1. Introduction:
Tivtav ("we", "us", or "our") operates an operational management platform designed specifically for dental and healthcare practices. This platform (the "Service") enables practices to manage their back-office operations, including team administration, scheduling, inventory, supplier relationships, hiring, education, and business performance tracking. This Privacy Policy explains how we collect, process, store, and protect personal data in connection with your use of the Tivtav platform, in compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and applicable national data protection laws. By accessing or using the Tivtav platform, you acknowledge that you have read and understood this Privacy Policy.
2. Who We Are
Tivtav B.V. is the data controller for personal data processed in connection with account management, billing, and platform administration.
Where dental practices use the Tivtav platform to process data about their own staff, patients, or suppliers, the practice acts as the data controller and Tivtav acts as a data processor on their behalf, governed by a Data Processing Agreement (DPA) incorporated into our Terms of Service.
For any data protection enquiries, contact us through the platform.
3. Data Isolation & Multi-Tenancy Architecture
Tivtav is built on a strict data isolation architecture. Each practice (tenant) operates within a fully isolated data environment. This means: — Your practice data is logically and technically separated from all other practices on the platform. — No practice can access, view, or query data belonging to another practice. — Isolation is enforced at the database, application, and API layers. — Tivtav staff access to tenant data is restricted, logged, and requires explicit authorisation on a need-to-know basis. This architecture ensures that even in shared infrastructure environments, your operational data — including staff records, supplier contracts, inventory levels, and performance metrics — remains exclusively accessible to your organisation.
4. What Personal Data We Collect
4.1 Account & Practice Data — Practice name, registration details, VAT/tax identifiers — Contact details of practice administrators and billing contacts — Subscription tier and payment method metadata (not full card numbers)
4.2 Platform User Data — Name, professional role, and email address of staff members registered on the platform — Login credentials (passwords are hashed and never stored in plain text) — Access logs, session data, and usage activity within the platform — In-platform communications and notifications
4.3 Operational Data Entered by the Practice The following data is entered and controlled exclusively by the practice. Tivtav processes this data solely on the instructions of the practice: — Staff schedules, employment records, and HR-related information — Operatory and chair utilisation data — Inventory items, stock levels, and order history — Supplier details and procurement records — Candidate information for open roles (recruitment module) — Training and education records for team members — Business performance metrics and KPIs
4.4 Technical & Usage Data — IP addresses, browser type, and device identifiers — Platform feature usage, click patterns, and session durations (used for product improvement) — Error logs and crash reports
5. Legal Bases for Processing
We process personal data on the following legal bases under Article 6 GDPR: — Contract performance (Art. 6(1)(b)): Processing necessary to provide the Tivtav Service under our Terms of Service. — Legitimate interests (Art. 6(1)(f)): Platform security, fraud prevention, abuse detection, and product analytics. — Legal obligation (Art. 6(1)(c)): Compliance with applicable tax, accounting, and regulatory requirements. — Consent (Art. 6(1)(a)): Where we request consent for specific processing activities such as marketing communications. Consent may be withdrawn at any time. Where the practice processes special category data (e.g. employee health records) through the platform, the practice is responsible for establishing and documenting the appropriate legal basis under Art. 9 GDPR.
6. How We Use Your Data
— Provision and operation of the Tivtav platform
— User authentication and access control
— Billing and subscription management
— Customer support and issue resolution
— Platform security monitoring and incident response
— Product development and feature improvement (using aggregated, anonymised analytics)
— Compliance with legal and regulatory obligations
— Sending product updates, maintenance notices, and — where consent has been given — commercial communications
7. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify customers via email and/or an in-platform notification at least 30 days before changes take effect. The date of the most recent revision is displayed at the top of this document.
Tivtav
