Privacy Policy

SC Equinox Dental Education SRL (hereinafter "Equinox Dental", "we", "us", or the "Controller") is committed to protecting the privacy of your personal data.

This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our educational platform (education.equinoxdental.ro), in accordance with:

• Regulation (EU) 2016/679 of the European Parliament and of the Council (the General Data Protection Regulation — "GDPR")
• Romanian Law No. 190/2018 implementing the GDPR in Romania
• Romanian Law No. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector

Please read this policy carefully. By using our platform, you acknowledge that you have reviewed the practices described in this document.

The controller of your personal data is:

• Company name: SC Equinox Dental Education SRL
• Tax ID (CUI): 53842387
• Trade Registry No.: J2026008416003
• Registered address: Str. Câmpul Pipera Nr. 13G, Voluntari, Ilfov County, Romania
• Email: education@equinoxdental.ro
• Phone: 0752 299 468
• Website: equinoxdental.ro

We have designated a Data Protection Officer (DPO) whom you may contact for any questions or requests regarding the processing of your personal data:

• Email: dpo@equinoxdental.ro

Our DPO is available to assist you with any requests regarding the exercise of your rights or for clarifications about the processing of personal data.

Data provided directly by you:

• Full name (registration and contact forms)
• Email address (registration, contact, newsletter)
• Phone number (registration, contact)
• Message text — optional (contact form)
• Course preference / selected package (registration form)

Data collected automatically:

• IP address
• Browser type and version
• Operating system and device type
• Pages visited, time spent on site, browsing patterns (via PostHog — only with your consent)
• Referral source
• Session identifiers
• Cookie data (session and analytics cookies)

Data we do NOT collect:

• Special categories of data under Art. 9 GDPR (health data, racial or ethnic origin, political opinions, religious beliefs, biometric or genetic data, sexual orientation)
• Criminal conviction data (Art. 10 GDPR)
• Financial or payment data (payments are handled by external payment processors)

We process your personal data only on the basis of a valid legal ground under Art. 6(1) GDPR:

Our legitimate interests include:

• Responding promptly to inquiries received through the contact form
• Ensuring website security and preventing automated abuse
• Administrative purposes and internal record-keeping

Your personal data may be shared with the following recipients, exclusively for the purposes mentioned above:

• PostHog (web analytics provider) — as a data processor, under a Data Processing Agreement (DPA)
• Google Analytics (web analytics provider, Google Ireland Ltd.) — as a data processor, under Google's data processing terms
• Email service provider — for newsletters and transactional emails, as a data processor
• Hosting/server provider — for hosting and operating the platform
• Course lecturers / speakers — name and email, exclusively for participant coordination
• Accounting and tax consultants — in accordance with applicable legislation
• Public authorities — when required by law (ANAF, courts, law enforcement agencies)

We do not sell, rent, or trade your personal data to any third party.

Your personal data is primarily processed and stored within the European Union / European Economic Area (EU/EEA).

To the extent that some of our service providers operate or store data outside the EU/EEA, we ensure that adequate safeguards are in place, such as:

• Adequacy decisions by the European Commission (Art. 45 GDPR)
• Standard Contractual Clauses of the European Commission (Art. 46(2)(c) GDPR)
• Other approved transfer mechanisms in accordance with applicable legislation

You may request additional information about international data transfers by contacting our DPO at dpo@equinoxdental.ro.

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

After the retention period expires, data is permanently deleted or irreversibly anonymized.

Under the GDPR, you have the following rights regarding your personal data:

1. Right of access (Art. 15) — the right to obtain confirmation of data processing and receive a copy of your data
2. Right to rectification (Art. 16) — the right to have inaccurate data corrected or incomplete data completed
3. Right to erasure / "right to be forgotten" (Art. 17) — the right to have your data deleted under certain circumstances (consent withdrawn, data no longer necessary, unlawful processing, etc.)
4. Right to restriction of processing (Art. 18) — the right to limit how your data is processed in certain situations
5. Right to data portability (Art. 20) — the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller
6. Right to object (Art. 21) — the right to object to processing based on legitimate interest or direct marketing (absolute right for direct marketing)
7. Right to withdraw consent (Art. 7(3)) — you may withdraw consent at any time without affecting the lawfulness of prior processing; for the newsletter, use the unsubscribe link in each email
8. Right not to be subject to automated decision-making (Art. 22) — the right not to be subject to a decision based solely on automated processing, including profiling

How to exercise your rights:

• Email: dpo@equinoxdental.ro
• We will respond within 30 calendar days (extendable by an additional 60 days for complex requests, with prior notification)
• Exercising your rights is free of charge
• We may request identity verification before processing your request

If you believe that the processing of your personal data violates data protection legislation, you have the right to lodge a complaint with the competent supervisory authority:

• Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
• Address: B-dul G-ral. Gheorghe Magheru nr. 28-30, Sector 1, postal code 010336, Bucharest, Romania
• Website: www.dataprotection.ro
• Email: anspdcp@dataprotection.ro
• Phone: +40.318.059.211

We encourage you to first contact us at dpo@equinoxdental.ro so we can try to resolve any issue before a formal complaint is filed.

Cookies are small text files stored on your device when you visit our website. We use them to ensure website functionality and, with your consent, for analytics.

Essential cookies (do not require consent):

Analytics cookies (require consent):

Analytics cookies are activated only after you give consent via the cookie banner displayed on your first visit.

Managing cookies:

• Via the cookie banner on the website ("Accept" / "Decline" / "Settings" buttons)
• Via your browser settings
• Declining analytics cookies does not affect website functionality

• Newsletter subscription is voluntary and is not a condition for course registration
• Explicit consent is required under Romanian Law No. 506/2004
• Every email contains an unsubscribe link
• We do not sell or share the subscriber list with third parties
• Frequency: occasional communications about new courses, early bird offers, and available spots

You may withdraw consent at any time via the unsubscribe link in any email or by contacting dpo@equinoxdental.ro.

We have implemented appropriate technical and organizational measures to protect your data, in accordance with Art. 32 GDPR:

Technical measures:

• HTTPS/SSL encryption for all communications
• Secure database storage with restricted access
• Access controls and password protection
• Anti-spam measures on registration forms

Organizational measures:

• Access limited on a need-to-know basis
• Data Processing Agreements (DPA) with all processors
• Security incident response procedures

In the event of a personal data breach:

• ANSPDCP will be notified within 72 hours (Art. 33 GDPR), if the breach is likely to result in a risk to the rights and freedoms of data subjects
• Affected individuals will be notified without undue delay (Art. 34 GDPR), if the breach is likely to result in a high risk
• We will take immediate corrective measures to limit the impact and prevent recurrence

Our platform and courses are intended exclusively for dental professionals (adults).

• We do not knowingly collect data from persons under 16 years of age
• Under Romanian Law No. 190/2018, consent for persons under 16 must be given or authorized by the holder of parental responsibility
• If we discover that we have collected data from a minor, it will be deleted immediately

Our website may contain links to external websites. We are not responsible for the privacy practices or content of these third-party sites. We encourage you to review the privacy policies of any website you visit through links on our platform.

• We reserve the right to update this policy at any time
• Material changes will be communicated through a notice on the website
• The date of the last update is displayed at the beginning of this document
• Continued use of the platform after changes are published constitutes acceptance of the new version

For any questions regarding this policy, please contact us at dpo@equinoxdental.ro.