When ordering services or registering on the Website, as appropriate, Consumer Users may be asked to enter or provide information such as (but not limited to) name, e-mail address, mailing address, phone number, and dental photographs. Provider Users may be asked to provide information such as (but not limited to) practice profile and credit card information. Other data may be requested in order to help all Users enjoy an improved experience in using the Website or Company’s services.
3. When Information is Collected.
Information is collected from Users upon entry into forms on the Website.
4. Use of User Information.
Company may use the information collected from Users in the following ways:
• To process transactions
• To ask for ratings and reviews of services, or of other Users
• To follow-up with correspondence related to the service
5. Protection of User Information.
The Website is scanned on a regular basis for security holes and known vulnerabilities in order to make visiting and use of the Website as safe as possible. The Company uses an outsourced server back end in a complete cloud environment. Code repository is stored with an outsourced, cloud-based maintenance system.
User personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information supplied is encrypted via Secure Socket Layer (SSL) technology, which is provided to the Company by its DNS provider.
A variety of security measures are implemented when Users enter, submit, or access information in order to maintain the safety of all personal data. Passwords are encrypted using industry standard best practices. Credit card handling is completely outsourced to a vendor, and Company’s communication between its server and the vendor’s server is server-to-server. When Users submit a credit card on the Website, it is submitted over full SSL and encrypted to the server, where it is immediately sent to the credit card processing vendor, then discarded. The Company only maintains a pointer to the credit card data , not the actual credit card data itself.
Company is required to inform Users that computers can be configured to warn each time a cookie is being sent, or all cookies can be turned off. This step is done through the computer’s or device’s browser settings. Since each browser is slightly different, reference the browser's Help Menu to learn the correct way to modify cookies.
If cookies are turned off, some of the features that make a website experience more efficient may not function properly.
7. Third-Party Disclosure and Third-Party Links.
Company does not sell, trade, or otherwise transfer to outside parties any Personally Identifiable Information. Company does not include or offer third-party products or services on the Website.
Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for Users. Company has not enabled Google AdSense on the Website, but may do so in the future.
8. California Online Privacy Protection Act (“CalOPPA”).
According to CalOPPA, Company agrees to the following:
- Users can visit the Website anonymously.
- User personal information can be changed by logging in to the User account
9. ‘Do Not Track’ Signals.
Company honors Do Not Track signals and does not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place. Company also does not allow third-party behavioral tracking.
10. Children Online Privacy Protection Act (“COPPA”).
When it comes to the collection of personal information from children under the age of 13 years old, COPPA puts parents in control. The Federal Trade Commission enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.
Company does not specifically target-market to children under the age of thirteen (13) years old.
11. Fair Information Practices.
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts that they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be compliant with Fair Information Practices, Company will take the following responsive action, should a data breach occur:
- Notify the Users via in-site notification within seven (7) business days
- Agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
12. CAN SPAM Act.
The CAN SPAM Act is a law that sets the rules for commercial e-mail, establishes requirements for commercial messages, gives recipients the right to have e-mails stopped from being sent to them, and spells out penalties for violations.
Company collects your e-mail address to p rocess service orders and to send information and updates pertaining to service orders.
To be in accordance with CANSPAM, Company agrees to the following:
• Not use false or misleading subjects or e-mail addresses.
• Identify promotional messages as an advertisement in some reasonable way.
• Include the physical address of Company’s business or site headquarters.
• Monitor third-party e-mail marketing services for compliance, as applicable.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each e-mail.
If at any time Users would like to unsubscribe from receiving future e-mails, send a request to [email protected], and Users will promptly be removed from ALL correspondence.
13. Contacting the Company.
Bid Doc, Inc.
4461 Addenbrooke Loop
Castle Rock, CO 80109