1. Contact Details
The Agency within the meaning of the Privacy Act 2020 (NZ) is
Ivoclar Vivadent Ltd
12 Omega St, Rosedale
PO Box 303011 North Harbour
Auckland 0751
New Zealand
Phone +64 9 914 9999
E-mail: info.nz@ivoclar.com
2. Privacy Officer
The Privacy Officer of the Agency can be reached at:
Ivoclar Vivadent Ltd
Attn. Data Protection Officer
PO Box 303011 North Harbour
Auckland 0751
New Zealand
Phone +64 9 914 9999
E-Mail: dataprotection.auckland@ivoclar.com
3. Introduction
The protection of your personal data and of your private life are very important to us in terms of data protection. You need to know what information about you is collected through our website www.ivoclar.com and related services (our “Service” for short) and how your information is used. This privacy policy gives you this information.
We comply with the Information Privacy Principles (IPPs) as set out in the Privacy Act 2020 (NZ) (Privacy Act). The Privacy Act details how personal information may be collected, used, disclosed, stored, and destroyed, and how an individual may gain access to or make a complaint about the personal information held about them.
Your personal information will be stored, collected and used in accordance with this privacy policy and the relevant statutory data protection regulations.
Our employees and agents who process your enquiries are obliged to maintain confidentiality.
We reserve the right to revise this Policy or any part of it from time to time.
4. Definitions
4.1 “Customer Portal” means the online tool accessible via www.ivoclar.com through which you can access the following “Services”.
4.2 “Services” means all the services we offer through our “Customer Portal”. Depending on whether the service is available in the respective country, the following services can be currently used on this platform:
(a) “Customer enquiries” about our products and services: This Service allows our customers to provide their contact details and request information about our products and Services.
(b) “Webshop”: The Webshop allows our registered customers to order online the products available online in the respective country and have them delivered to the desired address.
(c) “Customer Academy”: The Customer Academy enables customers to book online and onsite courses and seminars available in the respective country, both for a fee and free of charge.
(d) “Event Registration”: This service allows customers to register for marketing events available in their country, such as roadshows, trade fairs, product demonstrations, competitions/prize draws and request free product samples.
(e) “Device Registration”: This service allows our customers to enter their address in our customer system or to register as a customer (depending on the options offered, comparable to the registration in the Webshop) and to record the purchased devices with serial number.
(f) “Ivoclar Cloud”: This service enables our registered customers to temporarily store data (e.g. 3D models of dental restorations) in the Ivoclar Cloud and to securely transfer them to third parties selected by them (e.g. dental technicians).
(g) “eIFU”: The eIfU functionality delivers the instructions for use for each product. By subscribing to changes, we send a notification whenever a document has been updated.
4.3 In this Privacy Policy,
(a) "Personal Information” means information about an identifiable individual. The information and/or opinion (including information or opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual who is identifiable, whose identity is apparent, or whose identity can reasonably be ascertained, from the information or opinion.
(b) "Sensitive Information” is a sub-set of personal information and includes information or opinion about (for example) an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record. It also includes health information and genetic information.
5. What personal information is collected and stored
Which personal information is collected and stored depends on which services you use on our platform.
We will notify you whether the giving of personal information is compulsory or voluntary for our primary purpose for collection.
5.1 Data or categories of data:
(a) As with any website, our server automatically and temporarily collects and stores the following information in the server log files, which are transmitted by the browser, unless this has been deactivated by you:
- domain name or IP address of the requesting computer
- file requests of the client (file name and the corresponding data of the complete Internet address)
- the HTTP response code
- the Internet page from which you are visiting us (referrer URL)
- date and time of the server request
- browser type and version
- operating system used by the requesting computer
- cookies (see cookie below and our cookie policy for more details) are also used to collect anonymous traffic data from users of our website. This anonymous traffic data may be used for market research purposes and the demand-oriented design of our website.
(b) When using the platform for customer enquiries, the following data are collected from the customer. Mandatory details required for processing are marked separatelywhen entering, further information is voluntary:
- Email
- Academic title
- Gender
- First name & Surname
- Phone
- Fax
- Preferred communication channel
- VAT no.
- E-mail for electronic invoicing
- Control code
- Licence number
- Company name
- Customer number
- Name of the owner
- Sector
- Function
- Street & house number of the company
- Additional company address
- Company postcode
- Company location
- State/province of the company
- Company country
(c) When using the “Webshop” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:
- Invoice and delivery address(es)
- Products and services you order or purchase
- Your feedback (also public) on our products and services in the sense of ratings, customer reviews or customer satisfaction
(d) When using the “Customer Academy” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:
- Invoice and delivery address(es)
- Products and services you order or purchase
- Personal licence number
- Your feedback (also public) on our products and services in the sense of ratings, customer reviews or customer satisfaction
(e) When using the “Device Registration” service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:
- Serial no. of the device to be registered
- Machine type
(f) When using the “Ivoclar Cloud” service, the following further data are collected over and above the personal data already mentioned while using the “Webshop” service:
- Recipient of the data with his contact details
The customer has the possibility of transmitting data via this service in accordance with the respective applicable terms of use for this service or storing them there. Here we store and transmit the data that the customer voluntarily places there or wants to pass on to third parties. This can also be personal data for which the customer alone is responsible.
(h) When using the “Dash Board” service, no further data are collected beyond the personal data already mentioned while using the platform for the respective service.
5.2 The Data subject groups (also known as “individuals”) from whom personal information is collected:
(a) Users of the homepage
(b) Our customers
(c) Employees of our customers
(d) Contractual partners of our customers
(e) Our employees
5.3 Tools:
We are enabling our customers to proceed with registration or log-in, quickly without providing any credentials, by using the OwnID widget embedded in our applicable services. In this framework, we or OwnID (www.ownid.com) do not process personal data related to our customers. The OwnID widget only uses the customer’s device’s verification methods (e.g. Face ID) for authentication purposes. This information is not stored or processed by us or OwnID. The entire verification and authentication process happens within customer’s device. Details concerning data processing by OwnID can be found here (https://ownid.com/privacy.html).
You have the option of not identifying yourself or of using a pseudonym when dealing with us, unless the use of your true identity is a legal requirement or necessary to complete the enquiry or transaction.
6. For what purpose is your personal information collected and stored and how is it used?
We process your personal data to operate, provide and improve our services. These purposes include:
7. Social networks
On our website you will find links to social networks such as Facebook, Twitter, YouTube, LinkedIn and Instagram. Only when you have clicked on the respective button, data (original page, user name if you are logged into the respective service, IP address) will be transmitted to the platform operator. Please refer to the privacy policy of the respective platform operator for information on its collection and use of data.
8. What about cookies?
A cookie is a small file containing a string of characters that is transmitted to your computer when you visit a website. If you then visit the website again, the cookie allows this page, for example, to recognise your browser again. Cookies are not usually used to store personal data, but can store user preferences and other information. You can set your browser to reject all cookies or to inform you when a cookie is sent. Please follow the instructions in the help function of your browser regarding the prevention and deletion of cookies.
We use cookies to enable our systems to recognise the terminal device or browser you are using and to provide you with our services. Some functionalities or services of the website may not function properly without cookies and we therefore recommend that you accept cookies so that you can make full use of our website.
For more information about cookies and how we use them, please read our cookies notice (https://www.ivoclar.com/cookies).
9. Recipients of the data or categories of recipients:
We disclose customers’ personal data to the extent described below:
that are either subject to this Privacy Policy or implement measures that provide at least as much protection as those described in this Privacy Policy and where such disclosure is necessary.
Service provider and contractual partner:
We engage other companies and individuals to perform tasks for us. Examples include, but are not limited to, fulfilling orders for products and services, deliveries, sending letters or emails, maintaining our customer lists, analysing our databases, supporting promotional activities, providing search results and links (including paid offers and links), processing payments (credit card, direct debit and bill payment), transmission of content, assessing credit risk and providing customer service. These third party service providers and contractors have access to personal data needed to perform their tasks. However, they may not use them for other purposes. Furthermore, they shall process the data in accordance with this privacy policy and the relevant data protection laws.
Protection of the Data Controller:
We disclose personal data about customers when we are required to do so by law or when such disclosure is necessary to enforce our general terms and conditions or other agreements or to protect our rights and the rights of our customers and third parties. This also includes data exchange with companies to prevent and minimise misuse and credit card fraud.
In all other cases, we will inform you if personal data is to be transferred to third parties. This gives you the opportunity to decide that your data should not be shared with the third party.
Data transfer to countries outside the European Economic Area:
When transferring personal data to third parties in countries outside the European Economic Area (EEA), we always ensure that the transfer of data is in accordance with this privacy policy and applicable data protection laws.
10. Legal basis for data processing by the Data Controller
Insofar as we obtain the consent of the data subject for processing operations involving personal data, this consent shall serve as the legal basis.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the performance of the contract shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, this legal obligation serves as the legal basis.
In the event that vital interests of the data subject or another natural person make processing of personal data necessary, those vital interests shall serve as the legal basis.
If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, this legitimate interest shall serve as the legal basis for the processing.
11. Data quality and requests for access and correction
We will take reasonable steps to ensure that the personal information we use or disclose is accurate, complete and up to date, having regard to the purpose of the use or disclosure.
We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.
When you request access to the personal information we hold about you, or request that we change that personal information, we will allow access or make the changes unless we consider that there is a sound and permitted reason under applicable data protection laws that governs whether we can withhold the information and/or not make the changes.
In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the personal information as requested, we will give you written reasons why. For further information, please contact us.
We will provide you with written notice if we refuse to correct the personal information as requested by you. Subject to the requirements and permissions of the applicable data protection laws, the written notice will set out:
We will respond to a correction request within a reasonable period. We will not charge for making the request, for correcting the information, or for associating any statement with the personal information.
To assist us to keep our records up-to-date, please notify us of any changes to your personal information.
We store your personal information to enable you to use our services on an ongoing basis. We will retain your information for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.
12. Data Security
We use up-to-date technical and organisational security measures to protect the data under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. E.G.:
Our security measures are continuously improved in line with technological developments.
13. Data Breaches
If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach.
In New Zealand, we will conduct this assessment expeditiously, and where it is ascertained that a breach has actually occurred and where required by law, we will notify the New Zealand Privacy Commissioner in accordance with relevant timelines (noting the guidance expectation of 72 hours of the data breach occurring).
14. Commisioned data processing
A transfer to external service providers may take place within the framework of commissioned processing under Article 28 GDPR. These processors have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and are regularly monitored.
The following Data Processors have been engaged for the platform:
- SAP CDC (Cloud)
- Salesforce.com EMEA Limited (Cloud)
- Pimcore (Cloud)
- Paymetric & Secure Pay (payment service provider)
- New Zealand Companies Register (credit check)
- MYOB advanced payroll (Payroll)
- Qualitrics
If necessary, other Data Processors can be added. Upon your request, we will provide you with a list of all Data Processors.
15. Transfer of peronsla information to third countries
Our business is affiliated with other businesses, vendors, contractors and service providers located overseas. In the course of doing business with you, we may disclose some of your personal information to overseas recipients, particularly where we have identified commercial opportunities that may benefit you. However, we will only do so where:
In the New Zealand context:
We will also share your personal information with our overseas affiliates (other entities for example, the Data Processors mentioned in the section above) in the Ivoclar Vivadent group of companies, located in https://www.ivoclar.com/en_li/tools/group-companies
16. Tracking with fusedeck
This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.
For more information on data protection and the rights which data subjects have in connection with “fusedeck”, including their right to “opt out” (right to object), please refer to the Privacy Policy and the Information on the Right to Object.
https://io.fd.ivoclar.com/en/5rat9XCVP2
17. Infrastructure Monitoring with Dynatrace
The website uses Dynatrace as a monitoring tool for technical issues users could experience. Dynatrace is a US company located in Waltham. The solution tracks technical errors and stores an anonymized user session recording if errors appear.
For more information, please refer to the Dynatrace website: https://www.dynatrace.com/company/trust-center/privacy
18. Monitoring with Cloudflare
This Website uses “Cloudflare”, a security measure put in place to protect our websites from malicious bots and automated attacks. Cloudflare is a US based company located in California. It is an invisible check on the legitimacy of users who submit their data through webforms on this website. Cloudflare only consults session data to validate the user's human behaviour and relies on data from device manufacturers or machine learning models, it does not collect sensitive information nor does it place cookies. For details and more information on Cloudflare’s data processing and privacy policy, please refer to the Data Privacy declaration on following page:
https://www.cloudflare.com/privacypolicy
19. Tracking with Microsoft Clarity
This website uses Microsoft Clarity which is a user behaviour analytics tool that helps us understand how users interact with our website. Microsoft Clarity collects data related to user sessions, such as mouse movements, clicks, scrolls, and other interactions on our website. This information helps us improve the design and functionality of our website.
For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
20. Tracking with Qualtrics
When using the “Voice of Customer” surveys on ivoclar.com, the following further data are collected over and above the personal data already mentioned while using all online services mentioned before:
Automatic data collection: We, our service providers and our business partners may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the services, online resources and our communications, including:
21. Complaints and Concerns
We have procedures in place for dealing with complaints and concerns about our practices in relation to local privacy laws. We will respond to your complaint in accordance with the relevant provisions of the local privacy laws. For further information, please contact us.
20. Amendment of this privacy policy
We may amend this privacy policy at any time by publishing the amended version. The respective changes will be announced here so that you can find out about them at any time.
Revised: October 2024