Privacy Policy

Introduction

MyDentalPractice is a dental practice management software product developed and operated by Promatics Technologies Limited ("Promatics," "we," "our," or "us"). We are committed to protecting your privacy and the privacy of your patients. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the MyDentalPractice platform ("Service").

Promatics Technologies Limited is registered and operates in Nigeria and Ghana, and this policy is designed to comply with the Nigeria Data Protection Regulation (NDPR), Ghana Data Protection Act 2012, and other applicable data protection laws.

By using our Service, you consent to the data practices described in this policy.

1. Information We Collect

1.1 Account Information

When you register for MyDentalPractice, we collect:

• Personal Identification: Full name, email address, phone number
• Professional Information: Professional credentials, license numbers, specializations
• Practice Information: Clinic name, address, contact details
• Account Credentials: Email and encrypted password
• Billing Information: Payment details, billing address, transaction history

1.2 Patient Health Information

As a dental practice management platform, you may store patient health information ("PHI") on our platform, including:

• Patient demographics (name, date of birth, contact information)
• Medical and dental history
• Treatment records and clinical notes
• Dental charts and imaging
• Prescriptions and medications
• Insurance and billing information
• Appointment history
• Communications between practice and patient

1.3 Usage Data

We automatically collect certain information when you use our Service:

• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, pages viewed, actions taken
• Session Information: Login/logout times, session duration
• Feature Usage: Which features you use and how often
• Performance Data: Error logs, crash reports, performance metrics

1.4 Communication Data

We collect data from communications you send through our platform:

• Emails sent through the platform
• SMS messages to patients
• Appointment reminders and notifications
• Customer support conversations

1.5 Information from Third Parties

We may receive information from:

• Payment processors (transaction confirmations)
• SMS providers (delivery status)
• Analytics services (aggregated usage data)

2. How We Use Your Information

2.1 Service Provision

We use your information to:

• Create and manage your account
• Provide access to platform features
• Store and organize your practice data
• Enable patient scheduling and management
• Generate invoices and process payments
• Send appointment reminders and notifications
• Facilitate communication with patients

2.2 Service Improvement

We use information to:

• Analyze usage patterns to improve features
• Identify and fix bugs and technical issues
• Develop new features based on user needs
• Optimize platform performance
• Conduct research using anonymized data

2.3 Communication

We may contact you to:

• Send service-related announcements
• Provide customer support
• Notify you of updates or changes to the Service
• Send billing reminders and invoices
• Share security alerts and notifications
• Request feedback or participation in surveys

2.4 Legal and Compliance

We may use information to:

• Comply with legal obligations
• Respond to lawful requests from authorities
• Enforce our Terms of Service
• Protect against fraud and abuse
• Maintain audit trails and records

2.5 Legal Basis for Processing (NDPR)

Under NDPR, we process your data based on:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Processing for service improvement, security, and fraud prevention
• Legal Obligations: Processing required by law
• Consent: For marketing communications and optional features

3. Data Sharing and Disclosure

3.1 We Do NOT:

• Sell your personal or patient data to third parties
• Share data with advertisers or marketing companies
• Use patient data for purposes beyond providing the Service
• Allow third parties to access your data for their own purposes

3.2 Service Providers

We share data with trusted service providers who help us operate the Service:

All service providers are bound by data processing agreements that require them to:

• Process data only for specified purposes
• Implement appropriate security measures
• Maintain confidentiality
• Delete data upon request

3.3 Legal Requirements

We may disclose information when required by:

• Court orders or legal process
• Requests from law enforcement agencies
• Regulatory requirements
• Protection of our legal rights

We will notify you of such requests unless prohibited by law or court order.

3.4 Business Transfers

If Promatics Technologies Limited or the MyDentalPractice product is acquired, merged, or sells assets, your data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

3.5 With Your Consent

We may share information for purposes not described here only with your explicit consent.

4. Data Security

4.1 Technical Measures

4.2 Additional Security Measures

• Regular security audits and penetration testing
• Automatic security updates and patching
• Secure development practices (OWASP guidelines)
• Employee security training and background checks
• Physical security at data centers
• Disaster recovery and backup procedures
• Incident response procedures

4.3 Password Security

Passwords are hashed using industry-standard algorithms (bcrypt). We never store passwords in plain text and cannot retrieve your original password.

4.4 Data Breach Response

In the event of a data breach that affects your personal information or patient data:

• We will investigate and contain the breach immediately
• Affected users will be notified within 72 hours
• We will report to relevant authorities as required by NDPR
• We will provide guidance on protective measures
• A post-incident report will be made available

5. Data Retention

5.1 Retention Periods

• Account Data: Retained while account is active, plus 30 days after closure
• Patient Data: Retained according to your instructions and healthcare regulations
• Billing Records: Retained for 7 years as required for tax purposes
• Usage Logs: Retained for 12 months for security and analytics
• Audit Trails: Retained for 7 years for compliance

5.2 Data After Account Closure

When you close your account:

• You have 30 days to export all your data
• After 30 days, your data enters a 60-day deletion queue
• Complete deletion occurs within 90 days of account closure
• Certain records may be retained as required by law

6. Your Privacy Rights

6.1 Access and Portability

You have the right to:

• Access all personal data we hold about you
• Export your data in machine-readable formats (CSV, JSON, PDF)
• Receive a copy of your data within 30 days of request

6.2 Correction

You can update or correct your personal information at any time through your account settings or by contacting us.

6.3 Deletion

You can request deletion of your personal data. Note that:

• Account closure initiates the deletion process
• Certain data may be retained for legal compliance
• Aggregated/anonymized data may be retained

6.4 Restriction and Objection

You can:

• Request restriction of certain data processing
• Object to processing based on legitimate interests
• Opt out of marketing communications

6.5 Withdraw Consent

Where we rely on your consent for processing, you can withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.

6.6 Exercising Your Rights

To exercise any of these rights:

• Use the settings in your account dashboard
• Email us at privacy@mydentalpractice.ng
• We will respond within 30 days
• We may verify your identity before processing requests

7. Patient Rights

Patients of dental practices using our platform have rights regarding their data. As the Data Controller, you (the dental practice) are responsible for:

• Responding to patient data access requests
• Facilitating corrections to patient records
• Handling patient deletion requests where appropriate
• Obtaining consent for data collection and processing

Our platform provides tools to help you manage these requests, including data export features and audit trails.

8. Cookies and Tracking

8.1 Types of Cookies We Use

8.2 Managing Cookies

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

8.3 Do Not Track

We respect Do Not Track (DNT) browser signals. When DNT is enabled, we limit tracking to essential service functions only.

9. NDPR Compliance

9.1 Our NDPR Commitments

As a West African company, we are committed to full compliance with the Nigeria Data Protection Regulation (NDPR). We:

• Process data lawfully, fairly, and transparently
• Collect data only for specified, legitimate purposes
• Minimize data collection to what is necessary
• Ensure data accuracy and keep it up to date
• Retain data only as long as necessary
• Implement appropriate security measures

9.2 Data Protection Officer

We have appointed a Data Protection Officer who can be reached at:

• Email: dpo@mydentalpractice.ng
• Phone: +234 812 513 9446

9.3 Filing Complaints

If you believe your data protection rights have been violated, you may file a complaint with:

• Our Data Protection Officer (dpo@mydentalpractice.ng)
• The Nigeria Data Protection Commission (NDPC)
• The Data Protection Commission of Ghana

10. International Data Transfers

10.1 Data Location

Your data is primarily stored and processed in Nigeria and Ghana. However, some data may be transferred to other countries where our service providers operate.

10.2 Transfer Safeguards

When transferring data internationally, we ensure:

• Adequate data protection through contractual safeguards
• Standard contractual clauses approved by relevant authorities
• Compliance with NDPR requirements for international transfers
• Assessment of recipient country's data protection adequacy

11. Special Categories of Data

11.1 Health Information

Patient health information is considered sensitive personal data. We apply enhanced protections including:

• Additional encryption layers
• Stricter access controls
• Detailed audit logging
• Special retention and deletion procedures

11.2 Children's Privacy

Our Service is designed for dental practices and is not directed at children under 18. Patient records for minors are managed by dental practices in accordance with applicable healthcare regulations and parental consent requirements.

12. Third-Party Links and Services

Our platform may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes:

• We will update the "Last updated" date
• We will notify you via email or in-app notification
• Material changes will be communicated at least 30 days in advance
• Continued use after changes indicates acceptance

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: