Privacy Policy

This page has been translated by AI. Although every effort has been made to ensure the accuracy of the content, the translation may not perfectly match the original text. The official French version prevails in the event of any inconsistency.

The company DIGILAB is committed to protecting the personal data of users of the Solution accessible at https://app.digilab.dental/, https://inbox.digilab.dental/ and the website https://digilab.dental/ ("Site").

In connection with the use of the Solution and the Site, DIGILAB may process personal data.

DIGILAB, as data controller, undertakes to protect the data collected and processed in compliance with applicable regulations and in particular Regulation (EU) No. 2016/679 of 27 April 2016 known as the "General Data Protection Regulation" or "GDPR", and French Law No. 78-17 of 6 January 1978 known as the "Data Protection Act" as amended (hereinafter referred to as the "Applicable Regulations").

This document constitutes the personal data protection policy implemented by DIGILAB and aims to inform the user of the Solution and the Site about the commitments and practical measures taken to ensure the respect and protection of personal data (hereinafter referred to as the "Policy").

For any questions regarding this Policy, you may contact DIGILAB:

By email: dpo@digilab.dental
By post: 55 avenue Foch, 75016 Paris

1. Definitions

The words and expressions used in this Policy have the meaning given to them by the Applicable Regulations, whether used in singular or plural:

Personal Data: means any information relating to a directly or indirectly identified or identifiable natural person;
Data Subject: means an identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements of their physical, physiological, genetic, mental, economic, cultural or social identity;
In the context of this policy, this refers to the user of the Solution and the Site ("User").
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing;
Processor: means the natural or legal person, public authority, agency or another body which processes Personal Data on behalf of the Data Controller;
Processing: means any operation or set of operations which is performed or not upon data or sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Terms capitalised but not defined in this Policy are defined within DIGILAB's Terms of Use. For more information, the User is invited to refer to that document.

2. Personal Data collected and purposes of Processing

DIGILAB may process the following Personal Data on the basis of the Data Subject's consent (Art. 6.1.a GDPR), for the performance of a contract (Art. 6.1.b GDPR), and legitimate interest (Art. 6.1.f GDPR):

For the purposes of registering a laboratory to the Solution and services
- Laboratory name,
- Telephone number,
- Postal address,
- Name and surname of the laboratory manager,
- Email address
- Choice of work – multiple answers (dental prosthesis, surgical guide, orthodontic treatment, retention)
For the purposes of registering a dentist to the Solution and services
- Name and surname,
- Email address,
- Postal address,
- Telephone number.
For the purposes of managing the Data Subject's account on the Solution
- Login and password,
- Any request concerning support, assistance and use of services.
For the purposes of contacting the User on the Site
- Name and surname,
- Email address,
- Free text.
For the purposes of offering the Data Subject promotional content relating to dental products and consumables, personalised according to their use of the Solution
- Email address,
- Opinion on products.
For the purposes of compiling performance statistics of the Site and the Solution and traffic analysis
- Browsing and connection data;
- IP address.
For the purposes of audience measurement
- Browsing and connection data;
- IP address.

Mandatory or optional fields are indicated by an asterisk.

When processing of Personal Data is subject to the Data Subject's consent, no processing is carried out by DIGILAB without the prior consent of the Data Subject. The Data Subject's refusal to the processing of certain of their Personal Data may result in an inability to access the services offered by the Solution or the Site.

The information provided by the Data Subject must be accurate and up to date. The Data Subject is invited to inform DIGILAB in the event that their Personal Data needs to be updated.

For any request to delete their account, the Data Subject is invited to contact DIGILAB at the following address: dpo@digilab.dental

3. Retention period

DIGILAB only retains the Personal Data of Data Subjects for the time necessary for the operations for which they were collected and in compliance with the Applicable Regulations.

The Personal Data of the Data Subject is retained for the duration of the contractual relationship between the Client and DIGILAB, then archived for five (5) years. They are then destroyed without retaining copies.

Any billing Personal Data that may be associated with the Client's professional account is retained for ten (10) years.

If a contact request from the Data Subject does not result in a contractual relationship, their Personal Data is retained for a period of two (2) years from the date of the last exchange.

4. Recipients

Within the framework of a strict access management and confidentiality policy, only recipients duly authorised by DIGILAB may access the information that the Data Subject may have communicated.

Internal recipients

The Personal Data collected may be used by DIGILAB personnel from the following departments: Marketing and communications department, product department, customer service department, IT and technical department, sales department, customer support department.

Personnel of these departments may only access the Personal Data that concerns them.

Processors and external service providers

The Personal Data collected may also be transmitted to Processors and service providers of DIGILAB, within the limits provided by the Applicable Regulations and in accordance with this Policy, in particular for the purposes of guaranteeing an optimal experience for Data Subjects in the context of using the Solution and the Site.

These Processors may be required to process this Personal Data on behalf of the Data Subject, according to their instructions, in particular in the context of managing and hosting the Solution and the Site, security, or in the context of statistics and surveys.

Identity of the Processor	Capacity
SANDER	Publisher and maintainer of the Site
Applioz SAS	Publisher and maintainer of the Solution
Google Cloud	Host of the Site
Google Cloud	Host of the Solution
Bright Data	VPN
Stripe.com	Online payment solution
CCD SNC	IT Systems Management
Mailjet	Emailing solution
Hostinger	Hosting and domain name management
MongoDB	Database hosting
Squarespace	Domain name registrar

Third parties authorised by law, such as judicial or administrative authorities

DIGILAB may share with third parties, other than those identified, anonymised or aggregated data for statistical purposes, without it being possible for these third parties to identify the Data Subject in any way whatsoever.

5. Transfer and hosting of Personal Data

In order to deliver and guarantee optimal quality of service on the Site and the Solution, DIGILAB may carry out transfers of Personal Data outside the territory of the European Union.

In this case, DIGILAB guarantees that said transfers are carried out to States that are the subject of an adequacy decision by the European Commission, demonstrating an adequate level of protection within the meaning of Article 45 of the GDPR.

In the absence of an adequacy decision, DIGILAB may transfer Personal Data outside the European Union to Processors under the conditions provided for in Article 46 of the GDPR, in particular through the use of standard contractual clauses approved by the European Commission.

6. Security measures implemented

DIGILAB undertakes to ensure the security and integrity of the Personal Data of the Data Subject.

To this end, DIGILAB implements and maintains technical and organisational security measures for the Solution and the Site and its information system, adapted to the nature of the Personal Data and the risks presented by their processing.

These measures aim to:

protect the Personal Data of the Data Subject against their destruction, loss, alteration, disclosure to unauthorised third parties,
ensure the restoration of the availability of the Personal Data of the Data Subject and access thereto within appropriate timeframes in the event of a physical or technical incident.

All browsing on the Site and the Solution is protected and encrypted using the SSL (Secure Socket Layer) protocol, for the purposes of securing all information entered or otherwise stored by the Data Subject on their device and sent to DIGILAB.

The servers hosting the Personal Data of the Data Subject are protected against physical (by access control) and logical (Firewalls) threats.

7. Rights of the Data Subject

In accordance with the Applicable Regulations, the Data Subject may exercise at any time their rights of access, rectification, portability and deletion of their Personal Data, as well as rights of restriction or objection to Processing, by contacting DIGILAB at the following email address: dpo@digilab.dental.

The Data Subject also has the right to lodge a complaint with any competent supervisory authority, such as the CNIL (https://www.cnil.fr/fr/plaintes), if they consider that the Processing of their Personal Data infringes the requirements of the Applicable Regulations.

DIGILAB reserves the right to request any information from the Data Subject before providing the elements relating to their request, including: their surname and first name, their email address, their telephone number, proof of identity, the subject of their request.

DIGILAB is required to respond to the Data Subject within a maximum period of thirty (30) days, except where a large number of requests are made simultaneously, or where the search for information requires additional time.

8. Cookie management

A cookie is a text file that may be stored on the computer, tablet or smartphone of an internet user when browsing and using a website.

The storage of cookies on an internet user's device may or may not require their prior consent.

Cookies exempt from prior consent are those that are strictly necessary for the proper functioning of the Site or the Solution.

Cookies that require a consent request include, for example:

Cookies related to advertising operations;
Social media cookies generated by sharing buttons;
Certain audience measurement cookies.

From the cookie banner, the User may block the deposit of certain cookies subject to their consent, while being aware that certain features of the Site or the Solution will no longer be accessible or may be altered.

For more information on the cookies used on the Site or the Solution, their function and their retention period, the User is invited to consult the "Show details / Cookies settings" tabs of the relevant cookie banner.

9. Modification of the Policy

This Policy may be modified according to the development of the Site, the Solution and the services offered by DIGILAB, as well as in the event of legal, case law, CNIL decisions and recommendations or usage developments.

The version of the Privacy Policy is the one applicable on the day of use of the Site or the Solution by the User.

Version current as of 23 March 2026