Last updated: July 2026
We explain transparently how personal data is processed when you visit our website and when you use the DentaTool platform.
Thank you for your interest in DentaTool. Protecting personal data is important to us. In this privacy policy, we explain how personal data is processed when you visit our website and when you use the DentaTool platform.
DentaTool is a cloud-based software solution for dental laboratories. Depending on how it is used, sensitive data may also be processed, in particular patient, order, billing, and health data. For this reason, we place particular emphasis on data protection, information security, transparency, and a clear allocation of roles under the General Data Protection Regulation (GDPR).
The controller responsible for data processing within the meaning of the GDPR is:
DentaTool GmbH & Co. KG
Jülicher Straße 6
13357 Berlin
Germany
Represented by:
DentaTool Verwaltungs-GmbH, represented by managing director Florian Görsdorf
Email:
florian.goersdorf@dentatool.de
Website:
www.dentatool.de
For questions about data protection, you can contact us at any time using the following email address:
florian.goersdorf@dentatool.de
A data protection officer has not currently been appointed.
We process personal data only where there is a legal basis for doing so. This may be the case in particular where processing
The relevant legal bases arise in particular from Art. 6 para. 1 GDPR. Where special categories of personal data, especially health data, are processed, this is done only if there is an additional legal basis under Art. 9 GDPR or if the processing takes place as commissioned processing on behalf of our customers.
When visitors use our public website, we process personal data. This concerns in particular technical data, communication data, and usage data.
The public website is used to provide information about DentaTool, enable contact with us, and present our services.
Our website is operated on servers provided by a professional hosting provider.
When our website is accessed, technically necessary information is processed. This may include in particular:
This data is processed to technically provide the website, ensure the stability and security of the systems, analyze errors, and prevent misuse.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure and reliable operation of our website.
If you contact us by email, contact form, or another channel, we process the data you provide in order to handle your inquiry.
This may include in particular:
Processing takes place to handle your inquiry, communicate with you, and, where applicable, take pre-contractual steps.
The legal basis is Art. 6 para. 1 lit. b GDPR where the inquiry relates to a contract or pre-contractual measures. Otherwise, processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the proper handling of inquiries.
On our public website, we use the self-hosted web analytics software Umami to statistically evaluate the use of our website and improve our information offering.
Umami is operated by us and embedded through our own subdomain analytics.dentatool.de. Analytics data is not shared with an external analytics provider.
We operate Umami without tracking cookies. No third-party cookies are set.
The analysis helps us better understand page views, frequently visited content, technical usage information, and general use of our website. The analysis is not used to create personal user profiles, for advertising purposes, or to train our own AI models.
Umami is used exclusively on our public website and is not used to analyze laboratory, patient, or order data within the DentaTool platform.
The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in privacy-friendly analysis and improvement of our public website.
Our public website may include videos provided through YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The embedding is intended to present our software, product features, and content in a clear and understandable way. We therefore use YouTube in the interest of a user-friendly and illustrative presentation of our online offering.
We embed YouTube videos through a special domain in the so-called "enhanced privacy mode". This can be identified in particular by the youtube-nocookie element in the domain.
According to YouTube, no cookies relating to user activity are set in enhanced privacy mode in order to personalize video playback. Nevertheless, when a YouTube video is embedded or played, personal data may be transmitted to Google and processed there. This may include, in particular, IP address, device and browser information, technical metadata, and information about interaction with the video. For example, this may include whether a video was played or where playback should continue.
Processing is based on Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the user-friendly and illustrative presentation of our software, product features, and content.
Further information on Google's processing of personal data can be found in Google's privacy policy: https://policies.google.com/privacy
Further information about YouTube is available at: https://www.youtube.com
Where personal data is transferred to Google companies in third countries, especially the United States, Google states that this is done on the basis of the EU-U.S. Data Privacy Framework, provided the respective Google companies are certified accordingly.
The DentaTool platform enables dental laboratories to organize, process, and document dental technology workflows.
Depending on use, the following data in particular may be processed within the platform:
When data is processed within a customer tenant, the respective dental laboratory is generally the controller within the meaning of the GDPR.
DentaTool processes this data on behalf of the respective customer as a processor pursuant to Art. 28 GDPR. The basis for this is a data processing agreement.
This means in particular:
Where DentaTool processes personal data for its own purposes, for example for contract management, billing, customer communication, security, or management of its own business relationships, DentaTool acts as the controller.
During registration and use of the DentaTool platform, we process data required to create and manage the customer account.
This may include in particular:
Processing takes place to create, manage, and provide the DentaTool platform and to perform the contractual relationship.
The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as processing is necessary for performance of the contract. Where processing serves the security and administration of the platform, it is additionally based on Art. 6 para. 1 lit. f GDPR.
Within the DentaTool platform, customers may process data relating to laboratory orders, patients, dental technology work, billing, cost estimates, materials, batches, and MDR documentation.
This may also include health data within the meaning of Art. 9 GDPR.
DentaTool generally does not process this data as its own controller, but as a processor for the respective dental laboratory. Responsibility for the lawfulness of entering, processing, and using this data within the customer tenant lies with the respective customer.
DentaTool processes this data exclusively to provide the contractually agreed platform functions, ensure operations, troubleshoot errors, maintain IT security, and provide the contractually agreed services.
Customers can upload, store, manage, and exchange files and documents within the DentaTool platform.
These may include in particular:
This data may contain personal data, patient data, or health data. Processing takes place within the respective customer tenant and generally on behalf of the respective customer.
DentaTool may provide functions for communication, notifications, and collaboration. These may include email notifications, system messages, status updates, customer portal functions, or messages relating to laboratory orders.
Personal data required for the respective communication may be processed. This includes in particular recipients, senders, content, subject lines, times, technical sending information, and delivery information.
Specialized service providers may be used to send transactional emails.
If customers request support, DentaTool may need to access data in the respective customer tenant in order to handle an inquiry, analyze an error, or provide contractual services.
Support access takes place only to the extent necessary for the respective purpose. It is carried out by authorized persons and generally on a tenant-specific basis.
DentaTool does not use support access to evaluate customer, patient, or order data for its own purposes.
To protect the availability and integrity of customer data, DentaTool regularly creates backups.
Backups are used to restore the platform after technical disruptions, security incidents, or other exceptional events.
Backups are created regularly according to a defined backup strategy, and their restorability is checked to an appropriate extent.
Defined retention and overwrite periods apply to backups in accordance with our deletion and retention concept.
Backups are not intended as an archive system and are generally not intended to restore individual data records accidentally deleted by customers.
DentaTool may evaluate anonymized or aggregated usage data in order to improve the platform, identify errors, prioritize functions, optimize usability, increase technical stability, and plan capacity.
No personal user profiles are created. The analysis is not carried out for advertising purposes, to evaluate individual persons, to share data with third parties, or to train our own AI models.
Where data is anonymized, this is done in such a way that a personal reference can no longer be established. Where data is aggregated, analysis is performed only at a summarized level.
DentaTool currently does not provide productive AI features within the platform.
If DentaTool offers AI-supported features in the future, they will be intended to support organizational, administrative, or professional workflows. AI results do not replace professional, legal, billing-related, medical device regulatory, or other review by the customer.
Customer data is not used to train our own AI models.
If external service providers are used for future AI features or personal data is processed, DentaTool will provide the relevant information transparently and, where necessary, establish contractual and data protection bases.
We use service providers to provide our website, the DentaTool platform, and our business processes.
These may include service providers in the following areas:
Where service providers process personal data on our behalf, we conclude data processing agreements with them.
We provide an overview of subprocessors in our documentation.
Personal data is generally processed within the European Union or the European Economic Area where this is possible for the services used by DentaTool.
Where personal data is transferred to third countries outside the European Union or the European Economic Area, this occurs only if the requirements of Art. 44 et seq. GDPR are met. This may include in particular an adequacy decision by the European Commission or appropriate safeguards such as standard contractual clauses.
When YouTube is embedded, personal data may be transferred to Google and Google-affiliated companies, including in third countries.
We store personal data only for as long as is necessary for the respective purposes or as long as legal retention obligations exist.
Data from inquiries is deleted once the inquiry has been finally processed and no legal retention obligations prevent deletion.
Contract and billing data is stored in accordance with legal retention obligations.
Customer data within the DentaTool platform is deleted or returned after termination of the contractual relationship in accordance with the contract, the data processing agreement, and our deletion and retention concept.
Backups are deleted or overwritten after defined retention and overwrite periods.
DentaTool uses technical and organizational measures to protect personal data against loss, misuse, unauthorized access, alteration, or disclosure.
These include in particular:
Further information is available in our Security & Trust Center and in our technical and organizational measures.
Data subjects have, in accordance with the GDPR, in particular the following rights:
Where we process personal data as a processor for a customer, the respective customer is generally responsible for handling data subject rights. We support our customers within the scope of legal and contractual requirements.
Where processing is based on consent, that consent may be withdrawn at any time with effect for the future.
The lawfulness of processing carried out before withdrawal remains unaffected.
Where personal data is processed on the basis of Art. 6 para. 1 lit. f GDPR, data subjects have the right to object to such processing at any time on grounds relating to their particular situation.
We will then no longer process the personal data unless there are compelling legitimate grounds for the processing or the processing serves to establish, exercise, or defend legal claims.
Data subjects have the right to lodge a complaint with a data protection supervisory authority if they believe that the processing of their personal data violates data protection law.
The competent authority may in particular be the supervisory authority at the data subject's place of residence, the controller's registered office, or the place of the alleged infringement.
We may update this privacy policy if our website, platform, processes, service providers, or legal requirements change.
The current version is available on our website.
More information
There we explain in clear language how DentaTool handles privacy, information security, and the responsible use of AI.