[FULL NAME OF DATA CONTROLLER], an individual acting under the commercial brand TrazaLab (hereinafter, "the Data Controller"), with address at [ADDRESS TO BE DEFINED — CITY, STATE, ZIP], is responsible for the processing of your personal data in accordance with the provisions of the Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP) and its Regulations.
For any matter related to this Privacy Notice or to the exercise of your ARCO rights (Access, Rectification, Cancellation, Opposition), you may contact us at: [email protected]
For the purposes described in this Notice, we collect and process the following categories of personal data:
| Data | Method of collection |
|---|---|
| Full name | Platform registration |
| Email address | Platform registration |
| Phone number | Platform registration |
| Professional role (dental laboratory or clinician) | Platform registration |
| Name of practice, clinic, or laboratory | Platform registration |
| IP address and browsing data | Automatic (cookies) |
| Platform activity logs | Automatic (system) |
TrazaLab is an order management platform between dental laboratories and clinicians. Although we do not collect patient data directly, the files that users upload to the platform may contain clinical information related to patients, such as:
| File type | Nature |
|---|---|
| Intraoral clinical photographs | Clinical image — potentially sensitive |
| Radiographs and CBCT | Medical image — potentially sensitive |
| Intraoral scans (STL) | Clinical data — potentially sensitive |
| Digital prescriptions (Rx) | Clinical document — potentially sensitive |
Important: TrazaLab acts as a communication and management platform between dental health professionals. Professional users are responsible for obtaining their patients' consent for the processing of clinical data before uploading it to the platform. By using TrazaLab to share clinical files, the user represents that they have the corresponding authorizations.
For the processing of any data that may be considered sensitive, we obtain the user's express consent at the time of registration through an explicit opt-in mechanism (checkbox).
The following purposes are necessary for the provision of the contracted service and do not require your additional consent beyond the acceptance of this Notice:
The following purposes are not essential for the provision of the service. Your refusal will not affect your use of the platform:
If you do not wish your data to be processed for voluntary purposes, you may communicate this at any time at [email protected] with the subject line "Revoke voluntary purposes".
You may limit the use or disclosure of your personal data by sending a request to [email protected] indicating your full name, registered email address, and a clear description of the requested limitation. We will respond within a maximum of 20 (twenty) business days.
You may also revoke your consent for voluntary purposes at any time without affecting the use of the essential functions of the platform.
You have the right to exercise at any time your rights of Access, Rectification, Cancellation, and Opposition regarding your personal data ("ARCO" rights), in accordance with articles 22 to 27 of the LFPDPPP in force.
To exercise any of these rights, you may use our ARCO request form or send an email to [email protected] with the subject line "ARCO Request" including:
We will respond within a maximum of 20 (twenty) business days counted from the receipt of your complete request. This period may be extended by an additional 20 business days when justified by the case, with prior notification.
ARCO Request Form →Although the LFPDPPP in force no longer requires the disclosure of transfers in the Privacy Notice, at TrazaLab we choose transparency. Your data may be shared with the following third parties solely for the necessary purposes described in this Notice:
| Third party | Purpose | Country |
|---|---|---|
| SiteGround (hosting) | Platform and database hosting | European Union / USA |
| Cloudflare R2 (storage) | Storage of large files (STL, photos, radiographs) | USA / Global |
| Meta / WhatsApp Business API | Sending operational notifications via WhatsApp | USA |
These transfers are made under the exceptions provided in article 36 of the LFPDPPP, as they are necessary to fulfill the legal relationship between you and the Data Controller. We do not share, sell, or rent your personal data to third parties for commercial or advertising purposes.
TrazaLab uses cookies and similar technologies for the following purposes:
| Cookie type | Purpose | Duration |
|---|---|---|
| Essential / session cookies | Authentication, user session, system preferences | Active session |
| Functional cookies | Remember interface preferences (theme, language, view) | Up to 1 year |
| Analytics cookies (optional) | Aggregated usage statistics to improve the product | Up to 1 year |
Essential and functional cookies are necessary for the proper operation of the platform. Analytics cookies are optional and are only installed with your consent, which you may manage through our cookie banner visible upon entering the site.
You may disable all cookies through your browser settings; however, this may affect the operation of the platform.
The Data Controller has implemented technical, administrative, and physical security measures to protect your personal data against damage, loss, alteration, destruction, unauthorized access, or improper processing, including:
Personal data will be retained for as long as necessary to fulfill the purposes described in this Notice and the applicable legal obligations. Once those purposes have been fulfilled, the data will be blocked and subsequently deleted in accordance with the internal timeframes and procedures of the Data Controller.
Clinical files associated with work orders will be retained for the period during which the professional user maintains their account active, plus an additional retention period in accordance with the applicable legal provisions in health matters.
The Data Controller reserves the right to modify this Privacy Notice at any time. Any changes will be communicated through the following means:
We recommend that you review this Notice periodically to stay informed about how we protect your personal data.
If you consider that your right to the protection of personal data has been violated, you may turn to the Secretaría Anticorrupción y Buen Gobierno (Mexico's Anti-Corruption and Good Governance Secretariat), the competent authority for the protection of personal data held by private parties under the LFPDPPP in force.
Website: www.gob.mx/anticorrupcion