Privacy Policy

PRIVACY AND DATA PROTECTION POLICY

Last Updated: May 2026

1. CORPORATE COMMITMENT TO PRIVACY

SmileKit Lab (“the Brand”, “we”, “us”, or “our”) is committed to protecting the privacy and security of our customers' personal data. This Privacy Policy outlines our practices regarding the collection, use, and disclosure of information through our proprietary cloud-based infrastructure. We operate in strict accordance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

2. DATA CONTROLLER AND ARCHITECTURE

For the purposes of applicable data protection laws, SmileKit Lab acts as the Data Controller. Our digital ecosystem is designed to minimize data exposure. Unlike standard retail models, we utilize decentralized data processing to ensure that sensitive customer information remains encrypted and isolated from public-facing directories.

3. LEGAL BASIS FOR PROCESSING

We process personal data under the following legal frameworks:

  • Contractual Necessity: Processing is required to fulfill your orders for the SMILEKIT™ Teeth Whitening system.

  • Legal Compliance: To satisfy UK tax, accounting, and consumer regulatory requirements.

  • Legitimate Interests: To maintain network security, prevent fraudulent transactions, and optimize our professional service delivery.

4. TAXONOMY OF DATA COLLECTED

To provide our premium dental aesthetics services, we collect the following categories of information:

  • Identity Data: Full name and professional title.

  • Contact Data: Delivery address, electronic mail, and contact telephone number.

  • Technical Telemetry: IP addresses, browser types, and device identifiers used to interact with our secure interface.

  • Transaction Data: Encrypted records of products purchased and interaction history with our brand.

Note on Financial Data: We do not store raw credit or debit card information. All payments are processed via PCI-DSS Level 1 compliant gateways using end-to-end tokenization.

5. ADVANCED DATA SECURITY

We employ AES-256 bit encryption for all data at rest and TLS 1.2/1.3 protocols for data in transit. Our infrastructure is protected by advanced firewalls and intrusion detection systems to prevent unauthorized access, ensuring that your private information is never compromised.

6. DISCLOSURE TO THIRD-PARTY PROCESSORS

SmileKit Lab does not sell, rent, or trade your personal data to third-party marketing brokers. Data is shared strictly with essential service partners under non-disclosure agreements:

  • Logistics Partners: Professional courier services within the United Kingdom for tracked order fulfillment.

  • Operational Infrastructure: Secure cloud hosting and encrypted communication tools.

  • Regulatory Authorities: Only when mandated by UK law or to protect our legal rights.

7. INTERNATIONAL DATA TRANSFERS

Where data is transferred outside the UK/EEA for processing (e.g., global logistics routing), we ensure "Adequacy Decisions" are in place or utilize Standard Contractual Clauses (SCCs) to guarantee a level of protection equivalent to UK standards.

8. YOUR STATUTORY RIGHTS

Under the UK GDPR, you possess the following rights regarding your personal information:

  • Right of Access: To request a copy of the data we hold.

  • Right to Erasure: The "Right to be Forgotten" from our active databases.

  • Right to Restriction: To limit how we process specific data subsets.

  • Right to Portability: To receive your data in a structured, machine-readable format.

9. CONTACT AND COMPLIANCE OFFICER

For any inquiries regarding this policy or to exercise your data rights, please contact our Compliance Department. To maintain security and privacy, physical address details for returns are provided exclusively through our RMA (Return Merchandise Authorization) process.