Privacy Policy

Last updated 9 July 2026. This document explains how the Dentbook service handles personal data.

Who runs the service

The Dentbook booking system is operated by Daniel Rombakh, company ID (IČO) 09872604, registered at Kaprova 42/14, 110 00 Prague 1, Czech Republic. For any data protection matter, contact us at info@dentbook.cz.

Two distinct roles

Dentbook acts in two roles. For data about a practice and its account we are the controller, because we decide how the service works. For patient data we are the processor, and the controller is the individual practice that set up the system. The practice decides why and how patient data is processed, and we simply store it securely and pass it on according to the practice's instructions.

Practice data

When you create a practice, we process the practice name, email address, an encrypted form of your password, and any settings you save in the system. This data lets you log in, manage bookings and receive notifications.

Patient data

When a patient books an appointment, we process their first name, surname, phone number, email address and the chosen service and time. It is used solely to confirm the appointment, send a reminder and allow the practice to make contact. The practice you book with is the controller responsible for this data.

Purpose and legal basis

We process data to provide the service itself, that is to perform our contract with the practice and to enable patient bookings. Sending confirmations and reminders rests on the legitimate interest in a smooth booking process. Where a specific processing activity requires consent, we ask for it in advance.

Cookies

We use only the essential cookies needed to keep you signed in to the admin area. We do not use advertising or tracking cookies, and we do not sell any data to third parties for marketing.

Who we share data with

To run the service we rely on vetted suppliers acting as processors. Infrastructure and data storage are provided by Cloudflare, email delivery by Resend, in-practice notifications by Telegram, and SMS messages by SMSManager. We have GDPR-compliant processing arrangements with each of them and share only the data needed for that function.

How long we keep data

Practice data is kept for as long as the account exists. Patient data is kept for the period necessary to maintain booking records and meet the practice's legal obligations. When an account is closed or on the practice's instruction, we delete the data securely.

Your rights

You have the right to access your data, to correct or erase it, to restrict processing and to data portability. You also have the right to object and to withdraw consent. For patient data, contact the practice, which is the controller. For practice account data, write to us at info@dentbook.cz.

Security

Data is stored on secure infrastructure and transmitted encrypted. Only the individual practice can access its own data, through its own login.

Complaints

If you believe we handle your data unlawfully, you have the right to lodge a complaint with the Czech Office for Personal Data Protection (Úřad pro ochranu osobních údajů), Pplk. Sochora 27, 170 00 Prague 7.

Patient data processing is described in more detail on a separate Patient data processing page.