Confidentiality Policy for Connexy

Connexy (“Connexy”, “we”, “us”, or “our”) is committed to protecting the confidentiality, integrity, and security of information entrusted to us by dental clinics that engage our marketing, CRM, follow-up, and sales training services. This Confidentiality & Data Protection Policy explains how Connexy collects, accesses, uses, stores, transfers, and protects clinic information and, where applicable, patient or prospective patient data processed on behalf of clinics.

Connexy operates strictly as a marketing and consulting service provider. Connexy does not provide dental or medical services, does not diagnose or treat patients, and does not determine the purposes or legal basis for patient data collection.

1. Purpose

The purpose of this policy is to establish clear confidentiality, security, and data-protection standards governing:

Business, operational, and commercial information provided by dental clinics, and

Patient or prospective patient information that Connexy may access or process indirectly through CRM systems, communication tools, and operational support services.

2. Scope

This policy applies to:

All Connexy employees, contractors, consultants, and agents

Authorized third-party service providers engaged by Connexy

All systems, platforms, and tools used to deliver marketing, CRM, follow-up, analytics, and training services

3. Definitions

Clinic Data: Business, operational, financial, marketing, and contact information relating to dental clinics.

Patient Data: Any personal information relating to patients or prospective patients, including contact details, messages, call recordings, images, and medical or dental information voluntarily shared with the clinic.

Data Controller: The dental clinic that determines the purposes and means of processing patient data.

Data Processor: Connexy, acting solely on behalf of the clinic and under its instructions.

4. Collection of Clinic Information

Connexy may collect clinic information through advertising inquiries, onboarding forms, contracts, CRM configuration, training sessions, and direct communications. This may include:

Clinic identity and business registration details

Contact information of owners, managers, or authorized representatives

Marketing performance data and analytics

Operational preferences, scripts, workflows, and CRM settings

Such information is collected solely for evaluating eligibility, onboarding, service delivery, optimization, training, and support.

5. Processing of Patient and Lead Information

5.1 Nature of Processing

As part of its services, Connexy may be granted limited access to patient or lead data through CRM platforms, messaging systems, call tracking tools, appointment systems, or shared digital environments.

5.2 Purpose Limitation

Connexy processes patient data only to the extent necessary to:

Configure, manage, and support CRM and follow-up systems

Enable communications (calls, SMS, email, and similar workflows)

Provide sales training, quality assurance, and performance analysis

Troubleshoot, audit, or optimize technical and operational workflows

5.3 No Ownership or Independent Use

Connexy:

Does not own patient data

Does not independently use patient data

Does not sell, rent, or monetize patient data

Does not determine data retention periods or disclosure decisions

6. Clinic Responsibilities (Data Controller Obligations)

Clinics acknowledge and agree that they are solely responsible for:

Obtaining valid patient consent

Providing legally required privacy notices

Complying with applicable healthcare and privacy laws (including HIPAA or equivalent regulations)

Determining lawful purposes, retention periods, and disclosures

Ensuring that sharing access with Connexy is legally permitted

Clinics represent that they have the authority to grant Connexy access to patient data for service-delivery purposes.

7. Confidentiality Obligations

All Connexy personnel and authorized service providers are bound by strict confidentiality obligations. Access to clinic or patient data is limited to individuals who require such access for legitimate business purposes.

Confidential information shall not be disclosed, copied, or used except as permitted under this policy or as required by law.

8. Security Measures

Connexy implements reasonable administrative, technical, and organizational safeguards designed to protect clinic and patient data against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include:

Role-based access controls

Encryption in transit and at rest where applicable

Secure authentication and access logging

Internal security policies and procedures

Vendor due diligence and contractual safeguards

No system is completely secure; however, Connexy applies industry-reasonable standards appropriate to the nature of the data processed.

9. Third-Party Service Providers

Connexy may use third-party platforms and vendors (e.g., CRM software, messaging providers, analytics tools, hosting services) to deliver its services.

All such providers are contractually required to:

Maintain confidentiality

Implement appropriate security measures

Process data only for authorized purposes

10. Cross-Border Data Processing

Due to the international nature of Connexy’s operations, clinic and patient data may be accessed, processed, or stored in multiple jurisdictions.

By engaging Connexy, clinics acknowledge and consent to cross-border data processing, subject to applicable data-protection laws.

11. Data Retention

Connexy retains clinic and patient data only for as long as necessary to provide services, comply with legal obligations, resolve disputes, or enforce agreements, unless otherwise instructed by the clinic.

Upon termination of services, Connexy will take reasonable steps to restrict access or delete data in accordance with contractual obligations and system limitations.

12. Incident Response

In the event of a suspected or confirmed data security incident involving clinic or patient data, Connexy will:

Promptly investigate the incident

Take reasonable steps to mitigate potential harm

Notify the affected clinic where appropriate

Connexy does not assume liability for incidents resulting from clinic instructions, third-party platforms, or circumstances beyond its reasonable control.

13. Compliance

Connexy complies with applicable privacy and data-protection laws governing business and personal information. This policy is intended to support compliance but does not constitute legal advice.

14. Limitation of Responsibility

Connexy is not responsible for:

Clinical decisions or patient outcomes

The legality of patient data collection by clinics

Patient consent failures

Healthcare regulatory compliance

Connexy acts solely as a service provider under clinic instruction.

15. Updates and Modifications

This policy may be updated periodically to reflect changes in law, technology, or business practices. Continued use of Connexy’s services constitutes acceptance of the updated policy.

16. Contact Information

For questions regarding this Confidentiality & Data Protection Policy, please contact:

Email: [email protected]

Conclusion

Connexy is committed to safeguarding the confidentiality of clinic and patient information processed in connection with its services. We act solely as a data processor and service provider, applying reasonable safeguards and professional standards to protect information entrusted to us.

Connexy is an independent marketing agency and is not affiliated with, endorsed by, or representing Facebook, Meta Platforms, Inc., or any advertising platform. All trademarks are the property of their respective owners and are referenced for descriptive purposes only.

Date of last update: January 2026