Privacy Policy

Effective Date: April 29, 2025 | Last Revision Date: April 29, 2025

Introduction

Leading Dentists of the World AS ("LD", "us," "we," or "our") processes personal data in connection with our business operations. This privacy policy applies to our website www.leadingdentists.no, the Quality Leader Business Program ("the Program"), and related services and communications. It informs you about the types of personal information we collect, how and why we process it, who we share it with, your rights, and how we protect your data.

We are committed to complying with the Norwegian Personal Data Act and the General Data Protection Regulation (GDPR). Our online resources and services are intended for adults (18 years or older) acting in a professional capacity.

Who We Are & Data Controller

LD provides business programs and resources primarily for dental professionals. For the purposes of GDPR and Norwegian data protection law, Leading Dentists of the World AS is the data controller.

Contact Information:

  • Name: Leading Dentists of the World AS
  • Address: Horgvegen 5, 7055 Ranheim, Norway
  • Email: vilde@leadingdentists.no (for privacy inquiries and general contact)
  • Phone: 98486924
  • Organization Number: 933557545

What Personal Information Do We Process?

"Personal information" (or "personal data") means information relating to an identified or identifiable natural person. We adhere to the principle of data minimization, meaning we only collect and process personal data that is adequate, relevant, and limited to what is necessary for the specific purposes outlined below. We process data you provide voluntarily and data collected automatically.

  • Voluntarily Submitted: Name, email, phone, address, profession, job description, clinic name, communications content, payment information summaries (full details handled by processor).
  • Automatically Collected: IP address, browser/device type, operating system, general location, website usage data (pages visited, time spent, clicks), data collected via necessary cookies. Data from analytics/non-essential cookies is collected only with consent.

How and Why We Process Your Information (Purposes, Data, Legal Basis, Retention)

We process personal data only for specified, explicit, and legitimate purposes. Below are the main processing activities:

1. Program Enrollment, Participation & Delivery

  • Purpose: To register participants, manage enrollment, deliver the Program content and services (webinars, one-on-one sessions, materials, networking), manage accounts, facilitate communication related to the program, and fulfill our contractual obligations.
  • Data Categories: Name, email, phone, address, profession, job description, clinic name, payment status/history (summary), account login details (if applicable), participation records (attendance, engagement).
  • Legal Basis: GDPR Art. 6(1)(b) (Performance of Contract). Processing is necessary to deliver the Program service purchased.
  • Retention Period: Data directly related to program participation (excluding financial records) is retained for the duration of the Program cohort participation plus a period necessary for follow-up, handling potential claims, and maintaining essential participant records, typically up to 3 years after program completion. Financial transaction data is kept longer according to legal obligations (see Activity 2).

2. Payment Processing

  • Purpose: To process payments for Program enrollment and related services.
  • Data Categories: Name, email, billing address, payment method summary (e.g., card type, last 4 digits - full card details are handled directly by the payment processor), transaction details.
  • Legal Basis: GDPR Art. 6(1)(b) (Performance of Contract) and Art. 6(1)(c) (Legal Obligation).
  • Retention Period: Transaction summaries retained as part of client record (see Activity 1). Detailed payment records (invoices, transaction details required for accounting) are retained for 5 years after the end of the financial year, as required by Norwegian bookkeeping law (bokføringsloven).

3. Website Contact Forms & General Inquiries (Email/Phone)

  • Purpose: To respond to inquiries about our services, provide requested information, and manage general communications.
  • Data Categories: Name, email, phone number, content of the inquiry/communication.
  • Legal Basis: GDPR Art. 6(1)(f) (Legitimate Interest). Our legitimate interest is to respond effectively to inquiries and engage with potential clients and contacts.
  • Retention Period: As long as necessary to handle the inquiry and any follow-up, typically deleted within 1 year after the last communication if no further relationship (e.g., program enrollment, newsletter subscription) is established, unless longer retention is required for legal reasons.

4. Email Communications, Newsletters & Marketing

  • Purpose: To send newsletters, marketing information, promotional materials, event invitations, and other communications about LD's services that may be of interest.
  • Data Categories: Name, email address, potentially phone number (for SMS marketing, if used and consented to), opt-in/opt-out status, record of consent/legal basis.
  • Legal Basis:
    • For existing clients regarding similar services: GDPR Art. 6(1)(f) (Legitimate Interest) combined with Marketing Control Act § 15 (requires clear opt-out option).
    • For prospective clients or marketing unrelated to existing services: GDPR Art. 6(1)(a) (Consent).
  • Retention Period: We retain your contact details for these marketing purposes as long as your consent remains active (not withdrawn) or the legitimate interest basis is valid and you have not opted out. We consider consent/interest active as long as you engage with our communications or do not unsubscribe. If consent is withdrawn or you opt-out, processing for this purpose ceases promptly, and data is deleted or added to a suppression list as appropriate, unless needed for another lawful purpose. We may periodically review contact lists for relevance.

5. Free Content Downloads (e.g., PDFs)

  • Purpose: To provide requested free content and, based on your consent, potentially follow up with relevant information about our services.
  • Data Categories: Name, email address, record of consent.
  • Legal Basis: GDPR Art. 6(1)(a) (Consent). Accessing free content requires your explicit consent for any subsequent marketing follow-up.
  • Retention Period: We retain your contact details for follow-up based on this consent as long as your consent remains active (not withdrawn). We consider consent active as long as you engage or do not unsubscribe. If consent is withdrawn, processing for this purpose ceases. If consent remains active but there is no engagement for an extended period (e.g., after 5 years), we may review the data for deletion based on lack of ongoing relevance.

6. Website Operation, Security & Basic Analytics

  • Purpose: To ensure the technical functionality, security, and basic operation of the website; to perform aggregated, non-identifying analysis of website usage for improvement.
  • Data Categories: IP address (may be anonymized), browser/device type, operating system, basic usage logs (page views, errors).
  • Legal Basis: GDPR Art. 6(1)(f) (Legitimate Interest).
  • Retention Period: Technical logs typically kept for short periods (e.g., 7-90 days) for security/troubleshooting. Aggregated/anonymized data may be kept longer.

7. Website Analytics (Detailed Tracking - e.g., Google Analytics)

  • Purpose: To gain detailed insights into website traffic, user behavior, etc., using tools like Google Analytics.
  • Data Categories: Anonymized/Pseudonymized IP address, detailed usage data, device/browser info, general location, etc. (as consented to).
  • Legal Basis: GDPR Art. 6(1)(a) (Consent), obtained via cookie banner/tool.
  • Retention Period: Data within Google Analytics retained per configured settings (e.g., 14 or 26 months). Consent status stored as required by law.

8. Video Conferencing Sessions (e.g., Google Meet)

  • Purpose: To conduct live program sessions and meetings.
  • Data Categories: Name, email address (as participant identifiers), potentially video/audio feed during the session (if camera/mic enabled), IP address, usage metadata.
  • Legal Basis: GDPR Art. 6(1)(b) (Performance of Contract - necessary to deliver program component) and Art. 6(1)(f) (Legitimate Interest - for operational aspects). If sessions are recorded, we will provide specific notice beforehand and processing will be based on your explicit Consent (Art. 6(1)(a)) or another appropriate legal basis identified at that time.
  • Retention Period: Metadata per provider terms. Recordings (if made with consent/notice) will be retained only for the specific purpose stated (e.g., providing access to participants during the program term or for a defined period afterwards, such as 12 months) and then securely deleted.

9. Customer Follow-up & Support

  • Purpose: Ongoing support, post-program follow-up, managing client relationship.
  • Data Categories: Name, email, phone, communication history, program details.
  • Legal Basis: GDPR Art. 6(1)(b) (Contract) and Art. 6(1)(f) (Legitimate Interest).
  • Retention Period: Data retained for the duration of the active client relationship and for a period necessary for follow-up and potential claims, typically up to 3 years post-program completion (distinct from legally mandated financial record retention).

10. Direct Sales (B2B Prospecting)

  • Purpose: To contact potential business clients.
  • Data Categories: Clinic name, contact person name, professional contact details, job title.
  • Legal Basis: GDPR Art. 6(1)(f) (Legitimate Interest) for B2B marketing, subject to rules and right to object. (Legal review advised).
  • Retention Period: As long as necessary for active prospecting, with regular review (e.g., annually) and deletion if no engagement or objection received.

Legal Basis for Processing (Summary)

Our processing relies on: Consent (Art. 6(1)(a)), Contract Performance (Art. 6(1)(b)), Legal Obligation (Art. 6(1)(c)), and Legitimate Interests (Art. 6(1)(f)), as specified above. Where we rely on legitimate interests, we have performed an internal assessment (LIA) to balance our interests against your rights and freedoms.

Storage of Personal Information and Deletion (Summary)

We adhere to GDPR's storage limitation principle, storing data only as long as necessary for its specified, legitimate purpose. Retention periods are based on:

  • Purpose Fulfillment: Time needed for the specific task.
  • Legal Obligations: Mandated periods (e.g., 5 years for financial records under Norwegian bookkeeping law).
  • Active Consent: Data kept while consent is active; deleted upon withdrawal (unless another basis applies).
  • Valid Legitimate Interest: Data kept while interest is valid and unchallenged (subject to opt-out/objection and periodic review).
  • Statute of Limitations: Periods relevant for potential legal claims (e.g., typically 3 years in Norway).

We do not keep data indefinitely without justification. Once no longer needed, data is securely deleted or anonymized.

Disclosure of Personal Information to Third Parties / Data Processors

We do not sell your personal data. We share it only when necessary and legally permitted, primarily with service providers (data processors) acting on our behalf under strict data processing agreements (DPAs). Please ensure the list below is complete and accurate for your current operations.

Key Processors and International Transfers:

  • Payment Processor: Stripe (Processing payments). Based in US, processes globally. Transfers rely on SCCs & DPF certification. See Stripe's Privacy Policy.
  • Video Conferencing/Email: Google Meet/Gmail (Google Workspace). Based in US, processes globally. Transfers rely on SCCs & DPF certification. See Google's Privacy Policy.
  • Email Marketing: Email Octopus. Based in UK (Adequacy Decision). May use sub-processors outside UK/EEA under SCCs. See Email Octopus's Privacy Policy.
  • Website Analytics: Google Analytics. See Google details above. Opt-out: https://tools.google.com/dlpage/gaoptout
  • Website Development/Hosting: Børge Gellein Blikeng / Blikeng Consulting (Norway). Processor for website maintenance. Processing within Norway/EEA under DPA.
  • [Add any other processors here, e.g., CRM, Cloud Storage, Survey tools, LMS]

Appropriate legal safeguards (SCCs, DPF, Adequacy Decisions) are used for transfers outside the EU/EEA per GDPR Chapter V.

Security of Processing

We implement appropriate technical and organizational measures to protect personal data, proportionate to the risk. We have procedures for handling data breaches.

Your Rights and Options (GDPR)

You have rights regarding your personal data: Access, Rectification, Erasure, Restriction, Objection, Data Portability, Withdraw Consent. Contact vilde@leadingdentists.no to exercise rights. We respond within legal timeframes after identity verification. You can complain to Datatilsynet: https://www.datatilsynet.no/en/.

Online Tracking Technologies and Advertising (Cookies)

We use cookies and similar technologies on our website. Essential cookies are necessary for site function and do not require consent. For non-essential cookies, such as those used by Google Analytics for tracking, and by advertising platforms (if any), we request your explicit consent through our cookie consent banner/management tool. This tool also allows you to customize your cookie preferences and withdraw consent at any time. Common cookie types we may use include:

  • Essential/Strictly Necessary: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.
  • Analytical/Performance: These allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality: These are used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences (for example, your choice of language or region).
  • Targeting/Advertising: These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. (Note: Use of advertising cookies must be explicitly consented to).

You can manage your cookie settings through your browser settings as well as through our cookie consent tool. Blocking all cookies may affect the functionality of the site.

Children's Privacy

Our services are not directed at children under 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us to have it removed.

Links to Other Websites

Our website may contain links to third-party sites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

Changes to This Privacy Policy

We may update this policy. Changes will be posted on our website with a revised "Last Revision Date." For material changes, we may provide additional notice (e.g., email).

Governing Law and Dispute Resolution

This policy is governed by Norwegian law. Disputes should primarily be addressed by contacting us. You also have the right to complain to the Norwegian Data Protection Authority (Datatilsynet).

Contact Us

For questions about this policy or your data, contact us at: vilde@leadingdentists.no or by mail (see Section: "Who We Are & Data Controller").

Last Revision Date: April 29, 2025