Boutique Whitening Limited
Privacy Policy

Please read this Privacy Notice. It relates to how Boutique Whitening Limited (“us” / “we” / “our”) hold and process your information (data) and your rights in relation to that data.

We are registered with Australian Securities and Investments Commission (ASIC). Our Australian Business Number (ABN) is 76 928 552 695. We are a limited company and our registered office is at Shed 6, 549 Otway Street South, Canadian, Victoria 3350. The person responsible for data protection at Boutique Whitening Limited is Jessica Ryder (“Data Compliance Manager”) who can be contact by email at jessryder.psh@gmail.com or in writing to our registered office address above.

Our website is www.boutiquewhitening.com.au (“website”)

We are a “data controller”. This means that we are responsible for deciding how we hold and use data about individuals in some circumstances. We are required under data protection legislation to notify you of the information contained in this privacy notice. We have a duty to keep data secure and maintain confidentiality and we will do so.

We are also a “data processor” of data.

The data that we process as a Data Controller

We obtain and hold data about our clients who are dentists and dental practitioners. They refer their patients to us to undertake work upon their patients’ behalf. The Dentist data includes details of the business name, contact details (such as names, email addresses and direct and mobile telephone numbers), and addresses. We also obtain details of Dentists’ credit card and payment information and details of work we have out for Dentists and the cost of that work.

We obtain this data for the purpose of carrying out work for the Dentists.

This data is processed by us as it is necessary for us to do so to perform our contract with the Dentist or in anticipation that we will enter into a contract. We then continue to hold the data as we consider that is necessary for us to do so bothin in the legitimate interests of our business but also in the legitimate interests of the Dentists as the information we hold assists with future business relationships with our Dentist clients.

The Dentist data we hold is shared with our associated companies. Please see the section below regarding Data Sharing.

In the case of other companies, businesses, organisations or associations with whom we have a professional relationship or potentially common interest, we may also hold data consisting of the contact details including names, company/business name, email address/es, contact telephone numbers, and postal address.

The purpose we hold this data is for the professional relationship or in common interest with the other organisation. We consider that it is necessary for us to process this data on the lawful basis that is in the legitimate interests of our business to enhance and preserve those relationships.

When you visit or use the website, we process information by way of the use of analytics to collect information about you by the way of cookies. For more information about the cookies we use and how long data taken will be retained for by us please see our Cookie Policy.

We believe it is necessary for these cookies to use your data on the lawful basis that it is in the legitimate interests of our business for the purpose that we need to use these cookies to monitor use of our website, track the use of our website, to keep out website updated and relevant, to develop our business, to inform our marketing strategy and to improve and develop website performance. It is also necessary for us to use these cookies to enhance and assist a visitor’s experience when using our website.

We will only use the cookies for these purposes.

The data the we process as a Data Processor

Dentists provide personal data relating to their patients (Patients) when we are to carry out work for the Patient. The personal data of Patients (is limited) to their names.

Patients’ data is processed by us as data processors. We have agreements in place between us and our Dentists relating to our processing of Patients’ data as data processors.

The data of Patients never comes into our possession but is sent straight by Dentists to the subcontractor who undertakes the required work upon our behalf. It is also passed to our contractors who undertake the work. Please see the section below relating to this (Data Sharing)

Retention of data

    1. Dentists

We may retain your data indefinitely, except that:

  • We will delete and destroy any bank or payment details once payment has been processed;
  • We regularly review the data that we hold, at least annually, and if we hold data about a Dentist with whom we have not had any dealing for over TWO years then we will destroy some of the data we no longer need by will retain Dentists’ names and contact details as we consider it is in the legitimate interests of our business to retain a database of these names and in doing so we do not believe that this will affect the rights and freedoms of the individuals concerned.
    1. Dentists’ Patients

The data relation to Patients is held by our subcontractor for seven years in line with ADA guidelines. The data will then be deleted.

    1. Third Parties

We retain the information under paragraph 3 above indefinitely. This is because it is in the legitimate interests of our business to retain a database of such third parties and in doing so we do not believe that this will affect the rights and freedoms of the individuals concerned.

    1. Visitors to our website

Please see our Cookie Policy for details of how long we will retain the data taken by the analytics on our website.

Data Sharing

We instruct a third party who is based in Queensland, Australia to undertake work carried out upon our Dentist and Patient’s behalf. We have a written agreement in place with this third party which regulates the purpose for which they hold and process the data as subcontractor data processors for us.

This third party is 3DDS Pro whose address is PO Box 3538, Sunnybank South, Queensland 4109.

In addition, the data may be stored on a cloud based computer system. This is hosted and owned by a company based in Canada. We have a written agreement in place with this third party which regulates the purpose for which they hold and process the data and ensures security measures are in place.

The data taken by cookies will also be shared with our website provider / host Fablr. Our relationship with them is that they are a data processor on our behalf and we have a written agreement in place with them which regulares this processing and which ensures that your data is kept secure.

We may also share data with our legal advisors and accountants where we deem it necessary to do so.

Your data will not otherwise be shared with any other third party without your consent.

Data will not be held or processed outside Australia.

Automated Processing.

We do not deal with the automated processing of data.

Your Rights

  1. We are obliged to ensure that the data we hold about you is correct. You have the right to ask for the data to be rectified if it is not and we will then take appropriate action to do so.
  2. You have the right to seek to restrict the processing of your data in some circumstances.
  3. Where we rely on legitimate interests as the basis for processing, you may ask for the data to be erased and if there is no overriding legitimate interest for us to continue the processing then we will do so.
  4. You can also object to the processing of your data where we rely on legitimate interests as the basis for processing.
  5. You have the right to seek confirmation of the fact that we are processing your data, to ask what that data comprises, and also to ask for copies of your data.

How to exercise your rights

If you would like to exercise any of your rights, please write to us at the registered address given at the top of this Notice. We will then consider your request and action the same as necessary although in some circumstances we may have a legitimate reason for not being able to action your request. If this should be the case then we will notify you of the reason why.

If you have cause for complaint

If you have any cause for complaint, or not believe that we are processing your data fairly or in line with our obligations as a data controller or data processor, then we would ask that you contact us in the first instance with your concerns although you are not obliged to do so and you may contact the Office of the Australian Information Commissioner whose details can be found at www.oaic.gov.au