This Privacy Notice (“Notice”) describes how Dentsply Sirona Inc., its global affiliates, brands, and subsidiaries (collectively, “Dentsply Sirona,” “we,” “our,” or “us”) collect, use, disclose, and otherwise process the personal information described in this Notice and the rights and choices individuals have regarding such personal information globally.
1. In the UK, “personal data” is defined very broadly and includes any information relating to a natural person, who can be identified, directly or indirectly, from data that we hold about them or from data that is combined with other information. It may include data relating to our employees, customers, patients, shareholders, contractors or the staff of our suppliers, visitors to our buildings or website users.
Except as otherwise described below, this Notice applies to the personal information Dentsply Sirona collects and processes related to your use of our website, www.dentsplysirona.com, where this Notice is posted, and other websites that may display or include a link to this Notice (“Site” or “Sites”), other online and offline services, and other products or services we make available to you, (collectively, “Services”).
Your use of our Services, and any dispute over privacy, is subject to this Notice and our Terms of Use, available at www.dentsplysirona.com/terms-of-use. Unless applicable law requires otherwise, your decision to proceed signifies your implied consent to the processing of your information in accordance with this Notice. For information about your privacy choices, please review Section 7, Your Privacy Choices.
Not in Scope. This Notice does not apply to the personal information that we collect and process about Dentsply Sirona employees. For more information, including a copy of your employee privacy notice, contact your local Human Resources representative.
Additional Notices. In some cases, additional or separate privacy notices may be provided for certain Services, programmes or events that we offer. In those circumstances, the notice(s) provided should be interpreted as a supplement to the information contained in this Notice.
To the extent any additional region-specific disclosures are needed, you can find that information set out separately in this Notice, as follows:
For those in EMEA, including the EEA, UK and Switzerland: See Section 15, Additional Privacy Information - EMEA.
For those in Latin America: See Section 16, Additional Privacy Information – Latin America.
For those in the USA, including California and Washington state: See Section 17, Additional Privacy Information – United States (including California).
For Washington state residents, see also our Consumer Health Data Privacy Policy to review our privacy practices related to your health data.
For those in Canada: See Section 18, Additional Privacy Information - Canada.
For those in the Asia Pacific region: See Section 19, Additional Privacy Information - APAC.
As further described below, we collect personal information directly from individuals, from third parties, and automatically through your use of our Services.
Personal Information Collected Directly from You. The personal information we may collect from you depends on how you use our Services or otherwise interact or engage with us, but generally includes:
Personal Information Collected from Third Parties. We may collect personal information about you from third-party sources, such as public databases, joint marketing/promotional partners, social media platforms, or other third parties, as follows:
Personal Information Collected Automatically. We and our service providers automatically collect and derive personal information related to your use of our Services and your interactions with us. Such information may include:
Generally, we collect, use, and otherwise process the personal information that we collect for the following purposes:
Generally, we disclose the personal information that we collect to provide our Services, respond to and fulfil your transactions or requests, as otherwise directed or consented to by you, and as follows:
We may use and disclose aggregate and other non-identifiable data related to our business and the Services for quality control, analytics, research, development, and other purposes. Where we use, disclose, or otherwise process de-identified data (data that is no longer reasonably linked or linkable to an identified or identifiable natural person, household, or personal or household device) we will maintain and use the information in de-identified form and not attempt to reidentify the information, except in order to determine whether our de-identification processes are reasonable and adequate pursuant to applicable privacy laws.
We and our providers use cookies, pixel tags, and other similar tracking technologies to automatically collect information about browsing activity, device type, and similar information within our Site and Services. This information, which may be considered personal information in some jurisdictions, is used, for example, to analyse and understand how you access, use, and interact with our Site and Services; to identify and resolve bugs and errors in our Site and Services; to assess, secure, protect, optimise, and improve the performance of our Site and Services; to personalise content on our Site; and for marketing, advertising, measurement and analytics purposes. We may also de-identify and/or aggregate such information to analyse trends, administer our Site and Services, and gather broad demographic information for aggregate uses, and for any other lawful purposes.
Cookies. Cookies are alphanumeric identifiers used for tracking purposes. Some cookies allow us to make it easier for you to navigate our Site and Services, while others are used to enable a faster log-in process, to support the security and performance of the Site and Services, or to allow us to track activity and usage data within and across our Site and Services.
Pixel Tags and Similar Technologies. Pixel tags (sometime called web beacons or clear GIFs) are tiny graphics with a unique identifier, similar in function to cookies. We may use these tracking technologies to understand users’ activities, to help manage content and compile usage statistics, and in emails to let us know when they have been opened or forwarded so we can track response rates and gauge the effectiveness of our communications.
Local Storage Objects. Local storage is a web storage mechanism that allows us to store data on a browser that persists even after the browser window is closed. Local storage may be used by our web servers to cache certain information in order to enable faster loading of pages and content when you return to our Sites. You can clear data stored in local storage through your browser. Please consult your browser help menu for more information.
Analytics. We use analytics tools, such as Adobe Analytics and Google Analytics, to evaluate usage and traffic on our Site and Services. These analytics providers use cookies, pixels, and other tracking technologies to collect usage data to provide us with reports and metrics that help us analyse, improve, and enhance performance and user experience. You can learn more about how Google uses your information at www.google.com/policies/privacy/partners/ (“How Google uses information from sites or apps that use our services”). You can also download the Google Analytics Opt-out Browser Add-on to prevent your information from being used by Google Analytics at https://tools.google.com/dlpage/gaoptout. For more information about Adobe Analytics, see https://www.adobe.com/privacy/experience-cloud.html#_blank. For information on how to opt out, see https://www.adobe.com/privacy/opt-out.html#customeruse.
Advertising Networks. We work with ad networks, channel partners, mobile ad networks, analytics and measurement services, and others (“ad networks”) to personalise content, as well as to manage our advertising on third-party websites, mobile apps, and online services. We may share certain information with ad networks, and we may each use cookies, pixels tags, and other tools to collect usage and browsing information within our Services, as well as on third-party websites, apps, and services. This information may include IP address, location information, cookie and advertising IDs, and other identifiers, as well as browsing information.
Cross-Device Tracking. We and ad networks we work with may use the information we collect about you within our Site and Services, and on other third-party websites and services, to help us and these third parties identify other devices that you use (e.g., a mobile phone, tablet, other computer, etc.) to interact or engage with us or our Site and Services.
Custom Lists and Matching. We may share or make available certain customer list information (such as your name, email address and other contact information) with third parties so that we can better target ads and content to you across third party sites, platforms and services, and in some cases, these third parties may help us to enhance our customer lists with additional demographic or other information, so we can better target our advertising and marketing campaigns.
Do-Not-Track. Currently, our Site responds to global privacy control (GPC) signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt that particular browser and device out of sales and sharing (i.e., via cookies and tracking tools) on our Site. Note that if you come back to our Site from a different device or use a different browser on the same device, you will need to opt out (or set GPC for) that browser and device as well. Additional information about GPC is available at: https://globalprivacycontrol.org/. Additional information about cookies for users in the EEA and UK can be found in Section 15 below.
You have certain choices regarding our processing of your personal information, and we make available several ways for you to manage your preferences and privacy choices, as described below:
Marketing Communications. We may send periodic promotional emails or other similar communications to you. You may change your preferences or unsubscribe by following the instructions provided to you in the communication.
Cookie Settings. You can set your browser to block certain cookies or notify you when a cookie is set; you can also delete cookies. The “Help” portion of the toolbar on most browsers will tell you how to prevent your device from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to delete cookies. Visitors to our Site who disable cookies will be able to browse the Site, but some features may not function. If you visit our Site from a different device or from a different browser on the same device, you will need to apply your cookie settings for that browser and/or device as well. You can also review or change your preferences for many cookies on our Site, other than those that are necessary, by adjusting your cookie settings through our Cookie Settings link located in the footer.
Industry Ad Choice Programmes. You can control how participating ad networks use the information that they collect about your visits to our Site and Services and those of third parties. You can obtain more information and opt out of receiving targeted ads from participating ad networks at aboutads.info/choices (Digital Advertising Alliance). If you are in Europe, this information is available at www.youronlinechoices.eu (European Interactive Digital Advertising Alliance).
We retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected or as otherwise necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.
Use of our Sites is not designed for children. If we discover that a child has provided us with personal information, we will delete such information from our systems. If you are a parent or guardian and believe we have collected your child’s information in violation of applicable law, please contact us as set forth in Section 14, Contact Us.
Dentsply Sirona is headquartered in the United States, and has operations, entities, and service providers in the United States and throughout the world. As such, when you interact with us, your personal information may be transferred and processed in the United States and other jurisdictions where we and our affiliates and service providers have operations. Some of these jurisdictions may not provide equivalent levels of data protection as compared to your home jurisdiction. Applicable laws in these jurisdictions might permit foreign governments, courts, law enforcement or regulatory agencies to access the information in these jurisdictions, regardless of the safeguards we have put in place to protect that information. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by organisational, technical, contractual and/or other lawful means. Dentsply Sirona intra-company transfers are covered by an intra-group data transfer agreement entered between Dentsply Sirona entities to facilitate legal and secure transfer between the group. If your consent is legally required, we obtain consent either via your acceptance of this Notice or via a programme or product-specific notice and consent.
We have implemented safeguards that are intended to protect the personal information we collect from loss, misuse, unauthorised access, disclosure, alteration, and destruction. We also ensure that third parties we share personal information with contractually agree to comply with applicable privacy law and adequate security policies. Please be aware that despite our efforts, no data security measures can guarantee security.
Our Site and Services may contain links to third-party websites. Any access to and use of such linked websites is not governed by this Notice, but instead is governed by the privacy notices of those third-party websites. We are not responsible for the information practices of such third-party websites.
We may make changes to this Notice from time to time, so please be sure to check back periodically. We will post updates to the Notice on the Site. If we make any material changes to this Notice, we will endeavour to provide you prior notice, such as by emailing or posting prominent notice on our Site.
Dentsply Sirona welcomes your questions and comments about your privacy or this Notice. Please contact us by emailing privacy@dentsplysirona.com.
We have also appointed a Data Protection Officer, whose contact details are as follows:
Jennifer Lattimore
Dentsply Sirona, Inc.
13320-B Ballantyne Corporate Pl
Charlotte, NC 28277
Purposes and Legal Bases for Processing. We use personal information for the purposes set forth below, and for the legal bases described below:
Purposes for processing
To provide and operate our Services, communicate with you about your use of our Services, respond to your enquiries, gather feedback, fulfil your requests, communicate with you, run our day-to-day operations, and for similar support purposes.
Category of personal information processed
Contact information; professional contact information and details; communications; health information*; account and registration information; and transaction information.
Legal bases for processing
Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract.
Purposes for processing
To manage our business relationship with you, for example, to process your transactions, manage and maintain your account with us, respond to your questions and comments, set up a Dentsply Sirona loyalty programme account, allocate a Territory Sales Manager or equivalent to be your dedicated account manager, and for other similar purposes.
Category of personal information processed
Contact information; professional contact information and details; communications; health information*; account and registration information; and transaction information.
Legal bases for processing
Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract.
We have a legitimate interest in organising our activities efficiently.
Purposes for processing
To evaluate your interest in employment and contact you regarding possible employment with us, to process your application, assess your ability to meet the job specifications, verify references and professional qualifications, monitor recruitment statistics, improve our application process, ensure the security of our premises, assets, information, employees and other personnel, and to comply with legal and regulatory requirements such as health and safety requirements, government reporting requirements, equal opportunity monitoring, and to ensure compliance with our Code of Ethics & Business Conduct.
Category of personal information processed
Contact information; professional contact information and details; and references and assessments.
Legal bases for processing
Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract.
Some of the personal information we collect or process will be pursuant to an EEA, UK or Swiss legal obligation.
Other personal information may be collected on the basis of your consent, in which case you will be informed before the information is collected or processed.
In all other cases, we have a legitimate interest in ensuring our recruiting process effectively meets the needs of our business and the reasonable expectations of individuals who seek employment with us.
Purposes for processing
To administer the promotional programmes we offer.
Category of personal information processed
Contact information; professional contact information and details; and profession and educational history and achievements.
Legal bases for processing
Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract.
Purposes for processing
To better understand how users access and use our Services, products, and offerings, and for other research and analytical purposes, such as to evaluate and improve our Services and business operations, to develop Services, features and new products and offerings, and for internal quality control and training purposes.
Category of personal information processed
Preferences; device and browsing information; activities and usage information; and survey responses.
Legal bases for processing
We have a legitimate interest in improving our products and Services to expand our outreach and customer base.
Purposes for processing
To tailor the content that we may send you, including to offer personalised help and instructions, and to otherwise personalise your experience.
Category of personal information processed
Contact information; professional contact information and details; communications; health information*; account and registration information; preferences; device and browsing information; activities and usage information; and location information.
Legal bases for processing
Consent, where required by law (such as where we obtain consent via cookies and other trackers).
In all other cases, we have a legitimate interest in promoting our products and Services in order to expand our outreach and customer base.
Purposes for processing
For marketing, advertising, and public relations purposes. For example, to send you information about our Services and the products and services of our affiliates, such as newsletters, and other marketing content, as well as any other information that you sign up to receive and to provide you with information about, or samples of, our product range for marketing purposes. We also may use certain personal information that we collect to manage and improve our advertising campaigns (both online and offline) so that we can better reach individuals with relevant content based on your interests and geographic region.
Category of personal information processed
Contact information; professional contact information and details; communications; health information; account and registration information; preferences; device and browsing information; activities and usage information; and location information.
Legal bases for processing
Consent, where required by law (such as where we obtain consent via cookies and other trackers or when you opt-in to receive marketing communications from us).
In all other cases, we have a legitimate interest in promoting our products and Services in order to expand our outreach and customer base.
Purposes for processing
For event planning and management, including registration, attendance, connecting you with other event attendees, providing relevant educational opportunities, assisting you with ongoing certification requirements, and contacting you about relevant events and Services.
Category of personal information processed
Contact information; professional contact information and details; training and professional education history; communications; account and registration information; travel details; dietary preferences; and certifications.
Legal bases for processing
Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract.
In all other cases, we have a legitimate interest in providing our customers with meaningful opportunities to engage with us and others in our industry, as well as provide a positive event experience that meets the reasonable expectations of our attendees.
Purposes for processing
To administer surveys, such as for market research, customer satisfaction purposes or improving our Services, to conduct statistical and data analytics, and for other similar purposes.
Category of personal information processed
Contact information; professional contact information and details; device and browsing information; activities and usage information; location information; and preferences.
Legal bases for processing
We have a legitimate interest in improving the relevancy of our Services, products and advertising in order to encourage interactions with us and grow our customer base and financial support.
Purposes for processing
To manage our professional relationship with you; to help promote and influence the adoption of our Services; to keep you updated with relevant information related to your area of expertise; to keep track of the level of interactions the Company has with our KOLs and to build and maintain a community of KOLs; to send informational newsletters; to make informed and objective decisions when identifying which KOLs to engage for research collaboration, clinical trials, patient support programmes, involvement in advisory boards or consulting services; and to help assess Fair Market Value when we engage with other KOLs.
Category of personal information processed
Contact information; professional contact information and details; communications and interactions; and social mediation information.
Legal bases for processing
Performance of our contract with you where necessary to fulfil the terms of our contract or agreement, or to take steps leading to such a contract.
Purposes for processing
To protect our Services and our business operations; to prevent and detect fraud, unauthorised activities and access, and other misuse, where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, violations of our Terms of Use, Code of Ethics & Business Conduct, other applicable policies or other agreements we have with you or this Notice, to defend our rights, including through legal or other dispute resolution processes.
Category of personal information processed
Contact information; professional contact information and details; communications; account and registration information; preferences; device and browsing information; activities and usage information; location information; and transaction information.
Legal bases for processing
We have a legitimate interest in conducting our activities in a lawful manner and protecting our rights and interests as well as those of our stakeholders and society at large.
Purposes for processing
To comply with the law and our legal obligations, for example with respect to internal functions such as accounting, auditing, compliance and recordkeeping, as well as for external purposes, such as to respond to legal process, subpoenas, and related legal proceedings, court orders, national security or law enforcement disclosure requirements, and other lawful requests by regulators and law enforcement.
Category of personal information processed
Contact information; professional contact information and details; communications; health information*; account and registration information; preferences; device and browsing information; activities and usage information; location information; transaction information; and references and assessments.
Legal bases for processing
Legal obligation, where we need to comply with EEA, Swiss or UK law.
In all other cases, we have a legitimate interest in ensuring that our business practices comply with applicable law in the jurisdictions where we operate and do business.
Purposes for processing
To consider and implement mergers, acquisitions, reorganisations, bankruptcies, and other transactions such as financings, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.
Category of personal information processed
Contact information; professional contact information and details; communications; health information*; account and registration information; preferences; location information; transaction information; device and browsing information; and activities and usage information.
Legal bases for processing
Our legitimate interests in organising our activities efficiently.
*Unless otherwise noted in a separate privacy notice and consent for a specific type of service, for the noted purpose, we process health information in the course of providing Services to health care professionals, and in doing so we act as a processor and not as a controller.
Where we process your personal information to perform a contract with you or to comply with a legal obligation, the provision of your personal data is compulsory so far as it is either a contractual or statutory requirement, or a necessary requirement to enter into a contract. In such cases, provision of your personal information is mandatory since it would not otherwise be possible to enter and perform our contract with you, or to comply with our legal obligations.
Your Rights in Respect to Your Personal Information. GDPR as well as other laws in the EMEA region allow you to exercise certain rights in relation to the personal information that we hold about you, subject to certain conditions and exceptions. These rights may include:
You can exercise your rights by contacting us using the information set out under “How to Contact Us” below. As noted above, these rights may be subject to specific conditions and exceptions depending on our relationship with you and the legal basis for processing your personal information. Each submission will be evaluated promptly and in accordance with applicable law.
You have the right to submit a complaint with the relevant data protection authority of your habitual residence, your place of work, or the place of the alleged infringement/violation of your rights. This link will redirect you to the European Data Protection Board website with an up-to-date list of all European Economic Area Data Protection Authorities: https://edpb.europa.eu/about-edpb/board/members_en. The UK authority, the ICO, can be reached here: https://ico.org.uk/. The Swiss Federal Data Protection and Information Commissioner can be reached here: https://www.edoeb.admin.ch/.
International Data Transfers. By using our Services, you understand and agree that your personal information is transferred to countries outside of the EMEA region, and notably to the United States. Some of the countries where your personal information is transferred may not provide an adequate level of personal information protection according to your country’s regulatory authorities. We have implemented measures to protect your personal information, including contractual terms such as the European Commission-approved Standard Contractual Clauses and their UK equivalent and the UK International Data Transfer Addendum. You can obtain a copy of these terms by contacting us using the information set out below.
Cookies. Some of our cookies are strictly necessary for the Site to function as intended, while others are not strictly necessary and are designed to optimise your experience, help us understand our users better and for advertising purposes. Your consent is required for the use of non-strictly necessary cookies – we obtain this consent through our pop-up cookie preference manager. You can withdraw your consent at any time using the preference manager or your browser settings. More information about the individual cookies used on the Sites can also be found through the Cookie Settings link in the footer of this page.
Please note the following information in addition to the details provided above:
Collection and processing of sensitive data. For the purposes informed in this Notice, we will process the following personal information that is considered sensitive, and which requires special protection:
Collection of information that is not necessary for the requested services. We may collect and use your personal information for the following purposes that are not necessary for the requested Services, but which allow and facilitate us to provide you with a better service:
In case you do not want your personal data to be processed for these additional purposes, from this moment you can inform us of your preference by sending an email to the Dentsply Sirona Privacy Office at the address privacy@dentsplysirona.com. Refusal to use your personal data for these purposes will not be a reason for us to deny you the services and products you request or contract with us.
We inform you that your personal data is shared inside and outside the country with the following people, companies, organisations and authorities other than us, for the following purposes:
Recipient of personal data
Dentsply Sirona Affiliates & Subsidiaries under common control. A list of Dentsply Sirona companies and their locations can be found here.
Purpose
The Dentsply Sirona Group operates in many countries and shares personal data internally within the DS Group for general business management purposes, to meet customer needs, for regulatory or reporting purposes and other legitimate business purposes.
Recipient of personal data
Service providers such as payment processors, internet service providers, professional consultants and advisers, outsourced services such as IT and/or cloud-based service providers and event management providers
Purpose
We ask third parties to carry out certain business functions for us and disclose your personal data to them so that they can perform those functions on our behalf. These third parties are processors and not controllers.
Recipient of personal data
Distributors, business partners, ad networks, social media*
Purpose
Deliver products and services to our customers in the most efficient way.
Recipient of personal data
Regulators, government and tax authorities, and law enforcement authorities
Purpose
As required by law
Recipient of personal data
Others with your consent or as required by law
Purpose
Based on your consent or our legal obligations
Tacit consent notice (applicable to residents of Mexico): we inform you that for transfers indicated with an asterisk (*) we require your consent. If you do not express your refusal to such transfers, we will understand that you have granted it to us. You may communicate such refusal by email to privacy@dentsplysirona.com.
Your rights as a data subject: How can you access, rectify or delete your personal data, object to its use or exercise other rights?
Data subjects have several rights in accordance with the applicable law in the place where they reside. These rights may include the right to be informed (e.g., through a privacy notice such as this one); the right to know whether your personal data is being processed and, if so, to access the personal data we hold about you; the right to request correction of personal data that is out of date, inaccurate or incomplete; the right to request the erasure of your personal data when you consider that they are not being used in accordance with the principles, duties and obligations provided for in the applicable legislation; as well as to object to the use of your personal data for specific purposes; the right to portability of your personal data to other service providers in a structured and commonly used format; COOI the right to know the public and private entities with which your personal data has been shared; information on the possibility of not giving consent and on the consequences of such refusal; the right to revoke your consent; the right to review decisions based on the processing of personal data by automated means; the right not to be subject to automated decision-making; and the right to lodge a complaint with the applicable regulatory authority for non-compliance with data protection law. To exercise your rights, you can contact our Privacy Department at privacy@dentsplysirona.com. We will process requests to exercise these rights and resolve any questions you may have about the processing of your data.
How can you revoke your consent to the use of your personal data?
You may revoke the consent you have given us for the processing of your personal data. However, it is important that you bear in mind that your withdrawal of consent will not apply retroactively to the processing that took place before the revocation was communicated, and that in all cases we will not be able to respond to your request or terminate the use immediately, as it is possible that due to some legal obligation, we may be required to continue processing your personal data. You should also consider that for certain purposes, the revocation of your consent will mean that we will no longer be able to provide you with Services and/or the termination of your relationship with us.
To revoke your consent, or to learn about the procedure and requirements for revoking consent, you must send your request by email to privacy@dentsplysirona.com.
How can you limit the use or disclosure of your personal information?
In order for you to limit the use and disclosure of your personal information, we make available to you the following means:
A. United States - federal
In certain circumstances, we may collect or use your information through our Services while acting as a “business associate” or “covered entity” under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which may constitute Protected Health Information (PHI).
A business associate includes an entity that provides services to a HIPAA covered entity that involves the use or disclosure of PHI. If your health care professional or health insurance company qualifies as a HIPAA covered entity, and we provide services to them or on their behalf, we may qualify as their business associate. PHI as defined under HIPAA, generally means information about you that identifies you and that relates to your physical or mental health or condition, the provision of health care to you, or payment for health care provided to you. To the extent we are acting as a business associate, we will only use and disclose your information as permitted by HIPAA, which may include, but is not limited to, fulfilling our service obligations, our internal management and administration, executing our legal responsibilities, de-identifying or aggregating data, or as otherwise required by law.
Where we act as a covered entity under HIPAA with respect to the information we collect from you, our Notice of Privacy Practices, and not this Notice, will apply.
B. U.S. State Law Privacy Disclosures
Sale of Personal Information
While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” the following categories of personal information: identifiers, such as unique personal identifiers, online identifiers, IP address, or other similar identifiers; commercial information; location data; and Internet and network activity information. We may disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns.
Consumer Rights
Residents of certain U.S. states may have additional rights under applicable privacy laws, subject to certain limitations, which may include:
You may submit a request to exercise most of your privacy rights under U.S. state privacy laws through our webform here or by emailing us at privacy@dentsplysirona.com.
To opt out of targeted advertising by us, you can adjust your cookies settings here (click the link in the footer) or on your device. In addition, our Site responds to global privacy control (GPC) signals, which means that if we detect that your browser is communicating a GPC signal, we will process that as a request to opt that particular browser and device out of sales and sharing (i.e., via cookies and tracking tools) on our Site. Note that if you come back to our Site from a different device or use a different browser on the same device, you will need to opt out (or set GPC for) that browser and device as well. More information about GPC is available at: https://globalprivacycontrol.org/. See Section 6 Cookies and Tracking and Section 7 Your Privacy Choices for more information.
We will respond to your request as required under applicable U.S. privacy law(s). When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request. If your request is denied, we will explain the basis for the denial.
If we deny your request, in certain jurisdictions you may be able to appeal our decision according to the instructions we provide in our response.
To the extent permitted under applicable U.S. privacy laws, you may also designate someone as an authorised agent to submit requests and act on your behalf. Authorised agents may be required to provide proof of their authorisation and we may also require the relevant consumer to directly verify the identity and authority of the authorised agent.
C. California Notice at Collection and Privacy Rights
This Section of the Notice provides additional information for California residents and describes our information practices pursuant to applicable privacy laws, including the California Consumer Privacy Act and the regulations issued thereto, each as amended (“CCPA”). To the extent you are a California resident, and we collect “personal information” subject to the CCPA, the following applies.
This Section does not address or apply to our handling of personal information that is exempt under the CCPA, such as publicly available information or de-identified or aggregated information. Additionally, this Notice does not apply to personal information we collect, receive, or otherwise maintain about you that is primarily governed by certain federal laws, such as HIPAA. The CCPA recognises that health information subject to HIPAA is already protected under federal law, so the CCPA does not apply to such information.
Categories of Personal Information Collected and Disclosed
The table below identifies, generally, the categories of personal information we collect or process about California residents, as well as the categories of third parties to whom we may disclose this personal information for a business or commercial purpose.
Categories of Personal Information
Includes direct identifiers such as name, alias, email, phone number, address, unique personal identifier, online identifier, IP address, or other similar identifiers.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes your account and profile information and customer records that contain personal information, such as name, demographics and other characteristics or descriptions, contact information, and financial or payment information.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes records of Services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes browsing history, clickstream data, search history, and information regarding interactions with our Sites and Services, advertisements, or emails, including other usage data related to your use of any of our Services or other similar online services.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Such as general location information about a particular individual or device.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings and webinars, videos, and photographs.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Such as inferences drawn from any of the information described in this Section about a consumer including inferences reflecting consumer preferences, characteristics, behaviours, attitudes, abilities, and aptitudes.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
We may collect some information that is considered a protected classification under California or federal law, which may include your gender, age, date of birth, citizenship, marital status, disability status, gender identity or expression, and medical condition.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
In some circumstances, we may collect payment card information and related details, precise geolocation data, racial or ethnic origin, biometric information, and personal information collected and analysed concerning a consumer’s health. We may also collect your Social Security, driver’s license, or state identification card number.
Third Party Disclosures for Business or Commercial Purposes
Sales and Sharing of Personal Information. The CCPA defines “sale” as disclosing or making available personal information to a third-party in exchange for monetary or other valuable consideration, and “sharing” includes disclosing or making available personal information to a third party for purposes of cross-contextual behavioural advertising. While we do not disclose personal information to third parties in exchange for monetary compensation, we may “sell” or “share” the following categories of personal information: identifiers; commercial information; location data; and Internet and network activity information. We may disclose these categories to third-party advertising networks, analytics providers, and social networks for purposes of marketing and advertising and to improve and measure our ad campaigns. We may also share limited information, such as name and email address, to data brokers for purposes of marketing and advertising and to improve and measure our ad campaigns.
We do not sell or share sensitive personal information, nor do we sell or share personal information about individuals we know are under age sixteen (16).
Sources of Personal Information. We generally collect personal information from the following categories of sources: directly or indirectly from you; affiliates and subsidiaries; business partners; vendors and service providers; government officials; healthcare professionals and dentists; third-party websites and services; data brokers; public databases; social media platforms and websites; internet service providers; operating systems and platforms; and marketing and data analytics providers.
Purposes of Collection, Use, and Disclosure. See Section 3 Purposes for Collecting and Processing and Section 4 Disclosures of Personal information for a description of the business or commercial purposes for which we may collect, use, disclose, and process your personal information.
Sensitive Personal Information. We do not collect, use, or disclose “sensitive personal information” beyond the purposes authorised by the CCPA. Accordingly, we only use and disclose sensitive personal information as reasonably necessary and proportionate: (i) to perform our Services requested by you; (ii) to help ensure security and integrity, including to prevent, detect, and investigate security incidents; (iii) to detect, prevent and respond to malicious, fraudulent, deceptive, or illegal conduct; (iv) to verify or maintain the quality and safety of our Services; (v) for compliance with our legal obligations; (vi) to our service providers who perform services on our behalf; and (vii) for purposes other than inferring characteristics about you.
Retention. We retain the personal information that we collect only as reasonably necessary for the purposes described above or as otherwise disclosed to you at the time of collection. For example, we will retain your account information for as long as you have an active account with us and additional information as necessary to comply with our tax, accounting, and recordkeeping obligations, to provide you with the Services you have requested, as well as an additional period of time as necessary to protect, defend, or establish our rights, defend against potential claims, and comply with our legal obligations. In some cases, rather than delete your personal information, we may deidentify or aggregate it and use it in compliance with the CCPA.
California Residents’ Rights. Under the CCPA, California residents have the following rights (subject to certain limitations):
Submitting CCPA Requests. California residents may exercise their CCPA privacy rights as set forth below:
When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. If we are unable to verify your identity after a good faith attempt, we may deny the request and, if so, will explain the basis for denial.
You may also designate someone as an authorised agent to submit requests and act on your behalf. Authorised agents will be required to provide proof of their authorisation and we may also require the relevant consumer to directly verify the identity and the authority of the authorised agent.
In addition, if we detect that your browser or device is transmitting an opt out preference signal, such as the GPC signal, we will opt that browser or device out of cookies that result in a “sale” or “sharing” of your personal information. If you come to our Site or use our Services from a different device or from a different browser on the same device, you will need to opt out, or use an opt out preference signal, for that browser and/or device as well. More information about GPC is available at globalprivacycontrol.org.
Notice of Financial Incentive. With respect to some of our Services, we may make available certain programmes or offerings, and other sweepstake, contests, or similar promotional offerings (each a “Programme”) which may include certain offers, rewards, discounts, services, perks, and promotions (“Rewards and Offers”). These Programmes may be considered “financial incentives” under the CCPA. We provide these Rewards and Offers to participating users in order to understand and improve customer satisfaction and experiences, and to foster positive customer relationships.
As a basis for offering these Rewards and Offers, we have valued the personal information we obtain based on a reasonable and good faith calculation determined by considering expenses related to the Programmes. In doing so, we value the personal information collected through the programmes as the equivalent of the costs and expenses incurred to provide the programme, including IT, administration, direct costs, third party costs, discounts, and Service development costs.
Your personal information is collected and retained, and may be disclosed to our business partners, vendors and service providers, and other third parties, as described in this Notice, including in order (i) to administer the Programme, (ii) for research and analytics purposes, (iii) to improve our products and Services, (iv) to better reach you with more relevant, targeted offers, and (v) to send you Company-related news, updates and offers by email and postal mail (in accordance with your communications preferences).
You may withdraw from participating in a Programme at any time by contacting us at privacy@dentsplysirona.com. Please note that if you withdraw from a Programme (or submit a CCPA request to delete your Programme information), your participation in that Programme will be terminated, which means that you will no longer be eligible to earn, use, access or redeem any Programme Rewards and Offers, subject to the applicable Programme terms.
California Shine the Light Rights. California’s “Shine the Light” law (Cal. Civ. Code § 1798.83) permits California residents who provide us certain personal information to request and obtain from us, free of charge, information about the personal information (if any) we have shared with third parties for their own direct marketing purposes. To make a California Shine the Light request, please call 1-800-461-9330 or email us at privacy@dentsplysirona.com. Requests may be made once per year.
This Section of the Notice provides additional information for Canadian residents and describes our information practices pursuant to applicable privacy laws, including the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and other applicable provincial laws.
Personal Information Collected and Purposes
For a list of the personal information collected, please see Section 2 Personal Information Collected.
For a list of the business purposes for which each type of personal information is collected, please see Section 3 Purposes for Collecting and Processing.
Categories of Personal Information Disclosed. The table below identifies, generally, the categories of personal information shared with third parties for a business or commercial purpose.
Categories of Personal Information
Includes direct identifiers such as name, alias, email, phone number, address, unique personal identifier, online identifier, IP address, or other similar identifiers.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes your account and profile information and customer records that contain personal information, such as name, demographics and other characteristics or descriptions, contact information, and financial or payment information.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes records of Services purchased, obtained, or considered, or other purchasing or use histories or tendencies.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes browsing history, clickstream data, search history, and information regarding interactions with our Sites and Services, advertisements, or emails, including other usage data related to your use of any of our Services or other similar online services.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Such as general location information about a particular individual or device.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Includes information collected via call recordings if you are interacting with us in a customer service capacity or if you call us on a recorded line, recorded meetings and webinars, videos, and photographs.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
Such as inferences drawn from any of the information described in this Section about a consumer including inferences reflecting consumer preferences, characteristics, behaviours, attitudes, abilities, and aptitudes.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
We may collect some information that is considered a protected classification such as gender, age, date of birth, citizenship, marital status, disability status, gender identity or expression, and medical condition.
Third Party Disclosures for Business or Commercial Purposes
Categories of Personal Information
In some circumstances, we may collect health data, payment card information and related details, precise geolocation data, racial or ethnic origin, biometric information, and other information considered sensitive under Canadian law.
Third Party Disclosures for Business or Commercial Purposes
Sensitive personal information, such as medical information, is collected with explicit consent where legally required, unless an exception applies. We may process sensitive information when acting as processor/service provider for another controller who has obtained your consent.
Circumstances where Personal Information will be shared or transferred across borders
Personal information may be communicated outside of the province where you reside or where the information was collected. See Section 10 International Transfers of Personal Information. When such transfer occurs, we take reasonable steps to ensure that the receiving entity uses the information only for the purposes specified in this Notice.
You are welcome to contact us about our policies regarding service providers outside of Canada. See Section 14 Contact Us for instructions on how to reach our Data Protection Officer.
By submitting your personal information or engaging with the Services, you consent to this transfer, storage or processing.
Your Privacy Choices
See Section 7 Your Privacy Choices.
Your Privacy Rights
Under applicable federal or provincial law, you may have the following privacy rights available to you:
To exercise your privacy rights, contact us at privacy@dentsplysirona.com. When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. Requests will be evaluated in accordance with applicable law. Your request may be denied if we are unable to verify your identity after a good faith attempt, or for other reasons as may be applicable under local law. In such case, we will inform you of our decision and the reasons for it. If we deny your request, in certain jurisdictions you may be able to appeal our decision according to the instructions we provide in our response. In some cases and in accordance with applicable law, we may charge a fee to process your request. If a fee is applicable, we will provide you with this relevant information before fulfilling your request.
Where processing of your personal information is based on consent, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, contact us at privacy@dentsplsysirona.com and let us know the programme or Services for which you wish to withdraw your consent. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.
You may report any complaints related to personal information protection that arise while using our Services to privacy@dentsplysirona.com. We will provide you prompt and sufficient response to your concern. If you need further assistance, or if you need to report personal information infringements, please contact your local data protection authority.
This Section supplements the Notice with additional disclosures specific to residents of countries in the Asia Pacific (APAC) region.
Data Controller(s)
The primary controller of your personal information will be the Dentsply Sirona business with whom you have interacted, including where you may have entered into a contract with us, in which case the legal entity will be identified in the contract. A list of Dentsply Sirona companies and their locations can be found here. If you have a question about the identity of your applicable controller please see Section 14 Contact Us for instructions on how to reach our Data Protection Officer.
Personal Information Collected
For a list of the personal information collected, please see Section 2 Personal Information Collected.
Business Purposes for which Personal Information will be used or processed
For a list of the business purposes for which each type of personal information is collected, please see Section 3 Purposes for Collecting and Processing.
Sensitive Personal Information
Sensitive personal information, such as medical information, is collected with explicit consent where legally required, unless an exception applies. We may process sensitive information when acting as processor/service provider for another controller who has obtained your consent.
Circumstances where Personal Information is shared or transferred
For information related to circumstances under which your personal information may be transferred, accessed, or shared, please see Section 4 Disclosures of Personal Information.
Circumstances where Personal Information will be shared or transferred across borders
See Section 10 International Transfers of Personal Information.
You may wish to review the offshore report published by Japan’s Personal Information Protection Commission here.
Security
Data Subject Rights
Depending on where you reside, you may have the benefit of data subject rights such as:
You can exercise your data subject rights by sending an email to privacy@dentsplysirona.com with the specifics of your request.
When you submit a request, we will take steps to verify your identity and request by matching the information provided by you with the information we have in our records. In some cases, we may request additional information in order to verify your identity, or where necessary to process your request. Requests will be evaluated in accordance with applicable law. Your request may be denied if we are unable to verify your identity after a good faith attempt, or for other reasons as may be applicable under local law. In such case, we will inform you of our decision and the reasons for it. If we deny your request, in certain jurisdictions you may be able to appeal our decision according to the instructions we provide in our response.
In some cases and in accordance with applicable law, we may charge a fee to process your request. If a fee is applicable, we will provide you with this relevant information before fulfilling your request.
You may report any complaints related to personal information protection that arise while using our Services to privacy@dentsplysirona.com. We will provide you with a prompt and sufficient response to your concern. If you need further assistance, or if you need to report personal information infringements, please contact your local data protection authority.
Retention and Destruction of Personal Information
We retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected or as otherwise necessary to comply with our legal obligations, resolve disputes, maintain appropriate business records, and enforce our agreements.
Once the personal information has met its retention period, the information is promptly destroyed or deleted. Information printed on paper is destroyed by shredding or incineration whereas personal information stored in an electronic file format is deleted using a technical method that renders the records unrecoverable.
Public domain
Some of our Services may include public chat rooms, message boards, and news groups for users to use and share information with one another. Any information you disclose or share in these public forums becomes public information, so you should be careful when deciding to disclose your personal information in these areas. Do not disclose personal information about third parties or discuss information about identifiable patients through these areas.
Cookies and Tracking
See Section 6 Cookies and Tracking for more information on how we use cookies and other analytics platforms as part of the Services. Please note that our Services may use social and video plug-ins, such as those provided by Facebook, Instagram, LinkedIn, or YouTube. When you visit a page on one of our Sites that contains a social, video or other plugin, your browser will connect directly to the plugin server and provide that third party with information that you accessed that page on our Site. If you are also logged into that service, your visit may be linked to your account for that service. Therefore, if you interact with the plugin, for example by clicking “Like” or submitting a comment, that information will be transmitted directly from your browser to that party. Your interactions with such services are subject to their respective privacy policies and other policies that may be located on their websites.
When you visit our Sites, we may allow certain third parties (such as advertising networks and data analytics companies) to collect information about your online activities over time and across different websites. Where required by applicable law, we will ask for your consent to place cookies on your device. If you give consent, this message will not appear again when you return to the Site. If you wish to withdraw your consent at any time, you may do so by changing your browser settings.
Notifiable Data Breaches
If there is a loss, or unauthorised access or disclosure of your personal data that is likely to result in serious harm to you, we will investigate and provide notifications to you and the relevant data protection authority (if required) in accordance with applicable law.