PRIVACY POLICY

Last Updated: February 27, 2025

INTRODUCTION

This Privacy Policy explains how Smile Society Orthodontics LTD (“Company,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards your personal information when you use our website (www.smilesocietyortho.com), mobile application, or other services (collectively, the “Service”).

This document outlines your privacy rights and explains how applicable laws protect you. By using our Service, you acknowledge that you have read and understand the terms of this Privacy Policy.

1. INTERPRETATION AND DEFINITIONS

1.1 Interpretation

Words with initial capital letters have meanings defined in this section. These definitions apply regardless of whether they appear in singular or plural form.

1.2 Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created for you to access our Service or specific features.
  • Affiliate means an entity that controls, is controlled by, or is under common control with a party, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for directors or other managing authority.
  • Application refers to Smile Society Orthodontics’ software program provided by the Company.
  • Company refers to Smile Society Orthodontics LTD, located at 1328 N. Milwaukee Ave, Chicago, IL 60622.
  • Cookies are small files placed on your device by a website to store information about your browsing history and preferences.
  • Country refers to the United States (specifically, Illinois for our operations).
  • Device means any device (computer, cellphone, tablet, etc.) that can access the Service.
  • Personal Data means any information that relates to an identified or identifiable individual.
  • Service refers to the Application and/or the Website provided by the Company.
  • Service Provider means any natural or legal person who processes data on behalf of the Company to facilitate the Service.
  • Usage Data refers to data collected automatically through your use of the Service, such as IP address, browser type, pages visited, and time spent.
  • Website refers to Smile Society Orthodontics, accessible at smilesocietyortho.com.
  • You means the individual or entity accessing or using the Service.

2. INFORMATION WE COLLECT

We collect several types of information to provide, maintain, and improve our Service:

2.1 Personal Information

When you use our Service, we may ask you to provide personally identifiable information, including but not limited to:

  • Contact Information: First name, last name, email address, phone number, and mailing address.
  • Health Data: Dental history, treatment details, diagnostic images, treatment plans, and other health-related information collected via forms, patient portals, during appointments, or through referrals. This information is used solely for treatment, payment, and healthcare operations.
  • Payment Information: Credit card details, banking information, insurance details, or other payment methods when you make payments through our Service.
  • Login Credentials: Username, password, and security questions/answers for accessing patient or referring doctor portals.
  • Demographic Information: Age, gender, and other demographic details that help us provide better service.

2.2 Usage Data

We automatically collect certain information when you visit, use, or navigate our Service. This information may include:

  • Your Device’s Internet Protocol (IP) address
  • Browser type and version
  • Pages of our Service that you visit
  • Date and time of your visit
  • Time spent on those pages
  • Unique device identifiers
  • Other diagnostic data

For mobile devices, we may collect additional details such as:

  • Device ID
  • Operating system version
  • Mobile browser type
  • Mobile carrier information

2.3 Application-Specific Data

With your permission, our mobile application may also collect:

  • Location Data: To provide location-based services (e.g., finding nearby clinics, providing directions)
  • Camera/Photo Access: For features like uploading dental images or scanning insurance cards
  • Contacts: For referral purposes (only with your explicit consent)
  • Calendar: For scheduling and appointment management
  • Biometric Data: For secure authentication (such as fingerprint login)

You can enable or disable access to this information at any time through your device settings.

2.4 Cookies and Tracking Technologies

We use cookies, web beacons, tags, pixels, and similar tracking technologies to collect and store information about how you use our Service:

  • Session Cookies: Temporary cookies that are deleted when you close your browser
  • Persistent Cookies: Cookies that remain on your device until manually deleted or until they expire
  • Necessary Cookies: Essential for the basic functionality of our website
  • Preference Cookies: Remember your preferences and settings
  • Analytics Cookies: Help us understand how users interact with our Service
  • Marketing Cookies: Used to deliver relevant advertisements and track marketing campaign performance

You can set your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of our Service may not function properly without cookies.

For further details, please review our separate Cookies Policy.

2.5 Third-Party Data

We may receive information about you from third-party sources, including:

  • Payment Processors: Stripe, Affirm, or Clover may provide transaction information
  • Analytics Providers: Google Analytics, Mixpanel, or similar services
  • Advertising Partners: Information from our advertising partners about your interactions with our ads
  • Healthcare Providers: Referral information from other healthcare providers
  • Insurance Companies: Verification of benefits and coverage information

3. HOW WE USE YOUR INFORMATION

We use your information for various legitimate purposes, including:

3.1 Providing and Improving our Services

  • Managing appointments and patient records
  • Processing payments and insurance claims
  • Developing and enhancing our website and application
  • Conducting research to improve our treatments and services
  • Training our staff and improving patient care

3.2 Account Management

  • Creating and managing your account
  • Providing access to various functionalities of the Service
  • Verifying your identity for security purposes
  • Managing your preferences and settings

3.3 Communication

  • Sending appointment reminders and confirmations
  • Providing treatment updates and care instructions
  • Notifying you about security or privacy issues
  • Responding to your inquiries and requests
  • Sending administrative notifications
  • Providing customer support

3.4 Marketing and Promotions

  • Sending promotional materials about new services, special offers, or events
  • Conducting surveys and collecting feedback
  • Delivering personalized content and recommendations
  • Managing contests, sweepstakes, or other promotional activities

You may opt out of marketing communications at any time by following the unsubscribe instructions included in our emails or by contacting us directly.

3.5 Analytics and Research

  • Analyzing usage patterns to improve our Service
  • Monitoring trends and user behavior
  • Testing new features and functionality
  • Generating aggregated, non-identifying reports
  • Evaluating the effectiveness of our marketing campaigns

3.6 Legal and Compliance Purposes

  • Meeting our legal obligations, including those under HIPAA
  • Responding to lawful requests from public authorities
  • Enforcing our terms and conditions
  • Protecting our rights, privacy, safety, or property
  • Detecting, preventing, or addressing fraud or security issues

4. HOW WE SHARE YOUR INFORMATION

We do not sell or rent your personal data to third parties. However, we may disclose your information in the following circumstances:

4.1 Service Providers

We share information with trusted third parties who help us operate, provide, improve, and market our Service, including:

  • Healthcare Providers: Other healthcare professionals involved in your care
  • Payment Processors: Financial institutions that process your payments
  • IT and Cloud Services: Companies that provide technology infrastructure and support
  • Communications Providers: Services that facilitate our communications with you
  • Analytics Partners: Companies that help us analyze Service usage

All service providers are contractually obligated to use your information only for the purposes outlined in our agreements and are required to maintain the confidentiality and security of your data.

4.2 Affiliates

We may share information with our affiliates (entities under common control with us), who are required to honor this Privacy Policy.

4.3 Business Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you before your personal information becomes subject to a different privacy policy.

4.4 Legal Compliance

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, government agencies). We may also share information when we believe disclosure is necessary to:

  • Comply with applicable laws and regulations
  • Enforce our terms and agreements
  • Protect our rights, property, or safety
  • Protect the rights, property, or safety of our users or others

4.5 Health Data Sharing

Your health information will only be shared:

  • With your explicit consent
  • For treatment purposes with other healthcare providers
  • For payment operations with insurance providers
  • As otherwise permitted or required by HIPAA

4.6 Public Interactions

Information you voluntarily share in public areas of our Service (such as public reviews or testimonials) may be viewed by other users and the public.

4.7 Advertising Partners

We may share limited, non-identifying data with advertising platforms (e.g., Google Ads, Meta Ads) to deliver relevant advertisements and measure the effectiveness of our marketing campaigns.

5. RETENTION OF YOUR PERSONAL DATA

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by law:

5.1 Personal and Health Data

  • Health Records: Maintained for at least 7 years or as required by state and federal regulations (including HIPAA)
  • Account Information: Retained as long as your account remains active, plus any period required by law
  • Financial Information: Kept for the duration required by tax and accounting regulations

5.2 Usage Data

  • Generally retained for internal analysis for a shorter period (typically 12-24 months)
  • May be retained longer if needed for security, fraud prevention, or service improvement

5.3 Anonymized Data

We may anonymize your personal data (so it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice.

6. TRANSFER OF YOUR PERSONAL DATA

Your information, including Personal Data, is processed at our operating offices and may be transferred to and maintained on computers located outside your state, province, country, or other governmental jurisdiction where data protection laws may differ.

If you are located outside the United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to the United States and process it there.

We take all reasonably necessary steps to ensure your data is treated securely and in accordance with this Privacy Policy. We will not transfer your Personal Data to an organization or country unless there are adequate controls in place, including the security of your data and other personal information.

7. SECURITY OF YOUR PERSONAL DATA

The security of your personal data is important to us. We employ industry-standard technical and organizational measures to protect your information, including:

  • Encryption: Sensitive data (such as health and payment information) is encrypted during transmission and storage
  • Access Controls: Only authorized staff with a need to know have access to your information
  • Authentication: Multi-factor authentication for accessing sensitive systems
  • Monitoring: Continuous monitoring of our systems for potential vulnerabilities
  • Staff Training: Regular privacy and security training for all staff members
  • Vendor Assessment: Rigorous security evaluations of third-party service providers
  • Incident Response: Procedures for promptly addressing security incidents
  • Regular Reviews: We conduct security audits and risk assessments to maintain and improve data protection

While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee absolute security.

8. YOUR RIGHTS REGARDING YOUR INFORMATION

Depending on your location, you may have certain rights regarding your personal information:

8.1 Access and Portability

  • Request to view the personal information we have about you
  • Receive a copy of your personal information in a structured, commonly used format

8.2 Correction and Update

  • Request that we correct or update inaccurate or incomplete information
  • Update your personal information through your account settings

8.3 Deletion and Restriction

  • Request deletion of your personal information where there is no compelling reason for continued processing
  • Request restrictions on the processing of your data under certain circumstances
  • Note that we may need to retain certain information for legal or administrative purposes

8.4 Objection and Withdrawal of Consent

  • Object to the processing of your personal information
  • Withdraw consent previously given for the collection, processing, and transfer of your personal information
  • Opt out of receiving marketing communications

8.5 HIPAA-Specific Rights

As a healthcare provider, we comply with HIPAA, which provides additional rights regarding your health information, including:

  • The right to request restrictions on certain uses and disclosures
  • The right to receive confidential communications
  • The right to inspect and obtain a copy of your health records
  • The right to request amendments to your health information
  • The right to receive an accounting of disclosures
  • The right to obtain a paper copy of notices of privacy practices

To exercise any of these rights, please contact us using the details provided in Section 14. We may ask you to verify your identity before responding to such requests.

9. CHILDREN’S PRIVACY

Our Service is not directed to children under the age of 13. We do not knowingly collect personally identifiable information from children under 13 without verifiable parental consent.

For patients under 18:

  • Parental or guardian consent is required for the collection and processing of personal information
  • Parents/guardians have the right to review information collected from their child
  • Parents/guardians may request to have their child’s information deleted

If we discover that a child under 13 has provided us with personal information without parental consent, we will promptly delete such information from our servers. If you are a parent or guardian and believe that your child has provided us with personal information without your consent, please contact us immediately.

10. HIPAA COMPLIANCE

As a healthcare provider, we are subject to the Health Insurance Portability and Accountability Act (HIPAA). We maintain compliance with HIPAA regulations regarding the collection, use, and disclosure of Protected Health Information (PHI).

10.1 Notice of Privacy Practices

Our detailed HIPAA Notice of Privacy Practices is available at our office, on our website, and upon request. This notice explains:

  • How we may use and disclose your health information
  • Your rights regarding your health information
  • Our legal duties with respect to your health information

10.2 Business Associate Agreements

We maintain Business Associate Agreements with all third parties that may have access to your health information, requiring them to comply with HIPAA regulations and maintain the privacy and security of your PHI.

10.3 Security Measures

We implement specific security measures required by HIPAA, including:

  • Administrative safeguards (policies and procedures)
  • Physical safeguards (facility access controls)
  • Technical safeguards (encryption, access controls)
  • Regular risk assessments and security evaluations

10.4 Breach Notification

In the unlikely event of a breach of unsecured protected health information, we will notify affected individuals, the Department of Health and Human Services, and, when required, the media, in accordance with HIPAA breach notification requirements.

11. INTERNATIONAL DATA TRANSFERS

Our Service is based in the United States and governed by U.S. law. If you access the Service from outside the United States:

  • Your information may be transferred to, stored, and processed in the United States
  • U.S. data protection laws may differ from those in your country of residence
  • By providing your information, you consent to such transfer, storage, and processing

For users in the European Economic Area (EEA), United Kingdom, or Switzerland:

  • We ensure that transfers of personal data to countries outside the EEA, UK, or Switzerland are subject to appropriate safeguards
  • These safeguards may include Standard Contractual Clauses approved by the European Commission, UK authorities, or the Swiss Federal Data Protection and Information Commissioner

12. THIRD-PARTY LINKS AND SERVICES

Our Service may contain links to third-party websites, plugins, and applications that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party services.

When you click on links to third-party sites or use third-party features, these third parties may collect or share data about you. We encourage you to read the privacy notice of every website you visit or third-party service you use when you leave our Service.

Examples of third-party services that may be integrated with our Service include:

  • Payment processors
  • Social media platforms
  • Analytics providers
  • Advertising networks
  • Patient financing services
  • Teledentistry platforms

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes that affect your rights or how we use your personal information, we will:

  • Post the updated Privacy Policy on our website
  • Update the “Last Updated” date at the top of this Privacy Policy
  • Notify you via email to the address associated with your account
  • Provide a prominent notice on our Service
  • Obtain your consent if required by applicable law

We encourage you to review this Privacy Policy periodically to stay informed about our information practices. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.

14. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us through any of the following channels:

Email: privacy@smilesocietyortho.com
Phone: 773-455-4776
Mail: Privacy Officer
Smile Society Orthodontics LTD
1328 N. Milwaukee Ave
Chicago, IL 60622
Website Contact Page: www.smilesocietyortho.com/contact

For urgent privacy concerns or to report a potential data breach, please call our dedicated privacy hotline: 773-455-4777

15. CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to request deletion of your personal information
  • The right to correct inaccurate personal information
  • The right to opt-out of the sale or sharing of your personal information
  • The right to limit the use and disclosure of sensitive personal information
  • The right to non-discrimination for exercising your privacy rights

To exercise these rights, please contact us using the information in Section 14.

16. ACCESSIBILITY

We are committed to making our Privacy Policy accessible to all individuals. If you need this Privacy Policy in an alternative format, please contact us using the information in Section 14.