Please read this Privacy Notice. It relates to how Boutique Whitening Limited (“us” / “we” / “our”) hold and process your information (data) and your rights in relation to that data.
We are registered with Australian Securities and Investments Commission (ASIC). Our Australian Business Number (ABN) is 76 928 552 695. We are a limited company and our registered office is at Shed 6, 549 Otway Street South, Canadian, Victoria 3350. The person responsible for data protection at Boutique Whitening Limited is Jessica Ryder (“Data Compliance Manager”) who can be contact by email at jessryder.psh@gmail.com or in writing to our registered office address above.
Our website is www.boutiquewhitening.com.au (“website”)
We are a “data controller”. This means that we are responsible for deciding how we hold and use data about individuals in some circumstances. We are required under data protection legislation to notify you of the information contained in this privacy notice. We have a duty to keep data secure and maintain confidentiality and we will do so.
We are also a “data processor” of data.
We obtain and hold data about our clients who are dentists and dental practitioners. They refer their patients to us to undertake work upon their patients’ behalf. The Dentist data includes details of the business name, contact details (such as names, email addresses and direct and mobile telephone numbers), and addresses. We also obtain details of Dentists’ credit card and payment information and details of work we have out for Dentists and the cost of that work.
We obtain this data for the purpose of carrying out work for the Dentists.
This data is processed by us as it is necessary for us to do so to perform our contract with the Dentist or in anticipation that we will enter into a contract. We then continue to hold the data as we consider that is necessary for us to do so bothin in the legitimate interests of our business but also in the legitimate interests of the Dentists as the information we hold assists with future business relationships with our Dentist clients.
The Dentist data we hold is shared with our associated companies. Please see the section below regarding Data Sharing.
In the case of other companies, businesses, organisations or associations with whom we have a professional relationship or potentially common interest, we may also hold data consisting of the contact details including names, company/business name, email address/es, contact telephone numbers, and postal address.
The purpose we hold this data is for the professional relationship or in common interest with the other organisation. We consider that it is necessary for us to process this data on the lawful basis that is in the legitimate interests of our business to enhance and preserve those relationships.
When you visit or use the website, we process information by way of the use of analytics to collect information about you by the way of cookies. For more information about the cookies we use and how long data taken will be retained for by us please see our Cookie Policy.
We believe it is necessary for these cookies to use your data on the lawful basis that it is in the legitimate interests of our business for the purpose that we need to use these cookies to monitor use of our website, track the use of our website, to keep out website updated and relevant, to develop our business, to inform our marketing strategy and to improve and develop website performance. It is also necessary for us to use these cookies to enhance and assist a visitor’s experience when using our website.
We will only use the cookies for these purposes.
Dentists provide personal data relating to their patients (Patients) when we are to carry out work for the Patient. The personal data of Patients (is limited) to their names.
Patients’ data is processed by us as data processors. We have agreements in place between us and our Dentists relating to our processing of Patients’ data as data processors.
The data of Patients never comes into our possession but is sent straight by Dentists to the subcontractor who undertakes the required work upon our behalf. It is also passed to our contractors who undertake the work. Please see the section below relating to this (Data Sharing)
We may retain your data indefinitely, except that:
The data relation to Patients is held by our subcontractor for seven years in line with ADA guidelines. The data will then be deleted.
We retain the information under paragraph 3 above indefinitely. This is because it is in the legitimate interests of our business to retain a database of such third parties and in doing so we do not believe that this will affect the rights and freedoms of the individuals concerned.
Please see our Cookie Policy for details of how long we will retain the data taken by the analytics on our website.
We instruct a third party who is based in Queensland, Australia to undertake work carried out upon our Dentist and Patient’s behalf. We have a written agreement in place with this third party which regulates the purpose for which they hold and process the data as subcontractor data processors for us.
This third party is 3DDS Pro whose address is PO Box 3538, Sunnybank South, Queensland 4109.
In addition, the data may be stored on a cloud based computer system. This is hosted and owned by a company based in Canada. We have a written agreement in place with this third party which regulates the purpose for which they hold and process the data and ensures security measures are in place.
The data taken by cookies will also be shared with our website provider / host Fablr. Our relationship with them is that they are a data processor on our behalf and we have a written agreement in place with them which regulares this processing and which ensures that your data is kept secure.
We may also share data with our legal advisors and accountants where we deem it necessary to do so.
Your data will not otherwise be shared with any other third party without your consent.
Data will not be held or processed outside Australia.
We do not deal with the automated processing of data.
If you would like to exercise any of your rights, please write to us at the registered address given at the top of this Notice. We will then consider your request and action the same as necessary although in some circumstances we may have a legitimate reason for not being able to action your request. If this should be the case then we will notify you of the reason why.
If you have any cause for complaint, or not believe that we are processing your data fairly or in line with our obligations as a data controller or data processor, then we would ask that you contact us in the first instance with your concerns although you are not obliged to do so and you may contact the Office of the Australian Information Commissioner whose details can be found at www.oaic.gov.au