SmileDirectClub, LLC (“SmileDirectClub” or “we” or “our”) respects your privacy and is committed to protecting it through our compliance with this policy.
This policy applies to information we collect:
- from you or your legal guardian on or through our Website or Application;
- from or on behalf of your licensed dentist, orthodontist or other medical provider or her/his staff;
- in email, text, and other electronic messages between you and our Website or Application
- through printed documents, records, and materials; and
- when you interact with our advertising, marketing, and applications on third-party websites and services, if those applications or advertising include links to this policy.
It does not apply to information we collect:
- offline or through any other means, including on any other website operated by SmileDirectClub or any third-party; or
- through any third-party website or application, including through any application or content (including advertising or marketing) that may link to or be accessible from or on the Website or in the Application.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. By visiting our Website or using our Application, you acknowledge the practices described in this policy, subject to those circumstances where your specific consent is requested. If you do not agree with our policies and practices, you are not permitted to use our Website or Application.
For the purposes of applicable data protection law, SmileDirectClub is the controller of any Personal Data collected from you on the Website or Application or otherwise for the purpose of conducting or developing our business with you. When we refer to Personal Data, we mean any information related to an identified or identifiable person, which may be you, or other Website or Application users or customers or vendors.
Children Under the Age of 18
We may provide our goods and services to children 13 years of age or older, and parents or guardians of children 13 or older are welcome to use our Website and Application to order and use our goods and services on their children’s behalf, including by entering their children’s information on our Website or in our Application. However, our Website and Application are not intended to be directly used by children under 18 years of age. No one under age 18 may provide any information to or on the Website or in the Application. We do not knowingly collect Personal Data (as defined below) directly from children under 18. If you are under 18, please ask your parent or guardian to access and use the Website or Application for you, and please do not use, or provide any information on our Website, Application, or on or through any of their features, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received Personal Data directly from a child under 18 without verification of parental or guardian consent, we will delete that information. If you believe we might have received any information from a child under 18, please contact us at CustomerCare@SmileDirectClub.co.uk.
We collect several types of information from and about users of our Website and Application, specifically information:
- by which you may be personally identified, such as name; home, shipping, and postal address; e-mail address; home and mobile telephone number; credit card, debit card, or other payment information (solely for payment purposes); date of birth; social security number; your medical history and name(s) of your medical and dental providers; and other information about your past, present or future physical or mental health condition or the provision of health or dental care (“Personal Data”)
- that is about you but individually does not identify you, such as statistical and other communication data and the resources that you access and use on the Website and in the Applications; and/or
- about your internet connection and the equipment you use to access our Website and Application and usage details.
We collect this information:
- directly from you when you provide it to us;
- automatically as you navigate through the Website or use the Application. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies; and
- From third parties, for example, your health and dental providers and our business partners.
We do not use this automatically collected information to try to identify you by name, and we do not associate it with the information you provide voluntarily, as detailed below.
Information You Provide to Us
In order to access or use certain portions of the Website and Application or enjoy the full functionality of the Website and Application, learn more about or use our products and services, or more generally in conducting business with us or seeking to conduct business with us, you may be prompted to provide certain Personal Data to us in the following ways:
- by responding to surveys that we might ask you to complete for research purposes;
- by filling in forms (for example, a 'Contact Us' form) on our Website and Application or at a trade show or anywhere else we conduct business;
- by downloading documentation from our Website and Website;
- by subscribing to newsletters or other communications;
- by corresponding with us by phone, e-mail or otherwise using our contact details; or
- by applying for a job, work placement or internship over our recruitment platform, in relation to which you should also refer to the specific privacy notices made available to you during the recruitment process.
Typically, the Personal Data you give us may include your name, home and shipping address, telephone number, and email address, credit card, debit card, or other payment information (solely for payment purposes) date of birth, medical history and name(s) of your medical or dental providers, and other information about your past, present, or future physical or mental health condition or the provision of health or dental care, and any personal details required to resolve any enquiries or complaints. Where you are applying for a job, work placement or internship, you will be asked to provide certain additional information, for example about your education, employment history and right to work, pursuant to a specific privacy notice for job candidates.
This information is required to enter into a contract with you (such as in anticipation of an employment contract or a services agreement) or for us to provide you with our products and services and to facilitate communication between you and your registered dentist. Failure to provide any information may result in our inability to provide requested services or products, or consider your application for employment.
We may also obtain Personal Data about you from third parties, namely our registered dental partners and our business partners.
You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Website and Application or transmitted to other users of the Website, Application, or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website or Application with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.
Information We Collect Through Automatic Data Collection Technologies
As you navigate through and interact with our Website and Application, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, such as:
- details of your visits to our Website or use of our Application, such as traffic data, location data, logs, referring/exit pages, date and time of your visit to our Website or use of our Application, error information, clickstream data, and other communication data and the resources that you access and use on the Website or in the Application; and
- information about your computer and internet connection, such as your IP address, operating system, and browser type.
The information we collect automatically may include Personal Data or we may maintain it or associate it with Personal Data we collect in other ways or receive from third parties. It helps us to improve our Website and Application and to deliver a better and more personalized service by enabling us to:
- estimate our audience size and usage patterns;
- store information about your preferences, allowing us to customize our Website and Application according to your individual interests;
speed up your searches; and
- recognize you when you return to our Website or Application.
Use of Personal Data
The following is an overview of our purposes for using your Personal Data. Additional details on how we process your Personal Data may be provided to you in a separate notice or contract.
All processing (i.e. use) of your Personal Data is justified by a ‘legal basis’. SmileDirectClub processes this information when specifically justified and only to the extent necessary to carry out its obligations to your registered dental care provider and you, and to provide your registered dental provider and you with our goods and services. We use the Personal Data we collect for the purposes described below, and based on the following justifications:
Justification - the processing is necessary to perform a contract with you or take steps to enter into a contract at your request, namely:
- process, evaluate and complete certain transactions involving the Website or Application, and more generally transactions involving SmileDirectClub’s products and services;
- provide you with documentation or communications which you have requested;
- provide you with any services or products you request;
- support and manage a recruitment, work placement or internship process, including considering applications and making offers;
- correspond with users to resolve their queries or complaints.
Justification: the processing is necessary for us to comply with a relevant UK or EU legal obligation, namely:
- document for our accounting, tax and other records certain transactions involving the Website or Application, and more generally transactions involving SmileDirectClub’s products and services;
- report transactions to relevant authorities and agencies;
- protect and ensure safety of SmileDirectClub’s employees;
- comply with a binding order issued by law enforcement or a legal authority.
Justification: the processing is in our legitimate interests, subject to your interests and fundamental rights:
- operate, evaluate, maintain, improve and develop the Website and Application (including by monitoring and analyzing trends, access to, and use of the Website and Application for advertising and marketing;
- evaluate, improve and develop our products and services generally;
- customize our Website and Application to users' needs;
- if you are already a customer and we can rely on the 'soft-opt in' exemption, engage with you about events, promotions, the Website, Application, and SmileDirectClub’s products and services and more generally send you marketing communications. SmileDirectClub will not sell or rent your Personal Data to third parties for marketing purposes;
- protect and ensure safety of the Website, Application, and SmileDirectClub confidential and proprietary information;
- reorganize our business (including selling part or all of our business);
- manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations.
Our legitimate interest is to use Website and Application user, customer and vendor data to conduct and develop our business activities with them and with others while managing the risks to our business, in order to benefit our brand and reputation, our employees, our shareholders and other stakeholders.
Justification: you have consented to the processing:
- engage you about events, promotions, the Website, Application, and SmileDirectClub’s products and services;
- send you marketing communications, where it is otherwise lawful for us to do so and we are not able to rely on the 'soft opt-in' exemption. SmileDirectClub will not sell or rent your Personal Data to third parties for marketing purposes.
Special Category Personal Data
We may process Personal Data which is regarded as 'special category', in particular Personal Data relating to your health. Where we do so, we will rely on a further justification for processing specific to special category personal data. This may be because the processing is necessary for the purposes of providing health treatment, because you have provided explicit consent (in which case it will be made clear to you what this consent covers), or because it is necessary for us to process the Personal Data in order to establish, exercise or defend legal claims.
We will only use your contact information to promote or market our own products and services through voice and text messages with your express consent, or where we are able to rely on an 'opt-out' model for existing customers (the 'soft opt-in' exemption). If you wish to consent to such use, you can check the relevant box located on the form on which we collect your Personal Data or otherwise seek such consent. If you wish to change your choice, you may do so at any time by logging into the Website or Application and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes, by using the “STOP” function when replying to text messages, or by sending a written request to Customer Care C/O SmileDirectClub, LLC, 414 Union Street, 8th Floor, Nashville, TN 37219, or emailing us at CustomerCare@SmileDirectClub.co.uk, or calling us at (800) 848-7566. We may also use your contact information to promote or market our products and services through email. If we have sent you a marketing or promotional email, you may click the unsubscribe link to be omitted from future email distributions. This opt out does not apply to information provided to SmileDirectClub as a result of a product purchase, your membership, product service experience or other transactions. Your aligner therapy treatment is not conditioned on your consent to receive marketing or promotional communications.
Disclosure of Your Information
We may also disclose your Personal Data:
- to your dental care provider;
- to our subsidiaries and affiliates;
- to contractors, service providers, subcontractors, and business associates, and other third parties we use to support our business;
- to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of SmileDirectClub, LLC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Data held by SmileDirectClub, LLC about our Website’s and Application’s users is among the assets transferred;
- to fulfill the purpose for which you provide it;
- for any other purpose disclosed by us when you provide the information; or
- with your consent.
We may also disclose your Personal Data:
- to comply with any court order, law, or legal process, including to respond to any government or regulatory request;
- if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of you, your licensed provider and/or her/his staff, SmileDirectClub, LLC, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
If your Personal Data is transferred outside the UK or EU to other SmileDirectClub group companies or to third-party service providers, we will take steps to ensure that your Personal Data receives the same level of protection as if it remained within the UK or EU, including by entering into data transfer agreements, using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the EU - US Privacy Shield. For transfers to SmileDirectClub in the US and Costa Rica, we have put in place European Commission approved Standard Contractual Clauses, which protect Personal Data transferred between SmileDirectClub entities. You have a right to obtain details of the mechanism under which your Personal Data is transferred outside of the UK or EU by contacting DPO@SmileDirectClub.com. We may redact copies of data transfer agreements for reasons of commercial confidentiality, without obscuring evidence of the appropriate data protection safeguard.
Choices About How We Use and Disclose Your Information
We offer you choices on how you can opt out of our use of tracking technology, disclosure of your Personal Data for third-parties to market or advertise to you, our marketing or advertising to you, and other targeted marketing and advertising.
We do not control the collection and use of your information collected by third parties. When possible, these organizations are under contractual obligations to maintain appropriate safeguards and protections, to use this data only for providing the services to us, and to maintain this information strictly confidential. These third parties may, however, aggregate the information they collect with information from their other customers for their own purposes.
Retention of your Personal Data
We apply a general rule of keeping Personal Data only for as long as required to fulfil the purposes for which it was collected. For customer data, we generally keep data six years after contract termination, corresponding to a statute of limitation so that we have an accurate record of your dealings with us in the event of any complaints or challenges. For marketing data, we delete data no later than three years after you last initiate contact with us. However, in some circumstances we may retain Personal Data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.
Accessing and Updating Your Personal Data
You may access and update your Personal Data at any time.
You can review and change your Personal Data by logging into the Website or Application and visiting your account profile page. You may also notify us through the contact information of any changes or errors in any Personal Data we have about you to ensure that it is complete, accurate, and as current as possible. We may not be able to accommodate your request if we believe it would violate any law or legal requirement or cause the information to be incorrect.
We have implemented measures designed to secure your Personal Data from accidental loss and from unauthorized access, use, alteration, and disclosure. All information you provide to us is stored on our secure servers behind firewalls. Any payment transactions and health information will be encrypted when being communicated between us and you.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website or the Application, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information on the Website or in Application like message boards and other areas where you may post photographs, videos or other content. The information you share in public areas may be viewed by any user of the Website or Application.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your Personal Data, we cannot guarantee the security of your Personal Data transmitted to or from our Website or Application. Any transmission of Personal Data is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website, the Application, or the operating system of your computer or mobile device.
Our Website and Website may contain links to third-party sites. Since SmileDirectClub does not control nor is responsible for the privacy practices of those websites, we encourage you to review the privacy policies of these third-party sites. This notice applies solely to Personal Data collected by our Websites and Applications, or in the course of our business activities with customers and vendors.
Subject to the conditions set forth in the applicable law, you have the following rights with regard to our processing of your Personal Data:
Where your Personal Data is subject to restriction we will only process it with your consent or for the establishment, exercise or defence of legal claims.
Right to object to processing (including profiling) based on legitimate interest grounds. Where we are relying upon legitimate interests to process Personal Data, you have the right to object to that processing. If you object, we must stop that processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or we need to process the Personal Data for the establishment, exercise or defence of legal claims. Where we rely upon legitimate interest as a basis for processing we believe that we can demonstrate such compelling legitimate grounds, but we will consider each case on an individual basis.
Right to object to direct marketing (including profiling). You have the right to object to our use of your Personal Data (including profiling) for direct marketing purposes, such as when we use your Personal Data to invite you to our promotional events.
Please contact us as at DPO@SmileDirectClub.com if you wish to exercise any of your rights, or if you have any enquiries or complaints regarding the processing of your Personal Data. Please note that we may ask you for additional information to confirm your identity and for security purposes before disclosing the personal information requested by you. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive.
Some rights may be subject to exemptions created by applicable law, or may only be exercisable in certain circumstances. We will communicate openly with you to help you to understand whether, and to what extent, a right is exercisable.