Privacy Policy
Last updated: July 28, 2022
Effective Date: July 28, 2022
EA values your personal information and the personal information
you provide with us. We will process the personal information in
strict accordance with the requirements of Regulation (EU)
2016/679 of the European Parliament and of the Council of 27 April
2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data
(General Data Protection Regulation, the “GDPR”) and
the other applicable
laws
as well as the provisions of this Policy (collectively,
“Applicable Requirements”).
This Policy applies to all products and/or services provided by
Shanghai EA Medical Instruments Co., Ltd. (registered address:
Room 601-603, No. 500 Zhengli Road, Yangpu District, Shanghai) and
its affiliates (hereinafter referred to as "EA" or "We"). And your
visit to this web site or usage of products and/or services
provided by the site is also subject to this Policy.
Therefore, before you visit or use this web site or the products
and/or services provided by EA, please read carefully to fully
understand this Policy, especially the terms in bold. If you click
the "Confirm" button or check "Agree", it means you have fully
understood and agreed to this Policy. Any questions, comments or
suggestions about the provisions or content of this Policy, please
contact us through the contact information provided at the bottom
of this Policy. We are glad to provide you any assistance.
Part I Definitions
1. Personal information: means any information relating to an identified
or identifiable natural person ('information subject'); an
identifiable natural person is one who can be identified, directly or
indirectly, in particular by reference to an identifier such as a
name, location data, an online identifier or to one or more factors
specific to the physical, physiological, genetic, mental, economic,
cultural or social identity of that natural person.
2. Data processing: means any operations performed on personal
information (whether by automated means). Common data processing
includes (but is not limited to) collection, recording, organization,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction of personal information.
3. Affiliate: means any other entities directly or indirectly controlled
by Angelalign Technology Inc., which include but are not limited to:
Wuxi EA Medical Instruments Technologies Limited and its branches,
Wuxi EA Bio-Tech Co., Ltd. and Angelalign Technology Pte. Ltd..
Part II Privacy Policy
This Policy explains to you
how EA, may collect, retain, process, share and transfer your
personal information when you visit our sites or use our system, and
does not apply to online websites or services that we do not own or
control.
I. How we collect and use your personal information
II. How we share and publicly disclose your personal information
III. How we store and protect your personal information
IV. How you should manage your personal information
V. How we protect the personal information of children
VI. How your personal information is transferred globally
VII. How we modify and update this Policy
VIII. How to contact us
I. How we collect and use your personal information
We may acquire your personal information or the personal information
of others that you provide from a variety of channels. You can provide
us the information while browsing our web site, through our social
media pages and mini programs, or while participating in our
activities. When you visit our web site, browse our social media
pages, or use mini programs, we will collect information about your
device or your usage by automated means like Cookies, web server logs
and Web Beacon. We may also collect your personal information
indirectly from other channels.
1. Collection and use of personal information
(1) Personal information of you and others that you actively provide to
us
- Registering the iOrtho system account or related services
To register an account on the EA iOrtho system as a doctor,
doctor’s assistant/consultant or medical student, and to
establish and manage the information and files of patients registered
with EA, you need to provide us with your personal information,
including but not limited to:
your name, avatar, phone number, social medial account (e.g.
WeChat ID), email, physician practice certificate and other
relevant qualification certificates, name, address, phone number,
email, and bank account number of you and/or the clinic or
hospital that you belong to, and the other information reasonably
required by EA.
- Obtaining products and/or services from iOrtho system
To help us to produce and customize products and services as well as
information we provide, analyze our legacy products and services,
improve our products or services and develop new products and
services, you will provide us with
(un)processed personal information of patients, including but not
limited to: patient's name, gender, date of birth, photo, and case
information. Case information includes doctor's name, diagnosis
and treatment, photos of patient's teeth, face, full body, and
X-ray photos, scan data,
STL, CBCT and the other case information reasonably required by
EA.
- Payment for the products and/or services and
financial order management
For the purpose of products and/or services payment, financial order
management and internal audit, we will collect the payment information of you and/or the clinic, hospital or
company that you belong to, including name of drawee, bank account
and the other related information reasonably required by EA.
-
Products packaging and logistics delivery
We will collect contact information (including name, address and phone number) of
the doctor, doctor’s assistant/consultant or medical student
and/or the clinic or hospital, and relevant patient’s name
and case number
for the purpose of our products packaging and logistics delivery.
- Start Smile Assessment
To complete the smile assessment, you need to provide the following
information: your identity (adults or parents looking for solutions for their
children), your name, email address, mobile phone number,
city, invisible correction requirements and the other information
reasonably required by EA.
-
Applying for a job
To join our Angel
family, we may collect the following information you provided: personal name, date of birth, city, phone number, email address,
education background and
the other information reasonably required by EA, to make the interview.
-
Opt-in page on the web site
We may collect the following information you provided: user name/personal name, gender, phone number, contact address,
city, email address, social medical account (e.g. WeChat ID),
education background, professional category, annual orthodontic
case number and
the other information reasonably required by EA, from
the opt-in page on EA web site to help you become our provider or
make appointment with clinic, send you our products and/or services
promotion and other information (such as special offers, products
and/or services launch) regarding Angel Aligner and other affiliated
products and services.
-
Product/Service consulting, suggesting, and feedback
You can consult, evaluate, suggest, and feed back on our products
and/or services, and we will collect such information.
- Participating in activities
We may invite you to fill out survey questionnaire, for which you may
need to provide information including: your name, occupation, rank and other information. At the same time, you can reserve various online and offline
activities (including our training, conference, course) held by us.
For this purpose, we will collect your name, mobile phone number, email, social medical account
(e.g. WeChat ID), remarks, courseware, appointment date, and
participation time.
(2) Personal information collected by EA during your use of our products
and/or services
To ensure the safe operation of the web site, and to provide you with
convenient, reliable and trustworthy products, services and use
environment, we may collect your operation, logging, network and device information
(including but not limited to device model, device identification
code, operating web site, IP address, operator, etc.) and other
personal information based on the permission setting of your
mobile device web site (including but not limited to service
recommendation based on location permission, photo upload based on
camera permission, etc.).
If you enable these permissions, you authorize us to collect and use
the personal information to implement the above-mentioned functions.
If you disable these permissions, you cancel the authorization and we
will no longer collecting and using the personal data. This way, we
will not be able to provide you with the above-mentioned functions
corresponding to the authorization. Your disabling of the permissions
will not affect the processing of personal information based on
authorization as described previously.
Meanwhile, in order to prevent malicious programs and the necessary
for safe operation, we will collect the installed application information or running process
information, the overall operation of the application, the overall
installation and use of the application, frequency, application
crashes, application sources, performance data, etc.
(3) Personal information collected offline
When you use the products and/or services we provide offline, or
interact and communicate with us, we may collect and use information
related to you or your patients using our products and services,
including but not limited to: name, age, occupation, birthday, work experience, and education
background.
(4) Personal information collected by EA indirectly through a third party
In order to provide you with better, higher-quality and more
personalized services, or provide services for you, or in order to
prevent Internet fraud, our affiliates and partners will share your
personal information legally sourced with us in accordance with
Applicable Requirements or agreement with you, or with your prior
consent. You agree that we are authorized to obtain the personal
information you provide and process the information within the scope
of your authorization.
2. How do we use Cookie
(1) A cookie is a small text file that our sites store on your computer
or mobile device when you visit our websites. Our websites, apps and
other services, send this data to your browser when you first request
a web page and then store the data on your computer or other device so
the website or app can access, store or collect information from your
device when you first request a web page. Browsers support cookies and
similar technologies (such as local storage and pixels) so that our
websites can remember information about your visit and can use the
information to improve your experience and to create aggregated
anonymized statistics about usage of the site. In this Policy, we use
the term “cookie” to refer both to cookies and similar
technologies.
(2) You can manage or delete the cookies as you like. You can refuse cookies by modifying your browser settings, or you can clear all cookies saved in your mobile device. In this case, you may need to repeat the login and change user settings each time you visit this web site, which will affect your use of this web site to some extent. For further information of our cookies, please click here
II. How we share and publicly disclose your personal information
1. We will keep personal information you provide confidential and safe
in accordance with Applicable Requirements, and will not provide or
display the information to any third party in any way, except in the
following cases:
(1) We have obtained your express consent or authorization in advance
that you authorize us or we access by ourselves such information as
patient information.
(2) When judicial or administrative organs require our web site to
disclose personal information in accordance with legal procedures and
statutory powers, we will provide relevant information accordingly. We
shall be exempt from liability for any disclosure in this case.
(3) We assume no liability towards any leakage, loss, embezzlement or
falsification of personal information caused by force majeure and
affecting the normal operation of the web site, such as hacking,
computer virus invasions or attacks, or temporary shutdown by
government control.
(4) We assume no liability towards any leakage, loss, embezzlement or
falsification of personal information caused by you telling others
your password or sharing your registered account with others.
(5) We assume no liability towards any leakage, loss, embezzlement or
falsification of personal information occurring on any other web sites
linked to this web site.
2. By providing us personal information, you agree that EA can share the
information with third parties for the purposes specified in this
Policy under the following circumstances:
(1) We may share the personal information you provide with our
affiliates. We will only share necessary information for the purposes
stated in this Policy. If our affiliates want to change the purpose of
processing personal information, they will gain your approval again.
If patient's personal information is involved, the patient's approval
will be obtained either by you or by ourselves;
(2) We may share your orders, account, device, location, and other
personal information with third parties such as partners to ensure
your smooth access to our products and services. We will only share
your personal information for legal, just, necessary, specific and
clear purposes in the intention to successfully provide products and
services for you. Our partners are not entitled to use the shared
personal information for any other purpose. At present, our partners
include the following types:
- Supplier of goods or technical services
We may share the personal information you provide with third parties
that support EA in ways like supplying materials, or providing
infrastructure or technical services, logistics and distribution
services, payment services, and data processing.
- Partners who jointly promote with us
For your better experience of browsing and using this web site, and
to keep you informed about products and/or services in a timely
manner, we sometimes entrust other companies to promote our products
and services. We may share both personal and non-personal information
you provide with our joint marketing partners. For this purpose, we
will notify you to obtain your consent. If patient personal
information is involved, the patient's approval will be obtained
either by you or by ourselves.
- Third-party components
To better provide you with products and services, we may share your
personal information with third-party components embedded in the web
site and APP. Please click here for details.
- Other purposes you agree
Personal information shared to achieve the purpose you agree to from
time to time, including any other purpose stated upon information
collection (for example: we may share the collected information with
your medical institute or other users of this web site); and
- Others
Personal information provided to courts or government organs in
accordance with laws and regulations, court orders or other legal
procedures, or the requirements of government organs.
We will sign confidentiality agreements with companies,
organizations, and individuals with whom we share personal
information, to require them to treat personal information in
compliance with our instructions, this Policy, and any other relevant
confidentiality and security measures.
3. We will not transfer your personal information to any company,
organization, or individual except for the following
circumstances:
(1) Transfer with express consent: After obtaining your express consent,
we will transfer the personal information you provide to other
parties. If the patient's personal information is involved, the
patient's approval will be obtained either by you or by
ourselves;
(2) In case of any acquisition, merger or insolvency liquidation, or
other circumstances involving merger, acquisition or insolvency
liquidation, of EA, if personal information transfer is involved,
we will require the new company, organization or individual that holds
your personal information to continue to follow this Policy, or we
will require such a company, organization or individual to obtain your
authorization and consent again. If patient personal information is
involved, the patient's approval will be obtained either by you or by
ourselves.
4. We will only publicly disclose your personal information under the
following circumstances:
(1) We have obtained your express consent or you choose to disclose the
information proactively. If patient's personal information is
involved, the patient's approval will be obtained either by you or by
ourselves;
(2) If we are confirmed that you have violated laws and regulations or
seriously violated EA's relevant Policy or rules, or we try to protect
the personal and property safety of users of EA and its affiliates or
to protect the public from infringement, we may disclose your personal
information by following laws and regulations or relevant Policy rules
of EA. If patient's personal information is involved, the patient's
approval will be obtained either by you or by ourselves.
III. How we store and protect your personal information
1. In accordance with Applicable Requirements, we will keep the web log
information for at least 6 months. We will only retain you and other
personal information provided by you for the necessary shortest period
for the purpose set forth in this Policy, unless otherwise provided by
laws and regulations or otherwise authorized and agreed by you. After
aforementioned storage period expires, we will delete or anonymize
your personal information and the personal information you provided.
2. The personal information collected and generated during our
operations will be stored in your country of residence, except the
following circumstances: (1) Clearly stipulated by laws and
regulations; or (2) Express authorization is obtained from you. If
patient's personal information is involved, the patient's approval
will be obtained either by you or by ourselves.
3. During your use of our products and/or services, we will continue to
store the personal information you provide within the shortest period
required for providing the products and services, unless you cancel
authorization, delete the information, or deregister the
account.
4. We have taken reasonable and feasible safety protection measures that
conform to industry standards to keep and protect the personal
information you provide from unauthorized access, public disclosure,
usage, modification, damage or loss. Information submitted online is
encrypted for transmission for security; the back-end storage system
and the front-end user information collection system are physically
separated by being deployed on different servers; the network
equipment and security equipment at the security boundary are
regularly assessed and audited, vulnerabilities are patched in time,
and weak passwords are eliminated; web site and code-level
vulnerability scans are performed on a regular basis to detect
security vulnerabilities and configuration non-conformances; all O&M
personnel accessing electronic personal information shall pass the
two-factor authenticated bastion host before performing any operation
so that all operations are recorded.
5. We have grouped an information security management team and
formulated a detailed web site security management system and personal
information protection system. Moreover, we have passed relevant
national certification on data security.
6. We will take reasonable and feasible measures to ensure that only
related personal information is collected.
7. Given that the Internet is not absolutely safe, we do not recommend
that you send personal information in e-mail, instant messaging, and
communication with other users, although parts of these ways are
encrypted. Please use a relatively complex password so that we can
guarantee the personal information security of you and your
patients.
8. We have formulated a network security incident report and disposal
management web site, based on which we handle personal information
security incidents by following the four steps of reporting,
responding, post-analyzing, and rectifying. We will also inform you of
the specific situation and remedy measures in accordance with laws and
regulations in a timely manner. Meanwhile, we will also report the
disposal of the incident according to the requirements of the
regulatory authorities. With regard to the patient personal
information you provide, you may need to notify the corresponding
subject after you receive our security incident notification.
IV. How you should manage your personal information
1. Query and modify your personal information and the personal
information you provide: After relevant account registration success,
account information such as user name and password will be generated.
You can log in to your account and query and modify the account
information in "Personal Center" or send us a written request at our
email. If you find a security breach or illegal use of your account,
please send a written request to our email to notify us in a timely
manner and report the case to a relevant department.
2. Delete your personal information and the personal information you
provide, and deregister your account: You have the right to deregister
your account and request that we delete the personal information
collected on this web site. You can delete part of your personal
information by editing your personal account (log in to your account
and edit in "Personal Center"), or send an email to us to submit the
requirements. You understand that we will verify your identity before
deleting your personal information and the personal information you
provide or deregistering your account. Unless otherwise specified by
law, if the user logs out, EA will delete your personal information
and the personal information you provide, and stop providing services
(including but not limited to login and placing orders. The points in
your account will be cleared). Note that when your information has
been deleted from our services or after we receive and agree to your
application for deletion, the corresponding one may not be removed
from the backup system immediately, but will be done when update for
backup.
3. Withdraw agreed authorization: According to this Policy, you can
withdraw web site permissions that you have granted to this web site.
This requires setting of your device and the specific setting method
may vary with the system, brand, and model of your mobile phone.
4. When you cancel authorization, delete personal information, or
deregister your account, we will delete your personal information and
the personal information you provide in accordance with the law, or
anonymize it as permitted by law to keep it in a state where it cannot
be retrieved or accessed. However, we will still store some of your
information in accordance with the law.
5. Please take good care of your account information, and ensure the
security of your account and the actions implemented through the
account. Unless required by relevant laws and with the consent of EA,
your account is for your use only, and you may not borrow, transfer,
gift, inherit or allow others to use your account in any way.
6. We will not be able to respond to your request and reserve the right
to seize your account if your request:
(1) concerns national security and/or national defense;
(2) concerns public security, public health, and/or major public
interests;
(3) concerns criminal investigation, prosecution, trial, and/or execution
of judgments;
(4) proves by sufficient evidence that you have subjective malice or
abuse of rights;
(5) seriously prejudicial to your, other individuals' or organizations'
legitimate rights and interests if your request is responded to;
(6) fails to protect judicial independence and judicial
proceedings;
(7) opposes
the prevention, investigation, detection and prosecution of breaches
of ethics for regulated professions;
(8) concerns a monitoring, inspection or regulatory function connected,
even occasionally, to the exercise of official authority in the cases
referred to in points (1) to (5) and (7);
(9) concerns the protection of the data subject or the rights and
freedoms of others;
(10) concerns the enforcement of civil law claims.
7. If this web site is to be closed, we will stop collecting the
personal information you provide after relevant services stop
operating. We will notify you of the closing in an announcement. The
personal information already held will be deleted or anonymized.
We will generally process the above-mentioned requests within 15
working days.
For your reasonable request, we will not charge you any fees in
principle, but for repeated requests that exceed the reasonable limit,
we will collect a certain cost as the case may be. We may reject
requests that are unreasonably repetitive, require too many technical
means (for example, the need to develop new systems or fundamentally
change existing practices), pose risks to the legitimate rights and
interests of others, or are highly impractical.
V. How we protect the personal information of children
Without the consent of their parents or guardians, children (under
16) are not allowed to create accounts on this web site. If your
patient is a child, it is recommended that you ask his or her parent
or guardian to read this Policy carefully and use our services or
provide us with information with prior consent. We will only use,
share, transfer or disclose the personal information of a child
collected with the consent of his or her parent or guardian for using
our products or services if the laws and regulations permit, the
parent or guardian explicitly agrees, or it is necessary for
protecting the child.
VI. How your personal information is transferred globally
1. In principle, the personal information collected and generated during
our operations will be stored in your country of residence.
2. EA operates globally and may therefore transfer your personal
information to other countries in which we operate, including
countries other than your country of residence. Your personal
information may also be stored on our servers, which may be located
outside your country of residence. However, we will continue to
protect your information in accordance with this Policy and signed
Standard Contractual Clause / Data Process Agreement. By providing us
your personal information, you agree to such transfers, processing
and/or storage anywhere in the world, including the People’s
Republic of China.
VII. How we modify and update this Policy
1. We may modify and update this Policy (referred to as "Changes") from
time to time in accordance with changes in Applicable Requirements, or
for the need to maintain the transaction order or protect consumer
rights. You can check or download the latest version at the bottom of
this web site at any time.
2. If you disagree with any change, you have the right to give us
feedback through the contact information provided by us. If the
feedback is accepted, we will appropriately adjust the changed
items.
3. If you still disagree with the changed items, you should stop using
web site services from the effective date when the changed items go
into effect, and the changed items will have no effect on you. If you
continue to use web site services after the changed items take effect,
it shall be deemed as you have agreed to in the changed items.
VIII. How to contact us
If you have any questions or suggestions about this web site or this
Policy, or you have any complaints, please contact us via
iorthoservices@angelalign.com, and we will deal with it within 15
working days.
Version: A1