Privacy Policy
Section 1: Overview
LutraCAD B.V. provides various solutions, including O&P, 3D imaging, 2D imaging, and other processing services tailored for healthcare needs (hereinafter collectively referred to as the 'Products and Services'). By purchasing, downloading, and/or using the LutraCAD 3D Scanner app, among other Products and Services, you acknowledge and agree to the terms outlined in this Privacy Policy.
The protection of your personal data is of utmost importance to us. We adhere to rigorous industry standards and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR) as applicable, ensuring the proper treatment of personal data. This Privacy Policy details how we collect, use, retain, disclose, and safeguard your information. It also explains your rights concerning your personal data, including the right to access, correct, and request the deletion of your data, and how you can exercise these rights.
Section 2: 3D Scanning with TrueDepth camera Sensor
What information does the application (or app) collect using the TrueDepth API?
During capturing, the app collects the front-facing TrueDepth camera’s depth and RGB information of each frame using TrueDepth API. The app also collects the metadata of the TrueDepth camera including TrueDepth camera’s intrinsic matrix and distortion map.
For what purposes does the app collect this information?
The application uses this information altogether to perform the depth fusion process and generate the colored 3D mesh of the scanning object. The user can view and share the generated 3D mesh file as one wishes.
Will the data be shared with any third parties?
The data is only used for generating the final 3D mesh and the app does not send it to any third parties.
Where will this information be stored?
During the depth fusion process, the app stores the collected data (depth, RGB images, camera metadata) in the documents folder of the app. Users can delete the data via the app. It will also be removed automatically when the user uninstalls the app. The user has the option to store the data. The app may offer the option to upload the data to a server where the user has full control of deleting or sharing.
Section 3: Personal Data
Personal data refers to any information relating to an identified or identifiable natural person ('data subject'). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. Personal data does not include data that has been irreversibly anonymized or aggregated in such a way that it can no longer enable identification, either by itself or in combination with other information available to us.
Section 4: Application of this Policy
This Privacy Policy applies exclusively to all products and services related to our iOS scanning solution that we offer. It does not extend to any products or services provided by third parties, even if such third parties embed or utilize our products and services, or access and use your personal information. We strongly recommend that you review the privacy policies of any third parties who may handle your personal data to ensure you are informed about how they protect your privacy. Please be aware that we are not responsible for the data collection, processing, or security practices of any third-party providers, nor the protection and handling of your personal information by them.
Section 5: Collection and Use of Personal and Other Data
We may occasionally collect personal data through our Products and Services when you voluntarily provide it by interacting with our products, or through registration for a LutraCAD account. We commit to collecting only the personal information necessary to deliver our Products and Services to you. Additionally, we may gather data to support future research and development. This data may be shared with third parties for similar purposes but will be anonymized both at the point of collection and when shared to ensure your privacy.
During registration for a LutraCAD account, we may collect essential personal data including, but not limited to, your name, company name, geographical location, email address, and telephone number. As you use our Products and Services, we may also maintain records of your activities and data generated from your use. All personal and other data collected will be handled in accordance with the provisions outlined in our 'Sharing and Disclosure of Personal Data' section below.
By providing us with personal or other data, you consent to our use of such data as detailed in this Privacy Policy. We take no responsibility for any failure on your part to adequately anonymize any data you provide. Additionally, if you supply us with personal or other information from third parties, it is your responsibility to obtain all necessary consents from these parties before sharing their data with us. We explicitly disclaim liability for any claims by data subjects arising from any actions or omissions by us that result from your failure to secure such necessary consents as required by law.
Our processing of personal data is based on legitimate interests to provide and enhance our Products and Services, comply with legal obligations, and ensure the security of our offerings. You have the right to access, correct, delete, or restrict the processing of your personal data under GDPR. Further details about how to exercise these rights are available in our complete privacy policy.
Section 6: Face Data Collection, Use, Disclosure and Sharing, and Retention
Our software application is primarily designed for non-facial 3D scanning purposes. However, it possesses the capability to capture facial data, which we classify as sensitive. We strongly advise against using this scanning app for capturing face data. In instances where facial data is inadvertently captured and stored on our cloud server, we commit to strict non-use, non-disclosure, and non-sharing of this data with any third parties.
The facial data stored will be retained on our servers for no longer than one year. We reserve the right to delete such data earlier if deemed necessary. Our handling of facial data is governed by stringent data protection and privacy measures to ensure the security and confidentiality of all data processed through our services.
Section 7: Sharing and Disclosure of your Personal Data
Any sharing or disclosure of your personal or other data will strictly adhere to applicable data protection laws and regulations. We may disclose personal or other data collected about you to trusted third-party service providers as necessary for them to perform services on our behalf that are essential for the provision of our Products and Services, in compliance with relevant state and federal laws.
Furthermore, your personal or other data may be disclosed to law enforcement, government officials, or other third parties if required by law or if we believe in good faith that such disclosure is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of our Terms of Use. Additionally, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar event, certain information in our possession may be transferred to our successors or assigns. From the time of such transfer, we will not have control over the protection of your data and disclaim all liability in this regard. We do not sell or rent personal data to marketers or third parties. If personal data is inadvertently disclosed despite our security precautions, we will endeavor to limit and remedy the disclosure as permitted by law, though we disclaim all liability for any unintentional disclosure.
Retention of your Personal Data
We retain personal data only for as long as necessary for the specific purposes for which it was collected. We adhere to prudent data management practices to ensure that data is not retained indefinitely and that disposal occurs in a secure manner. While we implement stringent measures to protect your personal data, we disclaim all liability for the actions of third parties with whom we may share your data, after such data has been transferred.
Section 8: Protection of Personal Data
We implement rigorous administrative, technical, and physical security measures to protect the information stored on our servers from unauthorized access, alteration, disclosure, or destruction. Our security practices include, but are not limited to, the use of encryption, firewalls, and physical access controls to our data centers. Access to personal data is strictly limited to employees who require it to perform their job functions. These employees are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations. Our security protocols are regularly reviewed and updated to comply with industry standards and regulations, including the GDPR.
Section 9: Children's Information
Our Products and Services are designed for a general audience and are not intended for children under the age of 13. In compliance with the Children’s Online Privacy Protection Act (COPPA) and relevant GDPR provisions, we do not knowingly collect, use, or disclose information from children under the age of 13. If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will take steps to remove that information from our servers immediately.
If you believe that a child under the age of 13 has provided personal information to us, please contact us immediately using the contact details provided below, and we will take appropriate measures to investigate and address the issue promptly.
Section 10: Cross-Border Transfer of Data
If you are a resident of the European Union, please be aware that your personal data will be processed in accordance with the General Data Protection Regulation (GDPR). The laws governing data collection and use in the EU may offer higher levels of protection than those in other countries, including the United States. We transfer personal information to the United States for processing based on standard contractual clauses approved by the European Commission, which are designed to ensure that your personal data receives an adequate level of protection consistent with EU law. Your consent to this transfer is obtained prior to processing, and you have the right to withdraw your consent at any time.
Section 11: Changes to this Policy
We reserve the right to amend this Privacy Policy at any time and for any reason. We will provide notice of significant changes to our Privacy Policy through direct communication where practicable, or by posting an updated version on our website. It is important that you review the revised Privacy Policy before you continue to use our Products and Services to ensure you are aware of any changes. Changes will take effect immediately upon their posting on the website unless otherwise specified. If changes are made, we will also update the 'Last updated' date at the top of this Privacy Policy.
Section 12: Data Subject Rights
Under the General Data Protection Regulation (GDPR), you as a data subject have certain rights concerning the personal data we hold about you. We are committed to ensuring the protection and management of your data in accordance with applicable laws. This section outlines your statutory rights and explains how you can exercise them:
- Right to Access: You have the right to request access to your personal data that we process. This includes the right to be informed whether or not personal data about you is being processed, what data is being processed, and for what purpose.
- Right to Rectification: If you believe that personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.
- Right to Erasure (Right to be Forgotten): You can request that we delete or remove personal data when there is no compelling reason for its continued processing. This right is not absolute and only applies in certain circumstances.
- Right to Restrict Processing: You have the right to 'block' or suppress further use of your data. When processing is restricted, we can still store your data, but may not use it further. This right is limited to specific circumstances.
- Right to Data Portability: You have the right to obtain and reuse your personal data for your own purposes across different services. This means you can transfer the data from one IT environment to another safely and securely, without hindrance to usability.
- Right to Object: You are entitled to object to the processing of your personal data based on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that it is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you object, we must stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights, and freedoms, or the processing is for the establishment, exercise or defense of legal claims.
- Right to Withdraw Consent: If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful). This includes your right to withdraw consent to us using your personal data for marketing purposes.
Procedure for Exercising Rights: To exercise any of these rights, please contact us using the contact details provided in the "Contact Us" section of this policy. Please provide the following information:
Your full name and contact details
A clear description of the right you wish to exercise and any relevant details pertaining to your request
Any identifiers we might use to locate your data within our system
This information is necessary to verify your identity and ensure the security of your data. We aim to respond to all legitimate requests within one month. Occasionally it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
Section 13: Access, Correction and Complaints – Contact Us
If you have any questions or concerns regarding our Privacy Policy, or if you wish to exercise your rights to access, correct, or delete your personal data, please do not hesitate to contact us. You can reach us via email at [email protected], or you can write to us at the following address: Plein 1969 1A, 5473CA, Heeswijk-Dinther, The Netherlands. We are committed to addressing your inquiries promptly and transparently. Under GDPR, you also have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates data protection laws.
Last updated April 17th, 2024.
Need help choosing the
right software and/or scanner?