Privacy Policy

Last updated: March 22, 2026

1. Data Controller

Dentistock SRL ("Dentistock", "we", "us", "our"), a company registered in Belgium, operates the Dentistock platform ("Platform"), accessible at www.dentistock.com.

Dentistock acts as the data controller within the meaning of the General Data Protection Regulation (EU) 2016/679 ("GDPR") for the processing of personal data carried out through the Platform.

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at privacy@dentistock.com.

2. Scope

This Privacy Policy applies to all personal data collected and processed through the Platform. The Platform is a professional tool designed exclusively for dental practices and dental professionals. Dentistock does not intentionally collect data relating to users' personal or private lives.

By creating an account or using the Platform, you acknowledge that you have read and understood this Privacy Policy. If you register on behalf of an organisation, you are responsible for informing your collaborators and authorised users about the data processing described herein.

3. Categories of Personal Data Collected

We collect and process the following categories of personal data:

  • Account and identity data — name, email address, job title, professional role, and organisation details
  • Business and billing data — VAT number, business address, billing information, and commercial documents
  • Order and usage data — order history, purchase frequencies, product comparisons, catalogue interactions, and cart contents
  • Supplier account credentials — usernames and passwords for third-party dental supplier accounts, provided voluntarily by users to enable price comparison and order placement on their behalf
  • Technical and connection data — IP address, browser type and version, device type, operating system, access logs, session duration, and pages visited
  • Communication data — messages sent to our support team and feedback submitted through the Platform

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes, each relying on the corresponding legal basis under Article 6(1) GDPR:

Contract execution (Article 6(1)(b))

  • Creating and managing your user account
  • Providing access to product comparison, catalogue consultation, and order generation features
  • Processing and transmitting purchase orders to selected suppliers
  • Managing subscriptions, trials, and billing
  • Communicating service-related information (order confirmations, account notifications)

Legitimate interests (Article 6(1)(f))

  • Improving the Platform's features, performance, and user experience
  • Ensuring the security and integrity of the Platform
  • Detecting and preventing fraud, abuse, or unauthorised access
  • Generating aggregated, anonymised analytics and usage statistics
  • Providing customer support and responding to enquiries

Legal obligations (Article 6(1)(c))

  • Complying with accounting, tax, and financial reporting requirements
  • Responding to lawful requests from public authorities
  • Retaining records as required by Belgian and EU law

5. Supplier Account Credentials

Where the Platform requires supplier account credentials to access pricing information and facilitate orders on your behalf, these credentials are:

  • Provided voluntarily by you
  • Encrypted using industry-standard AES-256 encryption at rest
  • Used solely for the stated purposes (price retrieval and order placement)
  • Never shared with third parties other than the relevant supplier
  • Deletable at any time through your account settings or upon request

You remain responsible for the security of your supplier account credentials and must notify both Dentistock and the relevant supplier immediately if you suspect any unauthorised use.

6. Data Sharing and Recipients

Dentistock does not sell your personal data. We may share your data with the following categories of recipients, solely to the extent necessary:

  • Dental supply companies — when you submit a purchase order through the Platform, relevant order and contact details are transmitted to the selected supplier(s)
  • Technical service providers — hosting providers, analytics services, email delivery services, and infrastructure partners who assist in operating the Platform, bound by data processing agreements
  • Professional advisors — legal counsel, auditors, and accountants when necessary for our legitimate business purposes
  • Public authorities — when required by law, regulation, or valid legal process

All service providers acting as data processors are contractually bound to process personal data only on our instructions and in accordance with applicable data protection law.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). If any transfer of personal data to a country outside the EEA is necessary (for example, through the use of cloud infrastructure providers), we ensure that appropriate safeguards are in place, such as:

  • An adequacy decision by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other valid transfer mechanisms under Chapter V of the GDPR

8. Data Retention

We retain your personal data for as long as your account is active and as necessary to provide the services you have requested. Upon account deletion or termination:

  • Personal data is deleted or anonymised within two (2) years, unless a longer retention period is required by law
  • Accounting and billing records may be retained for up to ten (10) years as required by Belgian commercial and tax law
  • Data relevant to an ongoing dispute or legal proceeding may be retained until the matter is resolved

Supplier account credentials are deleted immediately upon your request or upon account termination.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Article 15) — obtain confirmation of whether your data is being processed and receive a copy of that data
  • Right to rectification (Article 16) — request correction of inaccurate or incomplete personal data
  • Right to erasure (Article 17) — request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations
  • Right to restriction of processing (Article 18) — request that we limit the processing of your data in certain circumstances
  • Right to data portability (Article 20) — receive your personal data in a structured, commonly used, machine-readable format
  • Right to object (Article 21) — object to processing based on legitimate interests, including profiling
  • Right to withdraw consent (Article 7(3)) — where processing is based on consent, withdraw that consent at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at privacy@dentistock.com. We will respond to your request within one (1) month. If your request is complex, this period may be extended by a further two (2) months, and we will inform you of any extension.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Autorité de protection des données) at www.autoriteprotectiondonnees.be .

10. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies for the following purposes:

  • Essential cookies — required for the Platform to function correctly (authentication, session management, security). These cannot be disabled.
  • Analytics cookies — help us understand how users interact with the Platform so we can improve its functionality and performance. These are only placed with your consent.

You can manage your cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Platform.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit (TLS) and at rest
  • AES-256 encryption for sensitive credentials
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Staff awareness and confidentiality obligations

While we strive to protect your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security but commit to promptly notifying affected users and the relevant supervisory authority in the event of a personal data breach, as required by Articles 33 and 34 of the GDPR.

12. Children's Data

The Platform is designed for professional use by dental practitioners and their staff. It is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a minor, we will take steps to delete it promptly.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The current version is always available on the Platform.

Substantial changes will be communicated to you via email or through the Platform. Continued use of the Platform after modifications constitutes acceptance of the updated Privacy Policy.

14. Contact

If you have questions about this Privacy Policy, wish to exercise your rights, or have concerns about how your data is processed, please contact us at: