Privacy & Cookies Policy

We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.

By using our website or application and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

Our Privacy Policy includes the following provisions, and you can jump to each by selecting the links below:

    Introduction

    We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

    Collecting personal information

    We collect information in two ways: Information we get from your use of our Services, and information you provide to us directly.

    We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.

    We may collect, store and use the following kinds of personal information: information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);

  • information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);

  • information that you provide to us when registering with our website (including your email address);

  • information that you provide when completing your profile on our website (including your name, and employment details);

  • information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters including your name and email address);

  • information that you provide to us when using the services on our website, or that is generated in the course of the use of those services (including the timing, frequency and pattern of service use;

  • information relating to any purchases you make of our services or any other transactions that you enter into through our website (including your name, address, telephone number, and email address.)

  • information that you post to our website for publication on the internet (including your user name, your profile pictures and the content of your posts);

  • information contained in or relating to any communications that you send to us or send through our website (including the communication content and meta data associated with the communication);

  • any other personal information that you choose to send to us; and

  • Before you disclose to us the personal information of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with the terms of this policy.

    What information do we collect and why?

    Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website.

    We collect basic account information such as your name, email address, username and password. This helps us secure and provide you with access to our Services.

    Profile and use information is collected about you for example if you choose to tell us your occupation, activity (including the date and time you last logged in).

    You can use Smilenotes to record notes and profile information about your clients/patients (such as date of birth, name, address). By submitting such data, you confirm that you have the authority to use such information.

    We collect information from your browser, computer, or mobile device, which provides us with technical information when you access or use the Services. This technical information includes device and network information, cookies, log files and analytics information.

    We store your note template data to assist you with note writing.

    We may use your personal information to:

  • administer our website and business;

  • personalise our website for you;

  • enable your use of the services available on our website;

  • supply to you services purchased through our website;

  • send statements, invoices and payment reminders to you, and collect payments from you;

  • send you non-marketing commercial communications;

  • send you email notifications that you have specifically requested;

  • send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter );

  • send you marketing communications relating to our business which we think may be of interest to you by email or similar technology (you can inform us at any time if you no longer require marketing communications);

  • provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user or patient from that information);

  • deal with enquiries and complaints made by or about you relating to our website;

  • keep our website secure and prevent fraud;

  • verify compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our website private messaging service); and

  • If you submit personal information for publication on our website (such as on our blog), we will publish and otherwise use that information in accordance with the licence you grant to us.

    We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing.

    All our website financial transactions are handled through our payment services provider, Stripe.com You can review the provider's privacy policy at https://stripe.com/gb/privacy We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

    If you are a registered user of our Services and have supplied us with your email address, we may occasionally send you an email to tell you about new features, ask for your feedback, or keep you up to date with what's going on with the Services. If we do send you information that you did not expressly request, we will provide you with a way to opt-out or unsubscribe from further communications.

    You can use the controls on our website to subscribe or unsubscribe to our communications email list.

    Disclosing personal information

    We may disclose your personal information to any of our employees, officers, insurers, professional advisers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy.

    We may disclose your personal information to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes set out in this policy.

    We may disclose your personal information:

  • to the extent that we are required to do so by law;

  • in connection with any ongoing or prospective legal proceedings;

  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

  • Third party service providers who are appointed on our behalf (such as web hosting providers, payment service providers, IT service providers.)

  • to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and

  • Except as provided in this policy, we will not provide your personal information to third parties.

    International data transfers

    Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.

    Information that we collect about your clients/patients (such as notes, name, address, date of birth, telephone number) may be transferred within the European Economic Area.

    Information that we collect about you (including your name, email address and username) may be transferred within the European Economic Area, USA or Canada. The EU has recognised both the US and Canada as providing adequate levels of data protection. https//ec.europa.eu

    Personal information that you publish on our website or submit for publication on our website or blog may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.

    You expressly agree to the transfers of personal information described in this Section.

    Retaining personal information

    This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.

    Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

    Without prejudice to the above paragraph, we will usually delete personal data falling within the categories set out below at the date/time set out below:

    On termination of your Smilenotes subscription, and at the request of the customer, your data (incuding patient/client data and templates) will be completely removed from the live production database and backups within 45 days.

    Your patient/client data (including all notes, name, address details, date of birth, telephone number and email address) may be permanently deleted from our servers after 90 days if you do not have a paid subscription plan.

    Notwithstanding the other provisions of this Section, we will retain documents (including electronic documents) containing personal data:

  • to the extent that we are required to do so by law;

  • if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and

  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

    Security of your personal information

    We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

    We will store all the personal information you provide on our secure (password- and firewall-protected) servers.

    All electronic financial transactions entered into through our website will be protected by encryption technology and handled by our provider Stripe.com

    You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

    We restrict access to personal information to our employees, contractors and agents who need that information in order to use and develop our software application and services.

    Data Centers

    Smilenotes production services are hosted on Digital Ocean web servers. We store data on physical servers located in London (LON1) and Amsterdam (AMS2). Further information on the security of LON1 and AMS2 data centres is available directly from Digital Ocean: digitalocean.com/security

    Certifications and Assessments

    Smilenotes uses Stripe to manage subscription payments which is PCI compliant.stripe.com/docs/security

    Smilenotes is not itself ISO27001 or SOC certified— however our cloud provider has the following server certifications:

    LON1 facility: SOC 1 Type II, ISO 27001, and PCI-DSS certified.

    AMS2 facility: SOC 1 Type II, ISO 27001, and PCI-DSS certified.

    Login Security

    You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).

    When logging in to Smilenotes using a username or email and password, Smilenotes requires a minimum of 8 characters. Repeated failed login attempts trigger a 30 second lock before a user can retry.

    Passwords are stored in a hashed form and will never be sent via email—upon account creation and password reset, Smilenotes will send a link to the email associated with the account that will enable the user to create a new password.

    For security we advise making your password longer than 12 characters using with a mix of upper and lower case letters, numbers and symbols.

    Amendments

    We may update this policy from time to time by publishing a new version on our website.

    You should check this page occasionally to ensure you are happy with any changes to this policy.

    We may notify you of changes to this policy by email.

    Your rights

    You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:

  • the payment of a fee (currently fixed at GBP 10); and

  • the supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address).

  • We may withhold personal information that you request to the extent permitted by law.

    You may instruct us at any time not to process your personal information for marketing purposes.

    In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.

    Third party websites

    Our website includes hyperlinks to, and details of, third party websites.

    We have no control over, and are not responsible for, the privacy policies and practices of third parties.

    Updating information

    Please let us know if the personal information that we hold about you needs to be corrected or updated.

Cookies

    About cookies

    A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

    Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

    Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

    Cookies can be used by web servers to identity and track users as they navigate different pages on a website and identify users returning to a website.

    Our cookies

    We use both session and persistent cookies on our website.

    we use cookies on our website to recognise a computer when a user visits the website / track users as they navigate the website / enable the use of a shopping cart on the website / improve the website's usability / analyse the use of the website / administer the website / prevent fraud and improve the security of the website / personalise the website for your needs / target advertisements which may be of particular interest to specific users / determine if you are logged in or not / save your preferences

    Analytics cookies

    We use Google Analytics to analyse the use of our website.

    Our analytics service provider generates statistical and other information about website use by means of cookies.

    Our analytics service provider generates statistical and other information about website use by means of cookies.

    Our analytics service provider's privacy policy is available at: http://www.google.com/policies/privacy/.

    Third party cookies

    Our website also uses third party cookies to enable certain functions. Disabling these cookies from these third parties will likely prevent these functions working.

    Blocking cookies

    Most browsers allow you to refuse to accept cookies; for example:

  • in Internet Explorer (version 10) you can block cookies using the cookie handling override settings available by clicking "Tools", "Internet Options", "Privacy" and then "Advanced";

  • in Firefox (version 24) you can block all cookies by clicking "Tools", "Options", "Privacy", selecting "Use custom settings for history" from the drop-down menu, and unticking "Accept cookies from sites"; and

  • in Chrome (version 29), you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.

  • in Chrome (version 29), you can block all cookies by accessing the "Customise and control" menu, and clicking "Settings", "Show advanced settings" and "Content settings", and then selecting "Block sites from setting any data" under the "Cookies" heading.

    If you block cookies, you will not be able to use all the features on our website.

    Deleting cookies

    You can delete cookies already stored on your computer; for example:

  • in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies#ie=ie-11-win-7

  • in Firefox (version 39), you can delete all cookies by clicking the Firefox menu on the browser toolbar and clicking "Options". Select the privacy menu option from the left hand menu then click “Clear your recent history” followed by “Clear now” to delete your cookies.

  • in Chrome (version 43), you can delete all cookies by clicking the Chrome menu on the browser toolbar and clicking "Settings", "Show advanced settings". In the "Privacy" section, click the Content settings button and then select "All Cookies and site data". Click “Remove all” to delete all cookies.

  • Deleting cookies will have a negative impact on the usability of many websites.

    Cookie preference

    You are unable to prevent the use of cookies other than not use our website.

    Data protection registration

    We are registered as a data controller with the UK Information Commissioner's Office.

    Our data protection registration number is ZA109116

    Our Data Protection Officer is Lee McMeeking

    We conduct internal audits of our compliance with this privacy policy, including an annual self-assessment.

    Our details

    This website is owned and operated by Smile Notes Ltd

    We are registered in England and Wales under registration number 9447490 and our registered office is at 40 Fisher Hill Way, Cardiff, CF15 8DR.

    If you have any questions about this policy or our site in general, you can contact us by writing to the business address given above, by using our website contact form or

    If you have any concerns or complaints about how you think we've handled your personal information, please contact our Data Protection Officer at the address above or

    We will work hard to investigate and resolve any complaints you might have.

    Change log

    Privacy Policy - January 2015