Privacy Policy

Introduction

Your privacy is very important to us. At Crown Control, we treat privacy and data protection as our highest business priority. This policy is intended to help you understand:

• What Crown Control does.

• What information we collect about you.

• How we use information we collect.

• How we share information we collect.

• How we store and secure personal information we collect.

• Legal bases for processing (for EEA users).

• International data transfers.

• Your data protection rights.

 

This Privacy Policy explains how we collect personal information through our website at [www.crowncontrol.com.au] and our AI services platform and related services (“Services”).

We adhere to the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). Our services and data practices also consider relevant international frameworks (e.g., the EU General Data Protection Regulation (GDPR) and HIPAA for certain services) as applicable.

If you have any questions about this Privacy Policy or our practices, please contact us at info@crowncontrol.com.au.

What Crown Control Does

Crown Control is an Australian-based company that provides artificial intelligence (AI) services for dental practices. Our mission is to streamline front-desk operations, reduce administrative workload, and enhance patient experience through advanced AI-driven solutions.

• Headquarters: Australia

• Server Location: Primarily Perth, Australia

• Team: Entirely based in Australia

Our voice technology is HIPAA-compliant, reflecting our commitment to safeguarding personal and sensitive health information in alignment with relevant healthcare data protection standards.

​

Scope of This Policy

 

This Privacy Policy applies to:

• Visitors to our website at www.crowncontrol.com.au

• Users of our AI services platform and related services (“Services”)

• Individuals who interact with us in connection with our business, including dental practices and their patients

By accessing or using our Services or any other aspect of our business, you consent to the collection, use, disclosure, and storage of your personal information as described in this policy. If you do not agree with these practices, please do not use our Services.

Information We Collect

We collect various categories of personal information necessary to operate effectively and provide you with our Services:

From Dental Practices (Clients)

• Business Details: Practice name, Australian Business Number (ABN), address

• Contact Information: Email, phone number, and other relevant details

• Payment Details: Credit card or bank account information for billing

• Integration Credentials: Logins or API keys for connecting to dental practice management software

From Patients and Other Individuals

• Contact Details: Name, phone number, email

• Appointment Information: Treatment details, preferred scheduling times

• Health-Related Information: Symptoms or other data disclosed during scheduling

• Communication Logs: Call transcripts, SMS/email logs, other interactions related to appointments

From Website Visitors

• Technical Data: IP address, browser type, device information

• Cookies: To analyze website usage and improve user experience

Sensitive Information
We may process sensitive health data (e.g., medical or treatment history) as authorized by our clients. We handle such information with heightened security and confidentiality.

How We Use Your Information

We use the information we collect primarily to:

• Deliver Our Services

• Automate appointment scheduling, reminders, and patient communications

• Provide customer support and important administrative notices (e.g., security alerts)

• Enhance and Develop Our Services

• Analyze trends and usage patterns to improve our AI functionalities

• Test and refine new features before broader implementation

• Maintain Safety and Security

• Detect, investigate, and prevent fraudulent or malicious activity

• Monitor for and address violations of our terms or policies

• Comply with Legal Obligations and Protect Interests

• Satisfy reporting requirements to government agencies or regulators (e.g., Australian Taxation Office [ATO], Office of the Australian Information Commissioner [OAIC])

• Defend against legal claims, enforce agreements, or facilitate business transactions (e.g., mergers or acquisitions)

How We Store and Secure Information

Data Storage Location

Our primary servers are located in Perth, Australia. We aim to store and process personal data in Australia whenever feasible. However, as noted below in Section 8 (“International Data Transfers”), there may be occasions where data is transferred or accessed outside Australia.

Retention:

• We retain personal information only as long as necessary to fulfill the purposes outlined in this policy or as required by law.

• For data processed on behalf of clients, retention follows their instructions and service agreements.

Security Measures:

• Encryption: AES-256 for stored data; TLS 1.2/1.3 for data in transit.

• Access Controls: Role-based permissions and multi-factor authentication (MFA).

• Audits: Regular security assessments to maintain ISO 27001 compliance.

• Data Minimization: We collect only what is necessary for service delivery.

Deletion:

• When retention is no longer required, we delete or de-identify your information.

• If deletion is not possible (e.g., backup archives), data is securely isolated.

Sharing Your Information

We may share personal information with:

• Service Providers: SMS/email delivery platforms, cloud hosting providers (e.g., AWS).

• Dental Software Companies: For integrations (e.g., Dentally, Dental 4 windows, Cliniko).

• Regulatory Authorities: When legally required (e.g., ATO, OAIC).

All third parties must comply with strict data protection agreements.

International Data Transfers

While our primary operations and servers are in Perth, Australia, there may be instances where personal information is transferred to or accessed by parties located in other countries. For example, certain international service providers, or redundancy backups, may require data transfers outside Australia.

• Adequacy and Safeguards: Where required, we will ensure these international data transfers comply with local and international privacy laws. This may include GDPR Standard Contractual Clauses or equivalent mechanisms.

• HIPAA-Compliant Services: If the data involves Protected Health Information (PHI) under HIPAA, we require our third-party providers to be HIPAA compliant or sign Business Associate Agreements (BAAs) where relevant.

Your Data Protection Rights

You may have certain rights under the Australian Privacy Principles, GDPR (if you are in the EEA), or other applicable laws, including:

• Access: Request a copy of your personal information.

• Correction: Correct incomplete or inaccurate personal information.

• Deletion: Request deletion of personal data (subject to legal or contractual constraints).

• Objection and Restriction: Object to or restrict certain processing activities.

• Data Portability: Receive your personal information in a structured, machine-readable format if applicable.

• Opt-Out of Marketing: You can unsubscribe from marketing emails or SMS at any time.

To exercise any of these rights, or if you have questions about your rights, please contact us at info@crowncontrol.com.au.

Complaints and Dispute Resolution

If you have concerns about how we collect or use your personal data, or if you believe we have breached the Australian Privacy Principles or any relevant privacy laws, please contact us immediately:

• Email: info@crowncontrol.com.au

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. If you are not satisfied with our response, you can escalate the complaint to the Office of the Australian Information Commissioner (OAIC) at 1300 363 992 or visit www.oaic.gov.au.

Updates

We may update this policy to reflect changes in our practices or legal requirements. The latest version will be posted at [www.crowncontrol.com.au/privacy].