Privacy Policy
Introduction
Bright Smile Dental Clinic ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way.
This policy complies with the Personal Data Protection Act (PDPA) No. 9 of 2022 of Sri Lanka and incorporates international best practices for healthcare data protection.
Information We Collect
Personal Information
We collect personal information that you voluntarily provide to us when you:
| Category | Examples |
|---|---|
| Identity Data | Full name, date of birth, National Identity Card number, gender |
| Contact Data | Email address, phone number, postal address |
| Health Data | Medical history, dental records, treatment plans, X-rays, photographs |
| Financial Data | Payment information, insurance details, billing records |
| Technical Data | IP address, browser type, device information, cookies |
| Communication Data | Appointment requests, feedback, correspondence |
Sensitive Personal Data
As a healthcare provider, we process sensitive personal data including your health information. Under the Sri Lanka PDPA, this data receives additional protection. We only collect health data that is necessary for providing dental care services and with your explicit consent.
How We Use Your Information
Healthcare Services: To provide dental examinations, treatments, and follow-up care. This includes maintaining your dental records, creating treatment plans, and communicating about your appointments.
Appointment Management: To schedule, confirm, reschedule, or cancel appointments. We may send you reminders via email, SMS, or WhatsApp based on your notification preferences.
Billing and Payments: To process payments, generate invoices, manage payment plans, and handle insurance claims on your behalf.
Communication: To respond to your inquiries, provide customer support, and send important updates about our services or changes to our policies.
Legal Compliance: To comply with legal obligations, including maintaining medical records as required by Sri Lankan healthcare regulations.
Service Improvement: To analyze usage patterns and improve our website, services, and patient experience. This data is anonymized where possible.
Legal Basis for Processing
Under the Sri Lanka PDPA, we process your personal data based on the following legal grounds:
| Legal Basis | Application |
|---|---|
| Consent | Marketing communications, non-essential cookies, sharing data with third parties |
| Contract | Providing dental services you have requested, appointment scheduling |
| Legal Obligation | Maintaining medical records, tax compliance, regulatory reporting |
| Vital Interests | Emergency medical situations |
| Legitimate Interests | Improving services, fraud prevention, security |
Data Sharing and Disclosure
We do not sell your personal information. We may share your data with:
Healthcare Providers: Other dental specialists, laboratories, or medical professionals involved in your care, with your consent.
Insurance Companies: To process claims and verify coverage, when you provide insurance information.
Service Providers: Third-party vendors who assist with payment processing, email delivery, SMS notifications, and website hosting. These providers are contractually bound to protect your data.
Legal Authorities: When required by law, court order, or to protect our legal rights.
Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- Encrypted data transmission using SSL/TLS technology
- Secure storage of electronic records with access controls
- Regular security assessments and updates
- Staff training on data protection and confidentiality
- Physical security measures for paper records
Despite our efforts, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information to the best of our ability.
Data Retention
We retain your personal data for the following periods:
| Data Type | Retention Period |
|---|---|
| Medical/Dental Records | 10 years after last treatment (as per healthcare regulations) |
| Financial Records | 7 years (tax compliance) |
| Appointment History | 5 years |
| Marketing Preferences | Until you withdraw consent |
| Website Analytics | 2 years |
After the retention period, data is securely deleted or anonymized.
Your Rights
Under the Sri Lanka PDPA, you have the following rights:
Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request correction of inaccurate or incomplete data.
Right to Erasure: You can request deletion of your data, subject to legal retention requirements.
Right to Restrict Processing: You can request that we limit how we use your data.
Right to Data Portability: You can request your data in a structured, machine-readable format.
Right to Object: You can object to processing based on legitimate interests or for marketing purposes.
Right to Withdraw Consent: You can withdraw consent at any time for processing based on consent.
To exercise these rights, contact us using the details below. We will respond within 30 days.
Children's Privacy
Our services are not directed to children under 13 years of age. For patients under 18, we require parental or guardian consent before collecting personal information. Parents or guardians may access, modify, or delete their child's information by contacting us.
International Data Transfers
Your data is primarily stored and processed in Sri Lanka. If we transfer data internationally (for example, to cloud service providers), we ensure appropriate safeguards are in place to protect your information in compliance with the PDPA.
Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on our website and updating the "Last Updated" date. We encourage you to review this policy periodically.
Contact Us
If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
Bright Smile Dental ClinicMain Street, Embilipitiya, Sri Lanka
Phone: 076 499 4948
Email: [email protected]
WhatsApp: +94 76 499 4948
Data Protection Officer:
For data protection inquiries, please email: [email protected]
Regulatory Authority
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with the Data Protection Authority of Sri Lanka.