Privacy Policy 

1. Contact Details

The Agency within the meaning of the Privacy Act 2020 (NZ) is

Ivoclar Vivadent Ltd
12 Omega St, Rosedale
PO Box 303011 North Harbour
Auckland 0751
New Zealand
Phone +64 9 914 9999
E-mail: info.nz@ivoclar.com

2. Privacy Officer

The Privacy Officer of the Agency can be reached at:

Ivoclar Vivadent Ltd
Attn. Data Protection Officer
PO Box 303011 North Harbour
Auckland 0751
New Zealand
Phone +64 9 914 9999
E-Mail: dataprotection.auckland@ivoclar.com

3. Introduction

The protection of your personal data and of your private life are very important to us in terms of data protection. You need to know what information about you is collected through our website www.ivoclar.com and related services (our “Service” for short) and how your information is used. This privacy policy gives you this information.

We comply with the Information Privacy Principles (IPPs) as set out in the Privacy Act 2020 (NZ) (Privacy Act). The Privacy Act details how personal information may be collected, used, disclosed, stored, and destroyed, and how an individual may gain access to or make a complaint about the personal information held about them.

Your personal information will be stored, collected and used in accordance with this privacy policy and the relevant statutory data protection regulations.

Our employees and agents who process your enquiries are obliged to maintain confidentiality.

We reserve the right to revise this Policy or any part of it from time to time.

4Definitions

4.1 “Customer Portal” means the online tool accessible via www.ivoclar.com through which you can access the following “Services”.

4.2 “Services” means all the services we offer through our “Customer Portal”. Depending on whether the service is available in the respective country, the following services can be currently used on this platform:

(a) “Customer enquiries” about our products and services: This Service allows our customers to provide their contact details and request information about our products and Services.

(b) “Webshop”: The Webshop allows our registered customers to order online the products available online in the respective country and have them delivered to the desired address.

(c) “Customer Academy”: The Customer Academy enables customers to book online and onsite courses and seminars available in the respective country, both for a fee and free of charge.

(d) “Event Registration”: This service allows customers to register for marketing events available in their country, such as roadshows, trade fairs, product demonstrations, competitions/prize draws and request free product samples.

(e) “Device Registration”: This service allows our customers to enter their address in our customer system or to register as a customer (depending on the options offered, comparable to the registration in the Webshop) and to record the purchased devices with serial number.

(f) “Ivoclar Cloud”: This service enables our registered customers to temporarily store data (e.g. 3D models of dental restorations) in the Ivoclar Cloud and to securely transfer them to third parties selected by them (e.g. dental technicians).

(g) “eIFU”: The eIfU functionality delivers the instructions for use for each product. By subscribing to changes, we send a notification whenever a document has been updated.

4.3 In this Privacy Policy,

(a) "Personal Information” means information about an identifiable individual. The information and/or opinion (including information or opinion forming part of a database), whether true or not, and whether recorded in a material form or not, about an individual who is identifiable, whose identity is apparent, or whose identity can reasonably be ascertained, from the information or opinion.

(b) "Sensitive Information” is a sub-set of personal information and includes information or opinion about (for example) an individual’s racial or ethnic origin, political opinions, political association membership, religious beliefs or affiliations, philosophical beliefs, professional or trade association membership, trade union membership, sexual orientation or practices or criminal record.  It also includes health information and genetic information.

5. What personal information is collected and stored

Which personal information is collected and stored depends on which services you use on our platform.

We will notify you whether the giving of personal information is compulsory or voluntary for our primary purpose for collection.

5.1 Data or categories of data:

(a) As with any website, our server automatically and temporarily collects and stores the following information in the server log files, which are transmitted by the browser, unless this has been deactivated by you:

- domain name or IP address of the requesting computer
- file requests of the client (file name and the corresponding data of the complete Internet address)
- the HTTP response code
- the Internet page from which you are visiting us (referrer URL)
- date and time of the server request
- browser type and version
- operating system used by the requesting computer
- cookies (see cookie below and our cookie policy for more details) are also used to collect anonymous traffic data from users of our website. This anonymous traffic data may be used for market research purposes and the demand-oriented design of our website.

(b) When using the platform for customer enquiries, the following data are collected from the customer. Mandatory details required for processing are marked separatelywhen entering, further information is voluntary:

- Email
- Academic title
- Gender
- First name & Surname
- Phone
- Fax
- Preferred communication channel
- VAT no.
- E-mail for electronic invoicing
- Control code
- Licence number
- Company name
- Customer number
- Name of the owner
- Sector
- Function
- Street & house number of the company
- Additional company address
- Company postcode
- Company location
- State/province of the company
- Company country

(c) When using the “Webshop” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:

- Invoice and delivery address(es)
- Products and services you order or purchase
- Your feedback (also public) on our products and services in the sense of ratings, customer reviews or customer satisfaction

(d) When using the “Customer Academy” service, the following further data are collected in addition to the personal data already mentioned while using the platform for customer enquiries:

- Invoice and delivery address(es)
- Products and services you order or purchase
- Personal licence number
- Your feedback (also public) on our products and services in the sense of ratings, customer reviews or customer satisfaction

(e) When using the “Device Registration” service, in addition to the personal data already collected while using the platform for customer enquiries, the following further data will be collected:

- Serial no. of the device to be registered
- Machine type

(f) When using the “Ivoclar Cloud” service, the following further data are collected over and above the personal data already mentioned while using the “Webshop” service:

- Recipient of the data with his contact details

The customer has the possibility of transmitting data via this service in accordance with the respective applicable terms of use  for this service or storing them there. Here we store and transmit the data that the customer voluntarily places there or wants to pass on to third parties. This can also be personal data for which the customer alone is responsible.

(h) When using the “Dash Board” service, no further data are collected beyond the personal data already mentioned while using the platform for the respective service.

5.2  The Data subject groups (also known as “individuals”) from whom personal information is collected:

(a) Users of the homepage

(b) Our customers

(c) Employees of our customers

(d) Contractual partners of our customers

(e) Our employees

5.3 Tools: 

We are enabling our customers to proceed with registration or log-in, quickly without providing any credentials, by using the OwnID widget embedded in our applicable services. In this framework, we or OwnID (www.ownid.com) do not process personal data related to our customers. The OwnID widget only uses the customer’s device’s verification methods (e.g. Face ID) for authentication purposes. This information is not stored or processed by us or OwnID. The entire verification and authentication process happens within customer’s device. Details concerning data processing by OwnID can be found here (https://ownid.com/privacy.html).

You have the option of not identifying yourself or of using a pseudonym when dealing with us, unless the use of your true identity is a legal requirement or necessary to complete the enquiry or transaction.

6. For what purpose is your personal information collected and stored and how is it used?

We process your personal data to operate, provide and improve our services. These purposes include:

  • Information about our products and services requested by the interested parties and customers. We use your personal data to send you the information you have requested via the desired communication channel.
  • Purchase and supply of products and services. We use your personal data to take and process orders, deliver products (whether chargeable or free of charge)  and provide services (whether chargeable or free of charge), develop and assess the need for new products and services, develop, test and launch new products and services, process payments and communicate with you about orders, products and services (e.g. transactional communications or requests for feedback in terms of ratings, customer reviews, customer satisfaction, needs assessment, development, testing and launch of purchased products or services). Furthermore, we use your personal data to fulfil our legal (e.g. warranty) and contractual (e.g. guarantee contract) obligations within the scope of the purchase, guarantee or service contract.
  • Providing, troubleshooting and improving our services (e.g. IV Cloud). We use your personal data to provide features, analyse services and products, troubleshoot and improve the usability and effectiveness of our services.
  • Recommendations and personalisation. If you have consented to this, we will process your personal data to recommend functionality, products and services that may be of interest to you, to identify your preferences and to personalise your experience of our services.
  • Compliance with legal obligations. In certain cases we are subject to legal obligations to collect and process your personal data. For example, we collect data from buyers regarding their registered office, tax number (if required) and their bank account information for identity verification and other purposes.
  • Communication with you. If you have consented to this or if another legal basis (e.g. contract or legitimate interest) allows this, then we will use your personal data to communicate with you via various channels (e.g. by phone, email, chat, messenger, SMS, fax, in person, by post or other communication tools such as Showpad) regarding our products and services.
  • Advertisements and marketing. If you have consented to this, we will use your personal data already collected and other data such as your interactions with our and other’s services (such as social media platforms), content or services, which we will automatically evaluate to serve interest-based ads for products and services or, if you have consented, to send you information about products and services from us and our affiliates (https://www.ivoclar.com/en_li/tools/group-companies) that may be of interest to you by email or through communications. We use data that personally identifies you to display interest-based advertising.
  • Reminder of a shopping basket that has not been completed. If you have agreed to this, you will be informed by e-mail that you have products or services in your shopping basket in our Webshop without having completed the purchase.
  • Fraud prevention and credit risks. We process personal data to prevent or detect fraud and abuse to protect the security of our customers, our business and third parties. To assess and deal with credit risks, we also use scoring procedures where appropriate and work with external partners (e.g. dun & bradstreet).
  • Review and supplement our data. We process personal data in order to check the accuracy of this data and to supplement them if necessary. To this end, we also collect publicly available data on social media platforms and, where appropriate, we work with external partners that provide us with data.
  • Purposes for which we seek your consent. We may ask for your consent to process your personal data for a specific purpose, which we will communicate to you. If you consent to the processing of your personal data for a specific purpose, you may freely withdraw your consent at any time and we will stop processing your data for that purpose.

7. Social networks

On our website you will find links to social networks such as Facebook, Twitter, YouTube, LinkedIn and Instagram. Only when you have clicked on the respective button, data (original page, user name if you are logged into the respective service, IP address) will be transmitted to the platform operator. Please refer to the privacy policy of the respective platform operator for information on its collection and use of data. 

8. What about cookies?

A cookie is a small file containing a string of characters that is transmitted to your computer when you visit a website. If you then visit the website again, the cookie allows this page, for example, to recognise your browser again. Cookies are not usually used to store personal data, but can store user preferences and other information. You can set your browser to reject all cookies or to inform you when a cookie is sent. Please follow the instructions in the help function of your browser regarding the prevention and deletion of cookies.

We use cookies to enable our systems to recognise the terminal device or browser you are using and to provide you with our services. Some functionalities or services of the website may not function properly without cookies and we therefore recommend that you accept cookies so that you can make full use of our website.

For more information about cookies and how we use them, please read our cookies notice (https://www.ivoclar.com/cookies).

9. Recipients of the data or categories of recipients:

We disclose customers’ personal data to the extent described below:

  • Departments of Ivoclar Vivadent AG and affiliated companies  (https://www.ivoclar.com/en_li/tools/group-companies) and their employees,
  • Technical services, insofar as necessary for the fulfilment of the contractual relationship,
  • Data processors and other service providers and contractual partners, to the extent necessary for the fulfilment of the contractual relationship, and
  • Public bodies under overriding legal obligations

that are either subject to this Privacy Policy or implement measures that provide at least as much protection as those described in this Privacy Policy and where such disclosure is necessary.

Service provider and contractual partner:

We engage other companies and individuals to perform tasks for us. Examples include, but are not limited to, fulfilling orders for products and services, deliveries, sending letters or emails, maintaining our customer lists, analysing our databases, supporting promotional activities, providing search results and links (including paid offers and links), processing payments (credit card, direct debit and bill payment), transmission of content, assessing credit risk and providing customer service. These third party service providers and contractors have access to personal data needed to perform their tasks. However, they may not use them for other purposes. Furthermore, they shall process the data in accordance with this privacy policy and the relevant data protection laws.

Protection of the Data Controller:

We disclose personal data about customers when we are required to do so by law or when such disclosure is necessary to enforce our general terms and conditions or other agreements or to protect our rights and the rights of our customers and third parties. This also includes data exchange with companies to prevent and minimise misuse and credit card fraud.

In all other cases, we will inform you if personal data is to be transferred to third parties. This gives you the opportunity to decide that your data should not be shared with the third party.

Data transfer to countries outside the European Economic Area:

When transferring personal data to third parties in countries outside the European Economic Area (EEA), we always ensure that the transfer of data is in accordance with this privacy policy and applicable data protection laws.

10. Legal basis for data processing by the Data Controller

Insofar as we obtain the consent of the data subject for processing operations involving personal data, this consent shall serve as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the performance of the contract shall serve as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject, this legal obligation serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, those vital interests shall serve as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not override the former interest, this legitimate interest shall serve as the legal basis for the processing.

11. Data quality and requests for access and correction

We will take reasonable steps to ensure that the personal information we use or disclose is accurate, complete and up to date, having regard to the purpose of the use or disclosure.

We have procedures in place for dealing with and responding to requests for access to, and correction of, the personal information held about you.

When you request access to the personal information we hold about you, or request that we change that personal information, we will allow access or make the changes unless we consider that there is a sound and permitted reason under applicable data protection laws that governs whether we can withhold the information and/or not make the changes.

In most cases, we expect that we will be able to comply with your request. However, if we do not agree to provide you access or to correct the personal information as requested, we will give you written reasons why. For further information, please contact us.

We will provide you with written notice if we refuse to correct the personal information as requested by you. Subject to the requirements and permissions of the applicable data protection laws, the written notice will set out:

  • the reason for refusal (unless this would be unreasonable);
  • the mechanisms available to complain about the refusal; and
  • any other matter prescribed by the applicable data protection laws.

We will respond to a correction request within a reasonable period. We will not charge for making the request, for correcting the information, or for associating any statement with the personal information.

To assist us to keep our records up-to-date, please notify us of any changes to your personal information.

We store your personal information to enable you to use our services on an ongoing basis. We will retain your information for as long as is necessary to fulfil the purposes described in this privacy policy or as required by law, e.g. for tax and accounting purposes.

12. Data Security

We use up-to-date technical and organisational security measures to protect the data under our control against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. E.G.:

  • To protect the security of your information during transmission, we use Secure Sockets Layer software (SSL). This software encrypts the data that you transmit.
  • When dealing with credit cards, our partner follows the Payment Card Industry Data Security Standard (PCI DSS) for the processing of payments by credit card.
  • We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal information of our customers. These security measures include asking you to provide proof of your identity before we disclose any personal information to you.

Our security measures are continuously improved in line with technological developments.

13. Data Breaches

 

If we suspect that a data breach has occurred, we will undertake an assessment into the circumstances of the suspected breach.

In New Zealand, we will conduct this assessment expeditiously, and where it is ascertained that a breach has actually occurred and where required by law, we will notify the New Zealand Privacy Commissioner in accordance with relevant timelines (noting the guidance expectation of 72 hours of the data breach occurring).

14. Commisioned data processing

A transfer to external service providers may take place within the framework of commissioned processing under Article 28 GDPR. These processors have been carefully selected and commissioned by us, are bound by our instructions and the provisions of the GDPR and are regularly monitored.

The following Data Processors have been engaged for the platform:

- SAP CDC (Cloud)
- Salesforce.com EMEA Limited (Cloud)
- Pimcore (Cloud)
- Paymetric & Secure Pay (payment service provider)
- New Zealand Companies Register (credit check)
- MYOB advanced payroll (Payroll)
- Qualitrics

If necessary, other Data Processors can be added. Upon your request, we will provide you with a list of all Data Processors.

15. Transfer of peronsla information to third countries

Our business is affiliated with other businesses, vendors, contractors and service providers located overseas. In the course of doing business with you, we may disclose some of your personal information to overseas recipients, particularly where we have identified commercial opportunities that may benefit you. However, we will only do so where:

In the New Zealand context:

  • The overseas recipient is subject to the New Zealand Privacy Act as they do business in New Zealand;
  • The overseas recipient will adequately protect the information;
  • The overseas recipient is subject to privacy laws that provide comparable safeguards to the New Zealand Privacy Act;
  • You have provided consent; or
  • It is otherwise permitted by law.

We will also share your personal information with our overseas affiliates (other entities for example, the Data Processors mentioned in the section above) in the Ivoclar Vivadent group of companies, located in https://www.ivoclar.com/en_li/tools/group-companies

16. Tracking with fusedeck

This Website uses “fusedeck”, a tracking solution provided by Capture Media AG (hereinafter referred to as “Capture Media”). Capture Media is a Swiss company having its registered office in Zurich which, on behalf of its customers, measures website usage in the context of engagements and events. Tracking is anonymous so that it is impossible to attribute any information gained to any identified or identifiable persons.

For more information on data protection and the rights which data subjects have in connection with “fusedeck”, including their right to “opt out” (right to object), please refer to the Privacy Policy and the Information on the Right to Object.

https://fuse.ivoclar.com/de/5rat9XCVP2

17. Infrastructure Monitoring with Dynatrace

The website uses Dynatrace as a monitoring tool for technical issues users could experience. Dynatrace is a US company located in Waltham. The solution tracks technical errors and stores an anonymized user session recording if errors appear. 

For more information, please refer to the Dynatrace website: https://www.dynatrace.com/company/trust-center/privacy

18. Monitoring with Cloudflare

This Website uses “Cloudflare”, a security measure put in place to protect our websites from malicious bots and automated attacks. Cloudflare is a US based company located in California. It is an invisible check on the legitimacy of users who submit their data through webforms on this website. Cloudflare only consults session data to validate the user's human behaviour and relies on data from device manufacturers or machine learning models, it does not collect sensitive information nor does it place cookies. For details and more information on Cloudflare’s data processing and privacy policy, please refer to the Data Privacy declaration on following page: 

https://www.cloudflare.com/privacypolicy

19. Tracking with Microsoft Clarity

This website uses Microsoft Clarity which is a user behaviour analytics tool that helps us understand how users interact with our website. Microsoft Clarity collects data related to user sessions, such as mouse movements, clicks, scrolls, and other interactions on our website. This information helps us improve the design and functionality of our website.

For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.

20. Tracking with Qualtrics

When using the “Voice of Customer” surveys on ivoclar.com, the following further data are collected over and above the personal data already mentioned while using all online services mentioned before:

Automatic data collection: We, our service providers and our business partners may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the services, online resources and our communications, including:

      • Automatic data collection: We, our service providers and our business partners may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the services, online resources and our communications, including:
        • Device data such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings and general location information such as city, state or geographic area.
        • Online activity data such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the services, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access and whether you have opened or otherwise engaged with our communications, such as our marketing emails or clicked links or files within them.
      • IP Address Collection: When a user sends a survey to an individual, Ivoclar may collect IP addresses from survey respondents. The purpose of collecting this information is to prevent and protect against fraud and malicious activity, and to ensure the security of the website, app or cloud service of Ivoclar.
      • Session Replay: Ivoclar may capture data to create a replay of your sessions when you use the Ivoclar website. This technology will record how you interact with and use the Ivoclar website to help us understand how individuals use our website, to improve user experience, and improve our products and services. We do not collect IP addresses and ensure passwords and credit card details are masked. All other entries are necessary for error analysis. No third parties are used in connection with session replay.

21. Complaints and Concerns

We have procedures in place for dealing with complaints and concerns about our practices in relation to local privacy laws. We will respond to your complaint in accordance with the relevant provisions of the local privacy laws. For further information, please contact us.

20. Amendment of this privacy policy

We may amend this privacy policy at any time by publishing the amended version. The respective changes will be announced here so that you can find out about them at any time.

Revised: October 2024