Privacy Policy

 

Last updated: February 7, 2022

 

Notice:

EA values your personal information and the personal information you provide with us. We will process the personal information in strict accordance with relevant laws and regulations of the People's Republic of China as well as the provisions of this Policy.

This Policy applies to all products and/or services provided by Shanghai EA Medical Instruments Co., Ltd. (registered address: Room 601-603, No. 500 Zhengli Road, Yangpu District, Shanghai) and its affiliates (hereinafter referred to as "EA" or "We"). And your visit to this web site or usage of products and/or services provided by the site is also subject to this Policy.

Therefore, before you visit or use this web site or the products and/or services provided by EA, please read carefully to fully understand this Policy, especially the terms in bold. If you click the "Confirm" button or check "Agree", it means you have fully understood and agreed to this Policy. Any questions, comments or suggestions about the provisions or content of this Policy, please contact us through the contact information provided at the bottom of this Policy. We are glad to provide you any assistance.

 

 

Part I Definitions

 

  1. Personal information: means any information relating to an identified or identifiable natural person ('information subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

  1. Data processing: means any operations performed on personal information (whether by automated means). Common data processing includes (but is not limited to) collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal information.

 

3. Affiliate: means any other entities directly or indirectly controlled by Angelalign Technology Inc., which include but are not limited to: Wuxi EA Medical Instruments Technologies Limited and its branches, Wuxi EA Bio-Tech Co., Ltd. and Beijing EA Bio-Tech Co., Ltd..

 

 

Part II Privacy Policy

 

This Policy explains to you:

 

  1. How we collect and use your personal information

 

  1. How we share and publicly disclose your personal information

 

  1. How we store and protect your personal information

 

  1. How you should manage your personal information

 

  1. How we protect the personal information of children

 

  1. How your personal information is transferred globally

 

  1. How we modify and update this Policy

 

  1. How to contact us

 

 

  1. How we collect and use your personal information

 

We may acquire your personal information or the personal information of others that you provide from a variety of channels. You can provide us the information while browsing our web site, through our social media pages and mini programs, or while participating in our activities. When you visit our web site, browse our social media pages, or use mini programs, we will collect information about your device or your usage by automated means like Cookies, web server logs and Web Beacon. We may also collect your personal information indirectly from other channels.

 

  1. Personal information collection

 

(1)                    Personal information of you and others that you actively provide to us

 

- Registering the iOrtho system account or related services

To register an account on the EA iOrtho system as a doctor, doctor’s assistant/consultant or medical student, you need to provide us with your personal information, including but not limited to: your name, avatar, phone number, WeChat ID, email, physician practice certificate and other relevant qualification certificates, name, address, phone number, email, and bank account number of the clinic or hospital that you belong to, and the other information reasonably required by EA.

 

- Obtaining products and/or services from iOrtho system

To obtain products and/or services provided by EA, you will provide us with (un)processed personal information of patients, including but not limited to: patient's name, gender, date of birth, photo, and case information. Case information includes doctor's diagnosis and treatment, photos of patient's teeth, face, full body, and X-ray photos, scan data and the other case information reasonably required by EA.

 

- Start Smile Assessment

To complete the smile assessment, you need to provide the following information: your identity (adults or parents looking for solutions for their children), your name, email address, mobile phone number, city, invisible correction requirements and the other information reasonably required by EA.

 

- Exclusive reservation for Chinese national athletes

As a sponsor of Training Bureau of General Administration of Sport of China, EA has opened an exclusive reservation channel for Chinese national athletes. If you’re a Chinese national athlete, we may collect the following information you provided: personal name, date of birth, city, phone number, email address, sport event and the other information reasonably required by EA, from the exclusive reservation page on EA web site to help you make appointment with clinic.

 

- Opt-in page on the web site

We may collect the following information you provided: user name/personal name, phone number, date of birth, city, email address and the other information reasonably required by EA, from the opt-in page on EA web site to help you make appointment with clinic, send you our activity information regarding EA products and services and customized service by our customer focused team.

 

- Product/Service consulting, suggesting, and feedback

You can consult, evaluate, suggest, and feed back on our products and/or services, and we will collect such information.

 

- Participating in activities

We may invite you to fill out survey questionnaire, for which you may need to provide information including: your name, occupation, rank and other information. At the same time, you can reserve various online and offline activities held by us. For this purpose, we will collect your name, mobile phone number, remarks, courseware, appointment date, and participation time.

 

(2)                    Personal information collected by EA during your use of our products and/or services

 

To ensure the safe operation of the web site, and to provide you with convenient, reliable and trustworthy products, services and use environment, we may collect your operation, logging, network and device information (including but not limited to device model, device identification code, operating web site, IP address, operator, etc.) and other personal information based on the permission setting of your mobile device web site (including but not limited to service recommendation based on location permission, photo upload based on camera permission, etc.). If you enable these permissions, you authorize us to collect and use the personal information to implement the above-mentioned functions. If you disable these permissions, you cancel the authorization and we will no longer collecting and using the personal data. This way, we will not be able to provide you with the above-mentioned functions corresponding to the authorization. Your disabling of the permissions will not affect the processing of personal information based on authorization as described previously. Meanwhile, in order to prevent malicious programs and the necessary for safe operation, we will collect the installed application information or running process information, the overall operation of the application, the overall installation and use of the application, frequency, application crashes, application sources, performance data, etc.

 

(3)                    Personal information collected offline

 

When you use the products and/or services we provide offline, or interact and communicate with us, we may collect and use information related to you or your patients using our products and services, including but not limited to: name, age, occupation, birthday, work experience, and education background.

 

(4)                    Personal information collected by EA indirectly through a third party

 

In order to provide you with better, higher-quality and more personalized services, or provide services for you, or in order to prevent Internet fraud, our affiliates and partners will share your personal information legally sourced with us in accordance with the provisions of the laws of the People's Republic of China or agreement with you, or with your prior consent. You agree that we are authorized to obtain the personal information you provide and process the information within the scope of your authorization.

 

If you’re a doctor, we understand that you provide us with the aforementioned personal information of patients in the purpose of providing EA products and/or services to them. You are authorized and qualified to use the information as well as provide it to us and authorize us in accordance with the laws and regulations of the People’s Republic of China to process the information. Furthermore, we understand that before you provide us with the aforementioned information, you have signed informed consent with the patients, which authorizes you to provide us with and manage the patient's personal information, and allows us to process the data in the manner described in this Policy.

Before you collect patient data of minors who have reached the age of 14, you should obtain express consent of them and their guardians. For those under the age of 14, you should obtain the express consent of their guardians. If you fail to obtain the above consent, you must not collect relevant patient personal information.

You are obligated to provide real and effective personal information about you and your patients. The information should be updated in time in case of any change so that we can verify your identity and provide related products and/or services. If you submit another person's personal information, you should obtain his/her legitimate authorization. The above information you provide will be authorized for our use during your use of the services.

 

  1. Use of Personal Information

 

By providing your personal information to EA, you agree that EA can use the information alone or in combination with existing information for the following purposes:

 

(1)                    Allow you to use, purchase, or subscribe to products and services provided by EA, and EA may label products and documents with relevant information, including your and your patient’s name, address, telephone number and the other contact information;

 

(2)                    Provide you with relevant information about our products, services, news and events;

 

(3)                    Provide information about you or your medical institute to patients and allow them to contact you;

 

(4)                    Invite you to participate in our survey questionnaire;

 

(5)                    Analyze our legacy products and services, develop new products and services, and customize our products and services as well as information we provide;

 

(6)                    Help you to establish and manage the information and files of patients registered with EA, and produce and customize products and services according to your treatment plan;

 

(7)                    Resolve malfunctions of our web site and services;

 

(8)                    Facilitate internal audit, data analysis and research to improve our products or services;

 

(9)                    Transfer your personal information for the purpose of transactions such as mergers, acquisitions or asset sales. Before the transfer, we will give you prior notice and ensure that your personal information will get protection equivalent to this Policy;

 

(10)               Use for purposes required by laws and regulations, court orders or other legal procedures, or government organs;

 

(11)               Other legal purposes

 

After personal information collection, we will use technical means to de-identify it. De-identified personal information will not be able to identify the subject without using additional information. Please understand and agree that, in this case, we are authorized to use the de-identified information; and without disclosing your personal information, we are allowed to analyze the user database and make commercial use. We will use collected personal information in accordance with the provisions of this Policy to realize the functions of our products and/or services. We will seek your consent before we use such information for other purposes not stated in this Policy, or use the the information collected for specific purposes for other purposes.

 

  1. How do we use Cookie

 

(1)                    To ensure normal operation of this web site and smooth user experience, we will store cookies on your computer or mobile device. Cookies allow us to simplify your login and store your browsing preferences.

 

(2)                    You can manage or delete the cookies as you like. You can refuse cookies by modifying your browser settings, or you can clear all cookies saved in your mobile device. In this case, you may need to repeat the login and change user settings each time you visit this web site, which will affect your use of this web site to some extent.

 

 

  1. How we share and publicly disclose your personal information

 

  1. We will keep personal information you provide confidential and safe in accordance with relevant laws and regulations of the People's Republic of China, and will not provide or display the information to any third party in any way, except in the following cases:

 

(1)                    We have obtained your express consent or authorization in advance that you authorize us or we access by ourselves such information as patient information.

 

(2)                    When judicial or administrative organs require our web site to disclose personal information in accordance with legal procedures and statutory powers, we will provide relevant information accordingly. We shall be exempt from liability for any disclosure in this case.

 

(3)                    We assume no liability towards any leakage, loss, embezzlement or falsification of personal information caused by force majeure and affecting the normal operation of the web site, such as hacking, computer virus invasions or attacks, or temporary shutdown by government control.

 

(4)                    We assume no liability towards any leakage, loss, embezzlement or falsification of personal information caused by you telling others your password or sharing your registered account with others.

 

(5)                    We assume no liability towards any leakage, loss, embezzlement or falsification of personal information occurring on any other web sites linked to this web site.

 

  1. By providing us personal information, you agree that EA can share the information with third parties for the purposes specified in this Policy under the following circumstances:

 

(1)                    We may share the personal information you provide with our affiliates. We will only share necessary information for the purposes stated in this Policy. If our affiliates want to change the purpose of processing personal information, they will gain your approval again. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves;

 

(2)                    We may share your orders, account, device, location, and other personal information with third parties such as partners to ensure your smooth access to our products and services. We will only share your personal information for legal, just, necessary, specific and clear purposes in the intention to successfully provide products and services for you. Our partners are not entitled to use the shared personal information for any other purpose. At present, our partners include the following types:

 

- Supplier of goods or technical services

We may share the personal information you provide with third parties that support EA in ways like supplying materials, or providing infrastructure or technical services, logistics and distribution services, payment services, and data processing.

 

- Partners who jointly promote with us

For your better experience of browsing and using this web site, and to keep you informed about products and/or services in a timely manner, we sometimes entrust other companies to promote our products and services. We may share both personal and non-personal information you provide with our joint marketing partners. For this purpose, we will notify you to obtain your consent. If patient personal information is involved, the patient's approval will be obtained either by you or by ourselves.

 

- Third-party components

To better provide you with products and services, we may share your personal information with third-party components embedded in the web site and APP. Please click here for details.

 

- Other purposes you agree

Personal information shared to achieve the purpose you agree to from time to time, including any other purpose stated upon information collection (for example: we may share the collected information with your medical institute or other users of this web site); and

 

- Others

Personal information provided to courts or government organs in accordance with laws and regulations, court orders or other legal procedures, or the requirements of government organs.

 

We will sign confidentiality agreements with companies, organizations, and individuals with whom we share personal information, to require them to treat personal information in compliance with our instructions, this Policy, and any other relevant confidentiality and security measures.

 

  1. We will not transfer your personal information to any company, organization, or individual except for the following circumstances:

 

(1)                    Transfer with express consent: After obtaining your express consent, we will transfer the personal information you provide to other parties. If the patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves;

 

(2)                    In case of any acquisition, merger or insolvency liquidation, or other circumstances involving merger, acquisition or insolvency liquidation, of EA, if personal information transfer is involved, we will require the new company, organization or individual that holds your personal information to continue to follow this Policy, or we will require such a company, organization or individual to obtain your authorization and consent again. If patient personal information is involved, the patient's approval will be obtained either by you or by ourselves.

 

  1. We will only publicly disclose your personal information under the following circumstances:

 

(1)                    We have obtained your express consent or you choose to disclose the information proactively. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves;

 

(2)                    If we are confirmed that you have violated laws and regulations or seriously violated EA's relevant Policy or rules, or we try to protect the personal and property safety of users of EA and its affiliates or to protect the public from infringement, we may disclose your personal information by following laws and regulations or relevant Policy rules of EA. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves.

 

 

  1. How we store and protect your personal information

 

  1. In accordance with the relevant laws and regulations of the People's Republic of China, we will keep the web log information for at least 6 months. We will only retain you and other personal information provided by you for the necessary shortest period for the purpose set forth in this Policy, unless otherwise provided by laws and regulations or otherwise authorized and agreed by you. After aforementioned storage period expires, we will delete or anonymize your personal information and the personal information you provided.

 

  1. The personal information collected and generated during our operations within the People’s Republic of China will be stored in its territory, except the following circumstances: (1) Clearly stipulated by laws and regulations; or (2) Express authorization is obtained from you. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves.

 

  1. During your use of our products and/or services, we will continue to store the personal information you provide within the shortest period required for providing the products and services, unless you cancel authorization, delete the information, or deregister the account.

 

  1. We have taken reasonable and feasible safety protection measures that conform to industry standards to keep and protect the personal information you provide from unauthorized access, public disclosure, usage, modification, damage or loss. Information submitted online is encrypted for transmission for security; the back-end storage system and the front-end user information collection system are physically separated by being deployed on different servers; the network equipment and security equipment at the security boundary are regularly assessed and audited, vulnerabilities are patched in time, and weak passwords are eliminated; web site and code-level vulnerability scans are performed on a regular basis to detect security vulnerabilities and configuration non-conformances; all O&M personnel accessing electronic personal information shall pass the two-factor authenticated bastion host before performing any operation so that all operations are recorded.

 

  1. We have grouped an information security management team and formulated a detailed web site security management system. Moreover, we have passed relevant national certification on data security.

 

  1. We will take reasonable and feasible measures to ensure that only related personal information is collected.

 

  1. Given that the Internet is not absolutely safe, and e-mail, instant messaging, and communication with other users are not encrypted, we do not recommend that you send personal information in these ways. Please use a relatively complex password so that we can guarantee the personal information security of you and your patients.

 

  1. We have formulated a network security incident report and disposal management web site, based on which we handle personal information security incidents by following the four steps of reporting, responding, post-analyzing, and rectifying. We will also inform you of the specific situation and remedy measures in accordance with laws and regulations in a timely manner. Meanwhile, we will also report the disposal of the incident according to the requirements of the regulatory authorities. With regard to the patient personal information you provide, you may need to notify the corresponding subject after you receive our security incident notification.

 

 

  1. How you should manage your personal information

 

  1. Query and modify your personal information and the personal information you provide: After registration success, account information such as user name and password will be generated. You can log in to your account and query and modify the account information in "Personal Center" or send us a written request at our email. If you find a security breach or illegal use of your account, please send a written request to our email to notify us in a timely manner and report the case to a relevant department.

 

  1. Delete your personal information and the personal information you provide, and deregister your account: You have the right to deregister your account and request that we delete the personal information collected on this web site. You can delete part of your personal information by editing your personal account (log in to your account and edit in "Personal Center"), or send an email to us to submit the requirements. You understand that we will verify your identity before deleting your personal information and the personal information you provide or deregistering your account. Unless otherwise specified by law, if the user logs out, EA will delete your personal information and the personal information you provide, and stop providing services (including but not limited to login and placing orders. The points in your account will be cleared). Note that when your information has been deleted from our services or after we receive and agree to your application for deletion, the corresponding one may not be removed from the backup system immediately, but will be done when update for backup.

 

  1. Withdraw agreed authorization: According to this Policy, you can withdraw web site permissions that you have granted to this web site. This requires setting of your device and the specific setting method may vary with the system, brand, and model of your mobile phone.

 

  1. When you cancel authorization, delete personal information, or deregister your account, we will delete your personal information and the personal information you provide in accordance with the law, or anonymize it as permitted by law to keep it in a state where it cannot be retrieved or accessed. However, we will still store some of your information in accordance with the law.

 

  1. Please take good care of your account information, and ensure the security of your account and the actions implemented through the account. Unless required by relevant laws and with the consent of EA, your account is for your use only, and you may not borrow, transfer, gift, inherit or allow others to use your account in any way.

 

  1. We will not be able to respond to your request and reserve the right to seize your account if your request:

 

(1)                    concerns national security and/or national defense;

 

(2)                    concerns public security, public health, and/or major public interests;

 

(3)                    concerns criminal investigation, prosecution, trial, and/or execution of judgments;

 

(4)                    proves by sufficient evidence that you have subjective malice or abuse of rights;

 

(5)                    seriously prejudicial to your, other individuals' or organizations' legitimate rights and interests if your request is responded to;

 

(6)                    involves business secrets;

 

(7)                    involves other contents prohibited by laws and regulations of the People's Republic of China.

 

  1. If this web site is to be closed, we will stop collecting the personal information you provide after relevant services stop operating. We will notify you of the closing in an announcement. The personal information already held will be deleted or anonymized.

 

We will generally process the above-mentioned requests within 15 working days.

 

For your reasonable request, we will not charge you any fees in principle, but for repeated requests that exceed the reasonable limit, we will collect a certain cost as the case may be. We may reject requests that are unreasonably repetitive, require too many technical means (for example, the need to develop new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are highly impractical.

 

 

  1. How we protect the personal information of children

 

Without the consent of their parents or guardians, children (under 14) are not allowed to create accounts on this web site. If your patient is a child, it is recommended that you ask his or her parent or guardian to read this Policy carefully and use our services or provide us with information with prior consent. We will only use, share, transfer or disclose the personal information of a child collected with the consent of his or her parent or guardian for using our products or services if the laws and regulations permit, the parent or guardian explicitly agrees, or it is necessary for protecting the child.

 

 

  1. How your personal information is transferred globally

 

  1. In principle, the personal information collected and generated during our operations within the People’s Republic of China will be stored in its territory.

 

  1. As we provide products or services through resources and servers all over the world, your personal information may be transferred to overseas jurisdictions in the country/region where you use the products or services or, be accessed from such overseas jurisdictions. We only share your personal information and the personal information you provide when necessary, and only for the purposes stated in this Policy. If our affiliates want to change the purpose shown, they need to obtain your consent separately. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves.

 

3.                      In accordance with this Policy, you agree that the above-mentioned personal information can be transferred to any country/region where our affiliates operate, and the information can be processed by us and/or the affiliates. If your personal information and the personal information you provide will be shared/transmitted to our affiliates or trusted third parties outside of China, we will: (1) protect the information in foreign countries substantially; and (2) strictly abide by China's laws and regulations on cross-border data transmission.

 

This Policy and data processing in accordance with it are governed by and interpreted in accordance with the laws of the People's Republic of China. Regardless of the place where we process the data, we will take reasonable measures to protect the privacy of your personal information as well as the personal information you provide.

 

 

  1. How we modify and update this Policy

 

  1. We may modify and update this Policy (referred to as "Changes") from time to time in accordance with changes in the laws and regulations of the People's Republic of China, or for the need to maintain the transaction order or protect consumer rights. You can check or download the latest version at the bottom of this web site at any time.

 

  1. If you disagree with any change, you have the right to give us feedback through the contact information provided by us. If the feedback is accepted, we will appropriately adjust the changed items.

 

  1. If you still disagree with the changed items, you should stop using web site services from the effective date when the changed items go into effect, and the changed items will have no effect on you. If you continue to use web site services after the changed items take effect, it shall be deemed as you have agreed to in the changed items.

 

 

  1. How to contact us

 

If you have any questions or suggestions about this web site or this Policy, or you have any complaints, please contact us via iorthoservices@angelalign.com, and we will deal with it within 15 working days.

 

 

Version: A0