Privacy policy

1. Who is the data controller

The controller for personal data collected through this site and the Dently platform is:

• Carlos Frederick Díaz Sánchez (individual — self-employed), operating under the trade name Dently.
• Tax ID (NIF): 02336521C.
• General contact: support@dently.es.
• Privacy and exercise of rights: privacy@dently.es.

Hereinafter, "Dently", "we". You can also review ourLegal notice.

2. What data we process

Dently processes two distinct types of data:

2.1 Data of professionals and clinics that hire Dently

• Identification data: first name, last name, email, phone.
• Professional data: clinic name, role, specialty.
• Billing data when applicable.
• Platform usage data (logs, IP address, browser).

2.2 Patient data managed by clinics

When a clinic uses Dently, it stores and manages patient data (identification, contact, appointments, clinical notes, etc.). For this processing Dently acts as adata processor; the controller is always the contracting clinic. The relationship is governed by the data processing agreement signed when the service is contracted.

Clinical notes and any other information about the patient's health are aspecial category of personal data under article 9 of the GDPR. The clinic, as data controller, is responsible for obtaining the patient's explicit consent or applying the corresponding legal basis under article 9.2 (for example, provision of healthcare) and for maintaining its own privacy notice to the patient. Dently, as data processor, applies enhanced security measures (encryption in transit and at rest, role-based access control, backups and access logging) and processes this data only following the clinic's instructions.

3. What we use the data for

• To provide the contracted appointment, patient and doctor management service.
• To respond to demo requests, queries and technical support.
• To send operational communications about your account.
• To comply with legal obligations (tax, accounting, etc.).
• To improve the product based on aggregated and anonymized information.
• To measure the effectiveness of our advertising campaigns (e.g. which ad led to a demo request or sign-up), only if you accept marketing cookies.
• To analyze, in aggregate, how the website is used so we can improve it (Google Analytics), only if you accept analytics cookies.

4. Legal basis

The processing described is based on contract performance (when you are already a customer or have requested information), consent (when you voluntarily fill out a form) and compliance with legal obligations. For patient data, the legal basis lies with the clinic acting as data controller.

The use of cookies and advertising measurement technologies (Google Ads) and analytics (Google Analytics) is based solely on your consent, which you can grant or withdraw at any time from the "Cookie settings" link in the footer. If you do not grant it, these technologies store no identifiers on your device.

5. Who we share your data with

We only share personal data with vendors we need to operate the service, always under contract and with adequate security guarantees:

• Hetzner Online GmbH — server and database hosting.
• Cloudflare, Inc. — backup storage (R2), content delivery network and security services.
• Resend, Inc. — transactional email delivery.
• Stripe Payments Europe, Ltd. — subscription payment processing, when applicable.
• Google Ireland Limited — advertising conversion measurement (Google Ads) and website usage analytics (Google Analytics), only per the cookies you accept (marketing and/or analytics).

Every vendor is bound by a data processing contract with adequate security measures. The list is kept up to date and can be checked at any time. We do not sell or share personal data with third parties for commercial purposes.

6. International transfers

Some of our vendors may process data outside the European Economic Area. When this happens, we require adequate guarantees through standard contractual clauses approved by the European Commission or other GDPR-compliant mechanisms. In particular, Googlemay process data in the United States; that transfer relies on standard contractual clauses and on its certification under the EU-U.S. Data Privacy Framework. You can review how Google processes data in itsprivacy policy.

7. How long we keep your data

We keep data while you have an active account or there is an ongoing contractual relationship. Retention periods by category:

• Account and operational data: while your account is active. After cancellation, it is anonymized or deleted within a maximum of 30 days.
• Billing and accounting data: 6 years from issuance, per applicable tax and accounting regulations.
• Patient clinical records: retention is determined by the clinic as data controller under the healthcare regulations applicable in its country (in Spain, between 5 and 15 years from the last care visit depending on regional law). Dently keeps the data for the entire period as instructed by the clinic.
• Data for the defense of legal claims: during the limitation periods of any applicable legal actions.

8. Your rights

You can exercise your rights of access, rectification, deletion, opposition, restriction and portability anytime by writing toprivacy@dently.es. You can also file a complaint with the Spanish Data Protection Agency (www.aepd.es) or with your local supervisory authority in the EU/EEA, if you believe your rights have not been properly addressed.

9. Changes to this policy

We may update this policy when features, vendors or legal requirements change. The last update date appears at the top of the document. For significant changes we will notify you by email or from within the platform itself.