Privacy Policy

1. Introduction

This privacy notice aims to inform you about how MOND collects and processes personal data in the context of medical assistance and treatments at one of MOND's practices and/or through its website(s) (on which patients can record a consultation and/or find information regarding treatments and the medical assistance offered by MOND) the ("Website").

For the purpose of this privacy notice, MOND refers to

(1)
Dentco BV
Kortrijksesteenweg 26, bus 1
9830 Sint-Martens-Latem
Company registration number: 0552.729.259; 

and

(2)
The Dentco Group, including:

– all of Dentco's subsidiaries; and
– all Dentco's active independent dental practices of which you are a (potential) patient (better known as the MOND dental practices);
– all independent dentists associated with Dentco's dental practices (better known as the MOND dental practices).

hereinafter collectively referred to as "MOND", "we", or "us".

MOND considers the protection of your privacy of the greatest importance and wishes to inform you -as a (potential) patient and/or visitor to our Website (as the case may be) about your personal data and enable you to retain full control over your personal data.

MOND respects your privacy and is committed to protecting your personal data in accordance with Belgian and European regulations on the protection of personal data, including the General Data Protection Regulation (EU) 2016/679 ("GDPR") (together the applicable "Data Protection Legislation"). All terms defined in the Data Protection Legislation and used in this Privacy Declaration have the meaning given to them in the Data Protection Legislation

Please read this privacy notice carefully. It describes not only your rights, but also how you can exercise these rights.

By undergoing treatment and/or making an appointment at one of our Practices, using our Website, sharing your personal data, and/or agreeing to this privacy statement, you acknowledge the manner in which MOND collects and processes your personal data as described herein.

2. Controller

This privacy notice only describes our data processing activities as a data controller (that is, in short, the person who exercises overall control over and determines the purposes and means of processing your personal data).

If you wish to receive more information about the personal data we process or about this privacy statement, you may always contact our data protection officer directly.

3. How can you reach us?

MOND has appointed a data protection officer to whom you can always address any questions concerning your privacy and the processing of your personal data. The data protection officer can be reached at privacy@uwmond.be.

4. What personal data do we process?

MOND processes different types of personal data; this depends on the medical treatments you undergo at MOND, the functionalities you use on the Website and depending on what data you share with us.

If MOND processes personal data, this may involve the data below:

Identification and contact details
Data that allows us to identify you such as:

– surname and first name;
– date and place of birth;
– nationality;
– health insurance number;
– telephone number;
– national registration number;
– e-mail address;
– address;
– passport photograph;
– …

Patient data
Data that allow us to perform medical services:

– general medical background and health status (including consumption habits);
– dental background;
– attending general practitioner and/or specialists;
– treatments performed;
– medication regimen;
– clinical imaging (such as RX) and impressions of your teeth, mouth and jaw;
– family composition;
– medical complaints and other information communicated by the patient as part of the medical service;
– complaints regarding medical services
– …

Payment details
Data required to pay for our services and our business records:

– account number;
– credit card details;
– payment history;
–  …

Technical information
Data required for using our website and making online appointments:

–  technical information about your computer or mobile (such as, your IP address, unique device identifiers, user ID, operating system, browser type);
–  technical information about your use of our website (such as your language preference);
–  …

We use cookies and similar technologies to collect this technical information. For more information, please refer to our cookie statement.

Patient experiences
Data that allow us to inform (potential) patients about other patients' patient experiences through our website, brochures, etc:

–  before and after photos of treatments;
–  written reviews and patient experiences;
–  ...

Camera images
Data that allow us to ensure the physical security of the MOND premises, property, visitors, patients, employees and service providers of MOND:

– Any personal data filmed by security cameras, such as but not limited to a person's physical characteristics, number plates, etc.
 

5. For what purposes are these data used, on what basis and for how long? 

General
MOND processes personal data for the purposes specified in this section 5. This list may evolve and will be updated as necessary.

For certain processing purposes, MOND requests your consent. The consent you give is always free and you have the right to withdraw it at any time. You can withdraw your consent by sending an email to: privacy@uwmond.be. A withdrawal of consent does not affect the processing of personal data prior to such withdrawal or on any other legal basis.

5.1. Medical services

Purpose(s)
– To perform medical care and treatment;
– To assess and mitigate medical risks and complications;
– To comply with the legal obligation to keep patient records;
– To improve medical services through mutual exchange of knowledge and training within the MOND and MOND group.

What personal data?
– Identification and contact details;
– Patient datas.

Legal basis
– Performance of a contract;
– Legal obligation.

Retention period
– As long as necessary within the framework of the performance of the care service agreement, on the understanding that MOND is legally obliged to retain patient data for at least 30 years after the last patient contact;
– In any event, patient data will be deleted at the latest 50 years after the last patient contact.

If you wish to have your data deleted earlier, without violating the statutory time limits, you can always request this by sending an e- mail to privacy@uwmond.be.

5.2. Management of appointments

Purpose(s)
– To book and confirm your appointment;
– To remind you of your (next) appointment;
– To send any related information to your visit (such as clinical images and additional information about treatments carried out and/or to be carried out).

What personal data?
– Identification and contact details;
– Technical information (if you book an appointment online via our website);
– Other information communicated by the patient during the booking of his/her appointment.

Legal basis
– Performance of a contract.

Retention period
– As long as necessary within the framework of the performance of the care service agreement, on the understanding that MOND is legally obliged to retain this patient data for at least 30 years after the last patient contact;
– In any event, this patient data will be deleted at the latest 50 years after the last patient contact.

If you wish to have your data deleted earlier, without violating the statutory deadlines, you can always request this by sending an e- mail to privacy@uwmond.be.

5.3. Business records

Purpose(s)
– To carry out MOND's bookkeeping and administration;
– To monitor payments and outstanding balances;
– To manage billing disputes;
– To manage our patient relationships;
– To handle possible complaints about our products and/or services.

What personal data?
– Payment details;
– Identification and contact details.

Legal basis
– Legitimate interest.

Retention period
– As long as necessary within the framework of the performance of the care service agreement, on the understanding that MOND is legally obliged to retain this patient data for at least 30 years after the last patient contact;
– In any event, this patient data will be deleted at the latest 50 years after the last patient contact.

IIf you wish to have your data deleted earlier, without violating the statutory deadlines, you can always request this by sending an e- mail to privacy@uwmond.be.

5.4. Compliance with legal obligations

Purpose(s)
– To comply with our legal obligations (such as to be able to provide the authorities and health insurance funds with data in the context of compulsory health insurance so that your right to care is ensured and/or to report fraud to the competent authorities);
– To cooperate with any ongoing judicial investigation, court order or legal proceedings;
– To protect our and/or the rights of third parties;
– To respond to requests from data subjects.

What personal data?
– Identification and contact details;
– Payment details;
– Other personal data; this depends on the legal obligation involved.

Legal basis
– Legal obligation.

Retention period
– Until 10 years after the expiry or termination of our patient relationship; or
– As long as required by law.

For more details on the retention period, please feel free to email privacy@uwmond.be.

5.5. Operation of our website

Purpose(s)
– For the operation of our website;
– To ensure the smooth operation of our website;
– To recognise and respect your preferences when you next visit our website (such as your language preferences and cookie settings).

What personal data?
– Technical information.

We use cookies and similar technologies to collect this technical information. For more information, please refer to our cookie statement.

Legal basis
– Legitimate interest.

Retention period
– The retention period varies from as long as the duration of a session/website visit, to as long as necessary for MOND's legitimate interest.
– Technical information is deleted in any case after 3 years from the date of data collection.

For more details on the retention period, you can always email privacy@uwmond.be.

5.6. Informing about patient experiences

Purpose(s)
– To communicate information about expected results of treatments and your patient experiences to other patients via our website, brochures, etc.

This information is only collected when you have given your explicit and free, your consent.

What personal data?
– Patient experiences.

Legal basis
– Consent.

Retention period
– Until ten (10) years after the collection of this information.
– This personal data will be deleted in any case after you have withdrawn your consent for this.

For more details on the retention period, you can always send an e- mail to privacy@uwmond.be.

5.7. Camera surveillance

Purpose(s)
– To physically secure MOND's premises, property, visitors, employees and service providers.

What personal data?
– Camera images.

Legal basis
– Legitimate interest.

Retention period
– Until one (1) month after collection of the camera images (unless longer needed as evidence of a concrete crime or claim or for identifying a potential perpetrator, victim or witness).

For more details on the retention period, you can always email privacy@uwmond.be.

When personal data of third parties is transmitted in the practice or through the Website, the person transmitting the personal data guarantees that he or she has informed these third parties and obtained all necessary consents to share the personal data of these third parties with MOND.

6. Cookies

Our Website uses cookies and similar technologies. For more information, please refer to our cookie statement.

7. Sharing of Personal Data

Where necessary and applicable for the purposes set out in Title 5, we may share your personal data with third parties. These third parties include:

• medical service providers (including fellow dentists, specialists, the dental lab and other service providers who undertake the manufacture of implants, crown and bridge work, prosthetics and other lab work);
• IT service providers that take care of our IT infrastructure (e.g. hosting our Website and your patient record and its maintenance);
• governments and their partners (such as health insurance companies in the context of compulsory health insurance to provide them with data to ensure your right to care;
• referring dentists (who may not be part of MOND);
• our professional advisers (including accountants and bailiffs);
• the MOND group and the dentists who are part of the MOND group;
• third parties to whom we intend to sell, transfer or merge (parts of) our shares, business or assets.

In addition, we may disclose your personal data if required by law, or if we determine in good faith that such disclosure is necessary during litigation and/or to protect our rights.

Upon request, MOND will inform you as soon as possible after the request about the third parties with whom your personal data has been shared by providing you with a more detailed list. This list, including the list above, may evolve and will be updated from time to time.

Processors and sub-processors of MOND always act under the responsibility of MOND. If MOND engages sub- processors, this will always be done in accordance with a processor agreement that meets the requirements of the GDPR and protects your personal data to the best of its ability.

All your personal data will only be viewed and made available to processors, sub-processors, employees and other third parties on a need-to-know basis, limited to the extent necessary to perform their services. Additionally, to the extent possible, your personal data will only be made available to the aforementioned parties after application of pseudonymisation techniques (such as working with patient numbers instead of patient identification data) and/or in an anonymised manner.
 

8. International transfers to countries outside the European Economic Area

In principle, MOND does not transfer your personal data to third countries located outside the European Economic Area ("EEA"). However, it is possible that MOND -via its processors or sub-processors- may transfer your personal data to countries outside the EEA. In this case, MOND will only transfer your personal data outside the EEA in accordance with applicable Data Protection Legislation and subject to appropriate safeguards.

Please contact us if you would like more information on the specific mechanism(s) used by us when transferring personal data to countries outside the EEA.

9. Data Security

MOND has implemented appropriate technical and organisational measures, safeguards and guarantees to process your personal data in accordance with applicable Data Protection Legislation, in particular to protect your personal data from loss, misuse, or unauthorised alteration or destruction.

In order to provide appropriate protection for your personal data, MOND ensures, inter alia, the security of its back office, uses a team of technicians, automated systems and advanced technologies in accordance with industry best practices and makes all necessary efforts to protect the confidentiality of your personal data. For example, your personal data is stored on secure servers and information security (of our server) is reviewed on a regular basis by our IT team.

Please contact us if you would like more information the specific measures taken.

Despite the above measures taken by us, you should be aware that there are always risks associated with sending personal data over the internet. The security and protection of your personal data can never be fully guaranteed, nor can we guarantee that unauthorised third parties will never be able to circumvent these measures or use your personal data for improper purposes.

10. Retention period

We will retain your personal data only for as long as reasonably necessary to fulfil the purposes for which we have collected it and which are set out in Title 5 of this privacy statement, (including to comply with any legal, regulatory, tax, accounting or reporting requirements). We may retain your personal data for longer in the event of a complaint or if we reasonably believe that there is a likelihood of litigation relating to our relationship with you.

The applicable retention periods are listed above in the table under Title 5.

11. Your rights

If and to the extent provided for in applicable Data Protection Legislation, you have the right to:

• to receive confirmation as to whether we process your personal data and, if so, to have access to this personal data;
• to have inaccurate or incomplete personal data corrected without undue delay;
• to have your personal data erased by us in certain circumstances, namely when one of the following applies:
   

1.  if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. if you withdraw your consent on which the processing is based, and if there is no other legal basis for the processing;
3. if you object to the processing in case the processing is for direct marketing purposes;
4. if the personal data have been processed unlawfully; or
5. if the personal data must be deleted to comply with a legal obligation under the applicable Data Protection Legislation;
   
    

• to obtain and transfer your personal data to another controller or processor,
• to obtain a restriction on the processing of your personal data, to the extent possible and in compliance with applicable Data Protection Legislation, when one of the following situations applies:
  
   

1. if you dispute the accuracy of the personal data, for a period that allows MOND to verify the accuracy of the personal data;
2. if the processing is unlawful and you oppose the erasure of the personal data and request instead that its use be restricted; or;
3. if MOND no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
   
    

• to receive your personal data in a structured, common and machine-readable format;
• to prevent the processing of your personal data and the use of your personal data for direct marketing purposes; and
• where the processing of your personal data is based on points (e) and (f) of Article 6(1) of the GDPR, to object to the processing of personal data.
   

If you request a copy of your personal data processed by MOND, your data will be provided by MOND via a spreadsheet file in Microsoft Excel within fourteen (14) working days. Where the request for a copy is clearly unfounded or excessive, MOND may either (i) charge a reasonable fee, taking into account the administrative costs of providing such copy, or (ii) refuse to comply with such request. MOND will inform the data subject of the applicable fee before it is charged.

You can exercise these rights by contacting our data protection officer by sending an email to privacy@uwmond.be.

We may ask you to verify your identity to ensure that you have a legitimate right to make a request and to verify that we are responding to the person who has the legitimate right to send us any of the above requests. For these reasons, MOND reserves the right to request a copy of your identity card if MOND is unable to identify you or if MOND has reasons to doubt your identity. In doing so, we ask you to render illegible any information that is not necessary for identification or verification purposes (such as, for example, your national registration number).

You also have the right to lodge a complaint with the competent supervisory authority if you believe that the processing of your personal data violates applicable regulations. In Belgium, this is the Data Protection Authority:

www.dataprotectionauthority.be 
Drukpersstraat 35, 1000 Brussels, Belgium
+32 (0)2 274 48 00
contact@apd-gba.be.

However, we would welcome the opportunity to resolve your concerns before you turn to the Data Protection Authority. We therefore kindly ask you to contact us in the first instance.

12. Third-party links

Our Website may contain links to third-party applications and websites. Where you would be directed to another website, platform or application via our Website, different terms and conditions, privacy and cookie statements may apply. MOND is not responsible for the content of these applications and websites and is not responsible for the privacy standards and practices of that third party. We encourage you to read the relevant privacy statement of these third parties before accepting their cookies and accessing their applications and/or websites to assure yourself that your personal data is adequately protected. Nonetheless, we seek to protect the integrity of our Website and welcome any feedback about these third-party applications and websites.

13. Consent to disclosure

You acknowledge, confirm and expressly consent to MOND disclosing your personal data if required by law or if MOND deems in good faith that such disclosure is required to:

1. comply with any ongoing judicial investigation, court order or legal process relating to the Practice and/or Website;
2. respond to claims against MOND arising from personal data that violates the rights of third parties;
3. safeguard the rights, property and safety of MOND, its employees, users and the public.

14. Liability

If MOND lawfully transmitted your personal data to a third party (other than a processor or sub-processor), MOND shall not be liable for any unlawful processing or use by that third party.

In no circumstances shall MOND accept responsibility or liability for any direct or indirect damage resulting from any wrongful or unlawful use of personal data by a third party (other than a processor or sub-processor). Nor shall MOND be liable if third parties unlawfully process or use your personal data and MOND has taken appropriate technical and organisational measures to prevent such unlawful processing or use.

In any case, MOND shall only be liable for damage caused by the processing of personal data if it did not comply with the specific obligations of the GDPR. Under no circumstances shall MOND be liable for any special, incidental, indirect or consequential damages or losses.

15. Amendments to this privacy notice

MOND may amend this privacy notice at any time. Any changes we make to our privacy notice will be posted in the practice and/or on the Website (as relevant and applicable) and, where proportionate to the importance of the changes, may be advised to you on your next Website visit. The date of the most recent version is shown in the top right-hand corner of this privacy notice. Please check our privacy statement regularly to be aware of any changes that may affect you.

Amended versions of this privacy statement will come into force fourteen (14) days after its publication on the Website and/or other form of notice and, if necessary, will always be submitted for approval, unless such changes are necessary to comply with a legal requirement. In the latter case, such amendments will enter into force immediately.

16. Applicable law and jurisdiction

This privacy notice shall be governed, interpreted and enforced in accordance with Belgian law, which shall apply exclusively in the event of any dispute.

The courts of Ghent (Ghent division) shall have exclusive jurisdiction to adjudicate any dispute that may arise from the interpretation or execution of this privacy statement, without prejudice to the right of the consumer to submit a dispute to a competent court by virtue of a mandatory provision of law..

Last updated: 11/12/2023