• Cookies: as specified in the Cookie Policy (maximum 13 months for persistent cookies);
• Accounting/tax compliance data: in accordance with mandatory legal retention periods (typically 5-10 years).

Upon expiry of the retention period, data is securely deleted or anonymised so that it can no longer be associated with an identifiable individual.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Right of access (Art. 15 GDPR): You may request a copy of the personal data we process about you, along with information about the purpose of processing, recipients and retention period;
• Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data or the completion of incomplete data;
• Right to erasure / "right to be forgotten" (Art. 17 GDPR): You may request the deletion of your data when it is no longer necessary for the purpose for which it was collected, when you withdraw your consent, or when processing is unlawful;
• Right to restriction of processing (Art. 18 GDPR): You may request the limitation of processing of your data in certain circumstances provided by the GDPR;
• Right to data portability (Art. 20 GDPR): You may receive the data you have provided in a structured, commonly used and machine-readable format (e.g. JSON, CSV) and transmit it to another controller;
• Right to object (Art. 21 GDPR): You may object to the processing of your data when it is based on the legitimate interest of ClickDent, including profiling;
• Right to withdraw consent: You may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to the withdrawal.

To exercise any of these rights, please send a written request to gdpr@ClickDent.eu. We will respond within a maximum of 30 calendar days from receipt of the request. The deadline may be extended by 60 days in complex cases, with prior notification to the applicant.

You have the right to lodge a complaint with ANSPDCP (dataprotection.ro) if you believe that the processing of your data violates the GDPR.

8. Third-Party Services and Data Processors

We use the following technical service providers (data processors), all GDPR-certified:

Plausible note: Plausible Analytics does not use cookies and does not collect identifiable personal data — it does not require consent under the ePrivacy Directive. Google Analytics 4 note: GA4 is loaded ONLY if the user accepts analytics cookies via the consent banner.

8bis. What Data Partner Clinics Receive

When you submit a quote request, we transmit exclusively the following data to the partner clinics selected by the platform's algorithm:

• First and last name
• Email address
• Phone number (if provided)
• Requested treatment type and estimated budget
• Preferred city and urgency (if specified)

We do not share with clinics: your medical history, previous requests, traffic sources, analytics data or other technical data. Partner clinics are contractually obligated (through a Data Processing Agreement — DPA) to use your data exclusively for preparing and sending the requested quote.

If you wish to have your data deleted from a clinic's systems, you may contact us at gdpr@ClickDent.eu and we will forward the request on your behalf.

9. Cookies

We use cookies and similar technologies for the operation of the Platform and to analyse browsing behaviour. Detailed information about the types of cookies used, their duration and management options is available in our Cookie Policy.

On your first visit to the Platform, you will see a cookie consent banner where you can choose which categories of cookies to accept. Consent for non-essential cookies (Google Analytics 4) is optional and can be changed at any time. Plausible Analytics does not require consent — it works without cookies and without personal data.

10. International Data Transfers

Your data is primarily stored and processed on servers located in the European Union.

We use Supabase (cloud infrastructure) configured in the EU region (Frankfurt, Germany), meaning data remains in the EEA and is not transferred to third countries. Should transfers outside the EEA become necessary, they will be carried out with the appropriate safeguards provided by the GDPR (Standard Contractual Clauses adopted by the European Commission or other equivalent legal mechanism).

11. Data Security

ClickDent implements appropriate technical and organisational measures to protect your data against unauthorised access, destruction, loss, alteration or disclosure, including:

• Data encryption in transit (HTTPS/TLS) and at rest;
• Role-based access control and the principle of least privilege;
• Periodic system monitoring and auditing;
• Security incident notification procedures in accordance with Art. 33-34 GDPR.

In the event of a security incident affecting your data that poses a high risk to your rights and freedoms, you will be notified in accordance with GDPR requirements.

12. Contact — Data Protection Officer

For any questions, concerns or requests regarding the processing of your personal data, please contact us at: