Privacy Policy

Last updated: 12 February 2026

1. Introduction

This Privacy Policy explains how personal data is collected, used, stored and protected when using Sigma Aligners services and website.

Sigma Aligners products and services are provided by:

Cristaline Aligners GmbH
Hanauer Straße 1–5
75181 Pforzheim
Germany
VAT ID: DE301720631

Cristaline Aligners GmbH acts as data controller for personal data processed in connection with Sigma Aligners services.

Website: https://www.sigma-aligners.com

For privacy-related questions please contact: info@cristaline-aligners.net

2. Roles in Data Processing

Depending on circumstances:

  • Cristaline Aligners GmbH acts as Data Controller when processing data for service provision and business operations.
  • Dental clinics or doctors submitting patient data may act as independent or joint controllers.
  • Cristaline Aligners GmbH may also act as data processor when processing data strictly on behalf of clinics.

3. Categories of Users

We process data relating to:

  • website visitors,
  • dental professionals and clinics,
  • patients receiving treatment,
  • business partners,
  • communication contacts.

4. Personal Data We Process

4.1 Website Visitors

PurposeData processedLegal basis
Website operation & securityIP address, browser data, device information, usage logsLegitimate interest
Website functionalityCookies, language and session preferencesConsent / Legitimate interest

4.2 Doctors and Clinics

PurposeData processedLegal basis
Account creation & service provisionName, clinic details, contact data, billing & shipping informationContract performance
CommunicationEmails, phone, service messagesContract performance
Accounting & invoicingPayment and transaction dataLegal obligation

4.3 Patients

PurposeData processedLegal basis
Treatment planning and aligner productionName, age, gender, date of birthContract / Consent
Orthodontic analysisDental photos, scans, CT/X-ray images, treatment commentsExplicit consent (Art. 9 GDPR)

Medical data are processed only for treatment purposes.

5. Legal Grounds for Processing

We rely on:

  • performance of a contract,
  • compliance with legal obligations,
  • legitimate interests,
  • explicit consent (especially for medical data),
  • consent for marketing communication.

Consent can be withdrawn at any time.

6. Cookies and Tracking Technologies

Cookies are used to:

  • ensure website functionality,
  • store preferences,
  • analyse website traffic,
  • improve services.

Analytical or marketing cookies are activated only after user consent. Users may disable cookies via browser settings.

7. Data Sharing

Personal data may be shared with:

  • hosting and IT infrastructure providers,
  • CRM and communication platforms,
  • production and treatment planning teams,
  • payment processors,
  • accounting services,
  • customer support contractors.

All processors operate under confidentiality and data processing agreements.

We do not sell personal data.

8. International Data Transfers

Personal data may be processed outside the European Economic Area.

Transfers are protected using:

  • Standard Contractual Clauses,
  • EU-US Data Privacy Framework participation,
  • additional technical safeguards where required.

9. Data Retention

Personal data are stored only as long as necessary for:

  • service provision,
  • legal obligations,
  • business operations,
  • dispute resolution.

Normally data is stored up to three years after last interaction, unless longer retention is legally required.

Medical records may be retained longer when required by healthcare regulations.

10. Data Security

We apply technical and organisational safeguards including:

  • encryption,
  • secure hosting,
  • restricted access,
  • regular security updates,
  • confidentiality obligations for staff and contractors.

11. Your GDPR Rights

Users have the right to:

  • access personal data,
  • correct inaccurate data,
  • request deletion,
  • restrict processing,
  • object to processing,
  • request data portability,
  • withdraw consent,
  • lodge complaints with authorities.

Requests may be sent to: info@cristaline-aligners.net

12. Supervisory Authority

Users may contact their local EU data protection authority.

In Germany:

Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Husarenstraße 30
53117 Bonn
Germany

https://www.bfdi.bund.de

13. Changes to this Policy

This policy may be updated periodically. The latest version will always be available on the website.

14. Contact

For questions regarding privacy or data processing: info@cristaline-aligners.net

Cristaline Aligners GmbH
Hanauer Straße 1–5
75181 Pforzheim Germany