3D Jaw Scan Data Protection & Consent

1. Information About 3D Jaw Scans and Data Protection

To manufacture your custom-made mouthguard, we require a precise 3D scan (digital impression) of your upper and lower jaw. This scan contains unique information regarding the shape and position of your teeth and jaw, making it personal data.

Because this information relates to your physical characteristics and dental situation, it is classified as sensitive biometric and health-related data. Consequently, it is subject to strict protection under data protection laws, including the EU General Data Protection Regulation (GDPR) and the Swiss Federal Act on Data Protection (nDSG).

2. Data Controller

The data controller responsible for processing your personal data in connection with our mouthguards is: PMG Performance Mouthguards SA, EPFL Innovation Park, Bâtiment C, 1015 Lausanne, Switzerland 

Privacy Contact Email: info@pmg-mouthguard.com.

3. Data We Process

When you place an order, we process the following data:

  • Identification and Contact Details: Name, address, email, and phone number.
  • Order and Payment Information: Products ordered, order history, and payment status.
  • 3D Scans/Digital Impressions: 3D scans of your upper and lower jaw, along with technical metadata required for production.
  • Optional Information: Any additional details you provide (e.g., sport type, fit preferences, notes for the technician).

4. Purpose of Processing

We use your personal data exclusively for the following purposes:

  • Planning, manufacturing, adjusting, and delivering your custom-made mouthguard.
  • Managing orders, payments, delivery, and customer service.
  • (Optional) Storing your 3D scan to enable faster re-ordering or production of replacement mouthguards (only if you explicitly consent).
  • Fulfilling legal obligations (e.g., accounting, product traceability, statutory retention periods).

Important: We do not use your 3D scans for:

  • Diagnostic, analytical, or medical treatment purposes.
  • Marketing, profiling, or training of artificial intelligence algorithms without your separate, explicit written consent.

5. Legal Basis for Processing

  • Ordinary Personal Data: We process contact and order details because this is necessary to perform the sales contract and take steps at your request before entering into that contract.
  • 3D Jaw Scans (Sensitive Data): These are processed only on the basis of your explicit consent for specific purposes: to design, manufacture, adjust, and deliver your mouthguard, and (where agreed) to store the scan for future orders.

Your Right to Withdraw Consent: You may withdraw your consent at any time with effect for the future by contacting us at the address above. This does not affect the lawfulness of processing based on consent before its withdrawal. However, withdrawal may mean we can no longer provide or reproduce certain products or services for you (e.g., manufacturing a replacement without the scan).

6. Data Recipients

To provide our services, we may share your personal data with the following categories of recipients, strictly on a need-to-know basis:

  • Internal production, logistics, and customer service teams.
  • Selected dental clinics or scanning partners who perform the 3D scan for you (where required).
  • Trusted IT and hosting providers who store and process data on our behalf under appropriate data protection agreements.
  • Payment service providers and logistics partners (e.g., parcel delivery companies).
  • Professional advisers (e.g., accountants, lawyers) where necessary for legitimate business and legal obligations.

We do not sell your personal data to third parties.

7. Data Location and Transfers

Your data are generally processed in Switzerland and/or the European Economic Area (EEA). If we transfer personal data to a country outside Switzerland or the EEA that does not provide an adequate level of data protection, we ensure appropriate safeguards are in place (e.g., EU Standard Contractual Clauses or equivalent instruments).

8. Data Retention Period

We retain your personal data only as long as necessary for the purposes described above or as required by law.

  • Order and Invoice Data: Stored for the period required by commercial and tax laws (typically 5–10 years).
  • 3D Jaw Scans: Stored for a maximum of [Insert Number, e.g., 1] year after your last order, unless you withdraw your consent earlier or request deletion. We will securely delete the scan unless legally obliged to retain it longer.
  • After the retention period expires, data will be securely deleted or irreversibly anonymized.

9. Security Measures

We use appropriate technical and organizational security measures to protect your personal data, including 3D scans, against unauthorized access, loss, misuse, or alteration. These measures include:

  • Encryption of data during transmission and, where appropriate, during storage.
  • Role-based access controls and logging of access to scan data.
  • Secure storage environments with regular backups.
  • Staff confidentiality obligations and training on data protection.

10. Your Rights

In accordance with applicable data protection law, you have the following rights regarding your personal data:

  • Right of Access: Obtain a copy of your personal data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion (“right to be forgotten”) where legal conditions are met.
  • Right to Restriction: Limit the processing of your data.
  • Right to Data Portability: Receive your data in a structured, commonly used format.
  • Right to Object: Object to certain processing activities.
  • Right to Withdraw Consent: At any time with effect for the future.

To exercise these rights, please contact us at the email or postal address indicated above. You also have the right to lodge a complaint with the competent data protection authority in your country.