Book Appointment Book Appointment Book Appointment

Privacy Policy

1. Data Controller Information

IDT Dental Clinic
Mosaic of Tirana, Rruga Sandër Prosi
Tiranë 1057, Albania
Email: info@idt.al
Phone: [+355 69 234 1136]
Data Protection Officer: [Armand Toci]

2. Data We Collect

Personal Data:

  • Name, surname, date of birth

  • Contact information (email, phone, address)

  • Passport/ID details for medical records

  • Payment information

  • Emergency contact details

Special Category Data (Health Data):

  • Medical and dental history

  • X-rays, scans, and dental photographs

  • Treatment plans and records

  • Health insurance information

  • Medication and allergy information

Technical Data:

  • IP address, browser type, device information

  • Website usage data via cookies

  • Communication preferences

3. Legal Basis for Processing

  • Contractual Necessity: To provide dental treatment services

  • Explicit Consent: For health data processing (Article 9 GDPR)

  • Legal Obligation: Maintaining medical records as required by Albanian law

  • Legitimate Interests: Improving services, marketing (with opt-out option)

4. Purposes of Processing

Primary Purposes:

  • Providing dental treatment and aftercare

  • Managing appointments and communications

  • Processing payments and insurance claims

  • Maintaining medical records as required by law

  • Coordinating travel and accommodation

Secondary Purposes (with consent):

  • Sending educational materials and oral health tips

  • Requesting feedback and reviews

  • Marketing communications about services and offers

  • Clinical research and outcome studies (anonymized)

5. Data Sharing and Transfers

We Share Data With:

  • Medical Professionals: Our dental team and specialists involved in your care

  • Service Providers: Hotel partners, transfer services (only necessary information)

  • Payment Processors: Banks and payment gateways

  • Legal Authorities: When required by Albanian or European law

  • Your Local Dentist: With your consent, for follow-up care coordination

International Transfers:

  • Data is primarily processed in Albania

  • When transferring to EU countries, we ensure GDPR-compliant safeguards

  • We use Standard Contractual Clauses for non-EEA transfers

6. Data Retention Periods

Medical Records: 30 years from last treatment (Albanian medical law requirement)

Financial Records: 10 years for accounting purposes

Marketing Data: Until consent withdrawal or 3 years of inactivity

Website Analytics: 26 months maximum

7. Your Rights Under GDPR

You have the right to:

  1. Access: Receive a copy of your personal data

  2. Rectification: Correct inaccurate or incomplete data

  3. Erasure: Request deletion of your data (“right to be forgotten”)

  4. Restriction: Limit processing of your data

  5. Portability: Receive your data in a structured, machine-readable format

  6. Object: Object to processing based on legitimate interests

  7. Withdraw Consent: Withdraw consent at any time

  8. Lodge Complaint: Complain to the Albanian Information and Data Protection Commissioner

8. Data Security Measures

Technical Measures:

  • SSL/TLS encryption for data transmission

  • Encrypted storage of sensitive health data

  • Regular security updates and patches

  • Secure backup systems

  • Two-factor authentication for staff access

Organizational Measures:

  • Staff training on data protection

  • Confidentiality agreements with all employees

  • Access controls and audit logs

  • Data protection impact assessments

  • Incident response plan

9. Cookie Policy

Essential Cookies:

Required for website functionality (always active)

Analytical Cookies:

Google Analytics (anonymized data, opt-out available)

Marketing Cookies:

Used for remarketing (active only with consent)

Cookie Consent: We use a cookie banner that requires explicit consent for non-essential cookies.

10. Children’s Privacy

We do not knowingly collect data from children under 16 without parental consent. Parents/guardians must consent to treatment and data processing for minors.

11. Automated Decision Making

We do not use fully automated decision-making processes. All treatment decisions involve human professional judgment.

12. Contact and Complaints

Data Protection Officer:

[To be appointed – contact details will be added]

Supervisory Authority:

Information and Data Protection Commissioner (Albania)
Rruga “Abdi Toptani”, Nr. 5, Tirana
Email: info@idp.al

13. Policy Updates

We will notify users of significant changes via email or website notice. Continued use constitutes acceptance of updated policy.

Our Services
General Dentistry
Cosmetic Dentistry
Pediatric Dentistry
Restorative Dentistry
Preventive Dentistry
Orthodontics
Contact Us
Monday - Friday 08.00 - 18.00
100 S Main St, New York,
contact@dentiacare.com
About Us

At Dentia, we’re dedicated to providing high-quality, personalized dental care for patients of all ages. Our skilled team uses the latest technology to ensure comfortable, efficient treatments and beautiful, healthy smiles for life.