Privacy Policy

  1. Name and address of the Data Controller

The Data Controller within the meaning of the GDPR is

DSSM GmbH
Ludwig-Kick-Str. 2
88131 Lindau
Germany
Phone: +49 838 250 468 0
E-Mail: contact@dssm.group

  1. Data Protection Officer

The Data Protection Officer of the Data Controller can be reached at:

DSSM GmbH
Ludwig-Kick-Str. 2
88131 Lindau
Germany
Phone: +49 838 250 468 0
E-Mail: contact@dssm.group

  1. Introduction

The protection of your personal data and of your private life are very important to us as Data Controller in terms of data protection. You need to know what information about you is collected through our website www.sagemax.com and related services (our “Service” for short) and how your information is used. This privacy policy gives you this information.

Therefore, we obviously comply with the provisions of the EU General Data Protection Regulation (GDPR) and all other locally applicable data protection regulations. It is important to us to inform you about what personal data is collected and processed and what options you have. This privacy policy gives you answers to the most important questions.

Your data will be stored, processed and used in accordance with this privacy policy and the relevant statutory data protection regulations.

Our employees and agents who process your enquiries are obliged to maintain confidentiality.

  1. Your Rights:

If your personal data is processed, you are a data subject within the meaning of the GDPR. You have the following rights against us as the Data Controller:

(1) You have a right to obtain confirmation as to whether and which personal data we process in relation to you.

(2) You have a right to rectification and erasure of this personal data.

(3) You have a right to restriction of processing of your personal data.

(4) You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you. This does not apply if a legal provision obliges or entitles us to collect, process or use this data.

(5) Furthermore, you may withdraw any consent you have previously given to the collection, processing and use of your personal data at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of such consent until the withdrawal.

(6) You also have a right to data portability.

(7) To exercise your rights or for information and/or explanations of your rights, please contact our data protection officer by e-mail or by post (for contact details, see under “Data Protection Officer”). We will be happy to provide you with access to your personal data in our database upon request. The information is free of charge.

(8) In addition, you have the right to lodge a complaint to a data protection supervisory authority about our processing of your personal data.

  1. Definitions

(1) “Customer Portal” means the online tool accessible via www.sagemax.com through which you can access the following “Services”.

(2) “Services” means all the services we offer through our “Customer Portal”. Depending on whether the service is available in the respective country, the following services can be currently used on this platform:

  1. “Webshop”: The Webshop allows our registered customers to order online the products available online in the respective country and have them delivered to the desired address.
  2. “eIFU”: The eIfU functionality delivers the instructions for use for each product. By subscribing to changes, we send a notification whenever a document has been updated.

6. What data is collected and stored

Which data is collected and stored depends on which services you use on our platform.

(1) Data or categories of data:

(a) As with any website, our server automatically and temporarily collects and stores the following information in the server log files, which are transmitted by the browser, unless this has been deactivated by you:

– domain name or IP address of the requesting computer
– file requests of the client (file name and the corresponding data of the complete Internet address)
– the HTTP response code
– the Internet page from which you are visiting us (referrer URL)
– date and time of the server request
– browser type and version
– operating system used by the requesting computer
– cookies (see cookie below and our cookie policy for more details) are also used to collect anonymous traffic data from users of our website. This anonymous traffic data may be used for market research purposes and the demand-oriented design of our website.

(b) When using the “Webshop” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:

– Invoice and delivery address(es)
– Products and services you order or purchase
– Your feedback (also public) on our products and services in the sense of ratings, customer reviews or customer satisfaction

  1. For what purpose are your data collected and stored and how are they used?

We process your personal data to operate, provide and improve our services. These purposes include:

  • Information about our products and services requested by the interested parties and customers. We use your personal data to send you the information you have requested via the desired communication channel.
  • Purchase and supply of products and services. We use your personal data to take and process orders, deliver products (whether chargeable or free of charge)  and provide services (whether chargeable or free of charge), develop and assess the need for new products and services, develop, test and launch new products and services, process payments and communicate with you about orders, products and services (e.g. transactional communications or requests for feedback in terms of ratings, customer reviews, customer satisfaction, needs assessment, development, testing and launch of purchased products or services). Furthermore, we use your personal data to fulfil our legal (e.g. warranty) and contractual (e.g. guarantee contract) obligations within the scope of the purchase, guarantee or service contract.
  • Providing, troubleshooting and improving our services (e.g. IV Cloud). We use your personal data to provide features, analyse services and products, troubleshoot and improve the usability and effectiveness of our services.
  • Recommendations and personalisation. If you have consented to this, we will process your personal data to recommend functionality, products and services that may be of interest to you, to identify your preferences and to personalise your experience of our services.
  • Compliance with legal obligations. In certain cases we are subject to legal obligations to collect and process your personal data. For example, we collect data from buyers regarding their registered office, tax number (if required) and their bank account information for identity verification and other purposes.
  • Communication with you. If you have consented to this or if another legal basis (e.g. contract or legitimate interest) allows this, then we will use your personal data to communicate with you via various channels (e.g. by phone, email, chat, messenger, SMS, fax, in person, by post or other communication tools such as Showpad) regarding our products and services.
  • Advertisements and marketing. If you have consented to this, we will use your personal data already collected and other data such as your interactions with our and other’s services (such as social media platforms), content or services, which we will automatically evaluate to serve interest-based ads for products and services or, if you have consented, to send you information about products and services from us and our affiliates (https://www.ivoclar.com/en_li/tools/group-companies) that may be of interest to you by email or through communications. We use data that personally identifies you to display interest-based advertising.
  • Reminder of a shopping basket that has not been completed. If you have agreed to this, you will be informed by e-mail that you have products or services in your shopping basket in our Webshop without having completed the purchase.
  • Fraud prevention and credit risks. We process personal data to prevent or detect fraud and abuse to protect the security of our customers, our business and third parties. To assess and deal with credit risks, we also use scoring procedures where appropriate and work with external partners (e.g. dun & bradstreet).
  • Review and supplement our data. We process personal data in order to check the accuracy of this data and to supplement them if necessary. To this end, we also collect publicly available data on social media platforms and, where appropriate, we work with external partners that provide us with data.
  • Purposes for which we seek your consent. We may ask for your consent to process your personal data for a specific purpose, which we will communicate to you. If you consent to the processing of your personal data for a specific purpose, you may freely withdraw your consent at any time and we will stop processing your data for that purpose.
  1. Social networks

On our website you will find links to social networks such as Facebook, Twitter, YouTube, LinkedIn and Instagram. Only when you have clicked on the respective button, data (original page, user name if you are logged into the respective service, IP address) will be transmitted to the platform operator. Please refer to the privacy policy of the respective platform operator for information on its collection and use of data. 

  1. What about cookies?

A cookie is a small file containing a string of characters that is transmitted to your computer when you visit a website. If you then visit the website again, the cookie allows this page, for example, to recognise your browser again. Cookies are not usually used to store personal data, but can store user preferences and other information. You can set your browser to reject all cookies or to inform you when a cookie is sent. Please follow the instructions in the help function of your browser regarding the prevention and deletion of cookies.

We use cookies to enable our systems to recognise the terminal device or browser you are using and to provide you with our services. Some functionalities or services of the website may not function properly without cookies and we therefore recommend that you accept cookies so that you can make full use of our website.

For more information about cookies and how we use them, please read our cookies notice https://sagemax.com/cookie-declaration/ 

  1. Recipients of the data or categories of recipients:

We disclose customers’ personal data to the extent described below:

  • Departments of Ivoclar Vivadent AG and affiliated companies(https://www.ivoclar.com/en_li/tools/group-companies) and their employees,
  • Technical services, insofar as necessary for the fulfilment of the contractual relationship,
  • Data processors and other service providers and contractual partners, to the extent necessary for the fulfilment of the contractual relationship, and
  • Public bodies under overriding legal obligations

that are either subject to this Privacy Policy or implement measures that provide at least as much protection as those described in this Privacy Policy and where such disclosure is necessary.

Service provider and contractual partner:

We engage other companies and individuals to perform tasks for us. Examples include, but are not limited to, fulfilling orders for products and services, deliveries, sending letters or emails, maintaining our customer lists, analysing our databases, supporting promotional activities, providing search results and links (including paid offers and links), processing payments (credit card, direct debit and bill payment), transmission of content, assessing credit risk and providing customer service. These third party service providers and contractors have access to personal data needed to perform their tasks. However, they may not use them for other purposes. Furthermore, they shall process the data in accordance with this privacy policy and the relevant data protection laws.

Protection of the Data Controller:

We disclose personal data about customers when we are required to do so by law or when such disclosure is necessary to enforce our general terms and conditions or other agreements or to protect our rights and the rights of our customers and third parties. This also includes data exchange with companies to prevent and minimise misuse and credit card fraud.

In all other cases, we will inform you if personal data is to be transferred to third parties. This gives you the opportunity to decide that your data should not be shared with the third party.

Data transfer to countries outside the European Economic Area:

When transferring personal data to third parties in countries outside the European Economic Area (EEA), we always ensure that the transfer of data is in accordance with this privacy policy and applicable data protection laws.

  1. Legal basis for data processing by the Data Controller

Insofar as we obtain the consent of the data subject for processing operations involving personal data, this consent shall serve as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the performance of the contract shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, this legal obligation serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, those vital interests shall serve as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, this legitimate interest shall serve as the legal basis for the processing.

  1. Data erasure and duration of retention

We store your personal information to enable you to use our services on an ongoing basis. We will retain your information for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes for ten years. The personal information will be erased or blocked as soon as the purpose of the retention ceases to apply. In addition, retention may take place if this has been provided for or prescribed by the legislator in decrees, laws or other regulations to which the data controller is subject. Data will also be blocked or erased if a retention period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the execution or performance of a contract.

We will inform you of further retention durations. For example, we keep your order summaries so that you can review past purchases and the addresses to which you have sent your orders (and repeat orders if you wish) and so that we can improve the relevance of the products and content we recommend. We store the personal data collected each time our platform is called up and files are transferred for a maximum period of one year. These data are stored for reasons of data security – in particular, to defend against attempted attacks on our web servers – as well as to ensure the stability and operational security of our systems.

  1. Data Security

We use up-to-date technical and organisational security measures to protect the data under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. E.G.:

  • To protect the security of your information during transmission, we use Secure Sockets Layer software (SSL). This software encrypts the data that you transmit.
  • When dealing with credit cards, our partner follows the Payment Card Industry Data Security Standard (PCI DSS) for the processing of payments by credit card.
  • We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal information of our customers. These security measures include asking you to provide proof of your identity before we disclose any personal information to you.

Our security measures are continuously improved in line with technological developments.

  1. Commissioned data processing

A transfer to external service providers may take place within the framework of commissioned processing under Article 28 GDPR. These processors have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and are regularly monitored.

The following Data Processors have been engaged for the platform:

– SAP CDC (Cloud)
– Salesforce.com EMEA Limited (Cloud)
– Pimcore (Cloud)
– Paymetric (payment service provider)
– dun & bradstreet (credit check)
– Cvent (Event Registration)

If necessary, other Data Processors can be added. Upon your request, we will provide you with a list of all Data Processors.

  1. Transfer of data to third countries

Some of our affiliates and contractors are located in countries with a different level of data protection. This is particularly the case for countries that do not belong to the European Economic Area (EEA). A full list of our affiliated companies can be found here:

https://www.ivoclar.com/en_li/tools/group-companies

The transfer of personal data to countries outside the EEA will only take place under the following conditions:

– if the European Commission takes a so-called adequacy decision on the third country pursuant to Article 45 GDPR, i.e. has declared that the third country provides a level of data protection adequate to that of the EU; or

– Without an adequacy decision but with a sufficient level of data protection, if appropriate data protection measures (e.g. standard contractual clauses of the EU Commission in the currently applicable version) have been agreed in a legally binding manner with the recipient of the data; or

– without an adequacy decision and without a sufficient level of data protection, if appropriate data protection measures (e.g. standard contractual clauses of the EU Commission in the currently applicable version) and additional safeguards have been agreed in a legally binding manner with the recipient of the data. Additional safeguards may include binding internal data protection rules (e.g. intercompany agreements with third party effect, Binding Corporate Rules) or a positive law enforcement report, a risk assessment questionnaire with a low risk result or a declaration not to be subject to US FISA 702. You can request a copy of these agreements from the Data Controller or the Data Protection Officer; or

– if you have expressly consented to the proposed data transfer or we are entitled to transfer for another reason mentioned in Article  49 GDPR.

Your personal data will only be forwarded to the extent necessary to fulfil our obligations, in particular within the Ivoclar Group. We will not sell, license or rent your personal data to parties other than those already mentioned without your consent. We will disclose your information if we have a good faith belief that disclosure is necessary to comply with the law, for law enforcement purposes or to comply with a court order, or to protect the rights, property or safety of another person, including our own property or rights.

In some cases, e.g. if there is a corresponding court order, we are legally required to transmit data to a requesting public authority or a third party. This may also be without being allowed to inform you.

  1. Tracking with fusedeck

This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.

For more information on data protection and the rights which data subjects have in connection with “fusedeck”, including their right to “opt out” (right to object), please refer to the Privacy Policy and the Information on the Right to Object.

https://fuse.ivoclar.com/en/5rat9XCVP2

  1. Infrastructure Monitoring with Dynatrace

The website uses Dynatrace as a monitoring tool for technical issues users could experience. Dynatrace is a US company located in Waltham. The solution tracks technical errors and stores an anonymized user session recording if errors appear.

For more information, please refer to the data compliance declaration of Dynatrace:
https://www.dynatrace.com/news/blog/dynatrace-compliance-general-data-protection-regulation-eu-citizens/?_ga=2.240076480.2120944121.1672732636-569994417.1672732636&_gac=1.216845156.1672816654.CjwKCAiAwc-dBhA7EiwAxPRylEMMIZSMLTplLPToXiMj_CNTbq_ylLis70-zANsk5WjGdyXvG5hMYBoC1Q8QAvD_BwE

  1. Multilingual customer support with ChatLingual

ChatLingual is a multilingual enterprise messaging platform that provides customer support translations. Connected to our Salesforce-integrated messaging channels (FB messenger, WhatsApp and SMS), the tool temporarily saves the content of chats coming in via these channels in order to translate them in real-time. By using our chats you consent to the transfer of the entire chat content to ChatLingual, USA for translation purposes.

For more information, please refer to the ChatLingual website: https://www.chatlingual.com

  1. Amendment of this privacy policy

We may amend this privacy policy at any time by publishing the amended version. The respective changes will be announced here so that you can find out about them at any time.

Revised: May 2023