Privacy Policy

This Privacy Policy explains how FACE Orthodontics SRL (“we,” “our,” or “us”) collects, uses, discloses, and protects personal data when you access or use www.nexo-aligners.com (the “Website”) and related digital services. We are committed to protecting your privacy and ensuring that your personal data is processed in compliance with the EU General Data Protection Regulation (GDPR) and applicable Romanian data protection laws. This Policy applies to all users of the Website, including licensed dental professionals who access the Doctors’ Portal, submit treatment cases, or contact us through the Website.

The data controller responsible for processing your personal data is:

FACE Orthodontics SRL
Str. Pompiliu Teodor 26, Cluj-Napoca, Romania
Email: info@nexo-aligners.com

We collect and process the following categories of personal data depending on how you use our Website and services:

a) Professional User Information
- Name, surname, and professional title
- Clinic name and contact details
- Email address, phone number, login credentials (for portal access)

b) Patient Data (provided by professionals)
- Patient identification data (e.g., name, age, gender, case reference)
- Intraoral scans, 3D digital models
- Facial and intraoral photographs, X-rays and CBCT
- Orthodontic treatment plans and case documentation

c) Communication and Support Data
- Messages and inquiries submitted through the Website’s contact forms
- Support correspondence and feedback

d) Technical and Usage Data
- IP address, browser type, device information, and access timestamps
- Website analytics and interaction data collected through cookies and similar technologies (see our Cookie Policy for details)

We process personal data for the following purposes and legal bases:

Providing access to the Doctors’ Portal and case management tools – Performance of contract (Article 6(1)(b) GDPR)
Managing orthodontic treatment planning and technical support – Performance of contract
Communication and response to inquiries – Legitimate interest or consent
Ensuring Website security, maintenance, and improvements – Legitimate interest
Compliance with legal obligations – Legal obligation (Article 6(1)(c) GDPR)
Marketing and analytics through cookies – Consent (Article 6(1)(a) GDPR)

We use personal data solely for the purposes stated above. We may share data with:
- Authorized sub-processors (e.g., hosting providers, technical service providers) bound by data protection agreements;
- Third-party analytics and advertising partners (e.g., Google Analytics, Meta Pixel) with your consent;
- Public authorities or regulators, when legally required.

We do not sell or rent personal data to third parties.

We retain personal data only as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.

Retention periods may vary based on data type:
- Account and professional data: retained during your active relationship with us and for up to 5 years after account closure.
- Patient treatment data: retained for the period required by medical and professional regulations.
- Technical and cookie data: retained according to the timeframes specified in our Cookie Policy.

All personal data is processed and stored within the European Economic Area (EEA). If data must be transferred outside the EEA, appropriate safeguards such as Standard Contractual Clauses (SCCs) will be applied to ensure an equivalent level of protection.

We apply strict technical and organizational measures to protect personal data from unauthorized access, alteration, loss, or destruction. These include data encryption, secure authentication, network protection, and regular audits of data processing systems.

Under the GDPR, you have the following rights regarding your personal data:
1. Right of access – to obtain confirmation whether your data is being processed and receive a copy of it.
2. Right to rectification – to correct inaccurate or incomplete data.
3. Right to erasure (“right to be forgotten”) – to request deletion of your personal data under certain conditions.
4. Right to restriction of processing – to limit processing in specific circumstances.
5. Right to data portability – to receive your data in a structured, commonly used format and transmit it to another controller.
6. Right to object – to object to processing based on legitimate interests or for direct marketing.
7. Right to withdraw consent – where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing.

To exercise any of these rights, please contact us using the details provided below.

FACE Orthodontics SRL has appointed a Data Protection Officer responsible for overseeing compliance with this Policy.

Contact details:
Data Protection Officer
Email: info@nexo-aligners.com

We use cookies and similar technologies for website functionality, analytics, and marketing. For detailed information, please refer to our separate Cookie Policy available on the Website.

We may modify this Privacy Policy from time to time to reflect updates in our processing activities, legal obligations, or technological changes. Any revisions will be published on this page with a new “Last updated” date.

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact:

FACE Orthodontics SRL
Str. Pompiliu Teodor 26, Cluj-Napoca, Romania
Email: info@nexo-aligners.com

If you believe that your data protection rights have been violated, you also have the right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) or another competent EU authority.