ArchForm Privacy Policy

Updated February 19, 2019

Your privacy is important to ArchForm Inc. (together with our affiliates and subsidiaries, “ArchForm”, “we”, “us”, “our” and terms of similar meaning). This Privacy Policy sets out how we handle Personal Data that we process when you visit our webpage (the “Site”), request information, register on the Site, use any of the other interactive portions of the Site, or use our products and services (together “data subjects”). We encourage you to read this Privacy Policy and to familiarize yourself with our privacy practices before submitting Personal Data.

Questions about This Privacy Policy

If you have any questions or comments about this Privacy Policy, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us at:
Email: info@archform.co with “Attn: Data protection officer” in the subject header (the “Data Protection Contact”)Web: www.archform.co

Types of Personal Data We Process

We collect Personal Data of customers, patients of our customers (including their former, potential and current patients), and Site visitors when and if you register an account through the Site. Such information may include your name, address, telephone number, email address, date of birth or age, gender, income information, credit card and other financial information related to payments for services, dental records, physician information, photographs and other information you choose to provide of you and your patients. In addition, when visiting the Site we may collect sensitive data about patients of our customers such as health information regarding their teeth, including images of their teeth.
On occasions you may choose to provide us with Personal Data about other people so that, for example, we can provide our services to your patients. You must only share their Personal Data with us if you have obtained their consent and permission to do so.
In the European Union (EU), “personal data” is defined very broadly and includes any information relating to a natural person, who can be identified, directly or indirectly, from data that we hold about them or from data that is combined with other information. It may include data relating to our employees, customers, patients, shareholders, contractors or the staff of our suppliers, visitors to our buildings or Site users.

Purposes for Which We Process Personal Data

ArchForm needs to process a certain amount of Personal Data about you and the individuals whose information you provide for a variety of business purposes, including:
Managing our business relationship with you, for example: (i) allowing you to use, purchase, and/or download products and services; (ii) manage and maintain your account with us; and (iii) respond to your questions and comments and provide customer support.Maintenance and statistics, for example: (i) help diagnose problems with our server; (ii) administer the Site, and compile broad statistical data, including through the use of machine learning; and (iii) update and maintain the Site.Compliance, legal, regulatory and ethical purposes, for example (i) enforce our Terms of Use or other legal rights; (ii) comply with applicable laws, regulations and requests from governmental agencies; and (iii) and comply with industry standards and our policies.Research and product development, for example we may use information about your experience of using our products to help us improve our products.
We do not share, trade, or sell information about you or which you provide with other marketers without providing you notice or obtaining consent to do so. We may share your information and information you provide with affiliates, as well as with vendors we've hired to assist in providing products and services. As of the date this policy went into effect, we use Meteor’s Galaxy and Amazon’s AWS service to store some information. You can read more about Galaxy here and AWS security and compliance here.

Legal Ground for Processing the Personal Data

EU Data protection law requires us to have a legal basis before processing any Personal Data about you or which you provide. The legal basis for us processing your Personal Data and the Personal Data you provide for the above purposes may include any of the following: (i) you have provided your consent or obtained the necessary consent; (ii) it is necessary to for the performance of a contract with you; (iii) the processing is necessary for our compliance with a legal obligation; or (iv) the processing is in our legitimate interests of operating and promoting our business.
To the extent provided by applicable law, you or any individual who you have provided Personal Data for may withdraw any consent previously provided to us, or object at any time on legitimate grounds, to the processing of the applicable Personal Data. In some circumstances, withdrawing consent to ArchForm’s use or disclosure of the Personal Data will mean that you cannot take advantage of certain ArchForm products or services.

Disclosure of Information Relating to Data Subjects

We intend to keep your Personal Data and the Personal Data you provide confidential, in compliance with our legal obligations. We do not sell, rent, trade or otherwise disclose this information to third parties, other than as described in this Privacy Policy, for the purposes described above, or as we disclose to you at the time the data is collected. We may disclose your Personal Data or the Personal Data you provide in accordance with, and where permitted by, applicable law:
in order for us to comply with our legal obligations, e.g. where we are required to disclose certain information to tax authorities;
to protect the security or integrity of our business, including our databases and systems;
to any of our affiliates or outsourced service providers, vendors, suppliers or distributors to facilitate the provision of contracted services or products or to provide expanded services to our customers and Site visitors;
for the purposes of a joint venture, collaboration, financing, sale, merger, reorganization, change of legal form, dissolution or similar event; and
to any other third party where you have provided your consent or obtained the necessary consent.

Security Measures Used to Protect the Personal Data

ArchForm will take appropriate physical, technical and organizational security measures designed to safeguard and secure any information you provide to us. No method of electronic transmission or storage is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on the Site, you can contact us using the contact details at the beginning of this Privacy Policy.

Consent to Processing Outside Home Country; International Transfer of Personal Data

By providing Personal Data to ArchForm, whether your Personal Data or the Personal Data of other individuals, you understand and consent to the collection, use, disclosure and retention of information in the United States and other countries and territories, for the purposes set forth in this Privacy Policy. You hereby consent to the collection, use, disclosure and retention by ArchForm of your Personal Data as described under this Privacy Policy, including but not limited to the transfer of your personal data between ArchForm’s third party business partners, affiliates and subsidiaries in accordance with this Privacy Policy. To the extent that you are providing the Personal Data of other individuals, you agree that you have obtained the requisite consent required in your jurisdiction from such individuals sufficient to satisfy your obligations required by this Privacy Policy. For further certainty, any consent relating to a right to transfer information referred to in this paragraph shall be deemed to include consent to the transfer of the applicable Personal Data to a jurisdiction which may provide a different level of privacy protection than that available in your own country. In these circumstances we will, as required by applicable law, ensure that privacy rights are adequately protected by organizational, technical, contractual and/or other lawful means. You or the individuals whose information you provide may be entitled under applicable law to receive a copy of the safeguards which we have put in place to protect your Personal Data, the Personal Data you provide, and privacy rights; please get in touch with the Data Protection Contact for further information on how to exercise this right.

Retention of Personal Data

Your Personal Data and the Personal Data you provide will be retained for the duration of our business relationship and for a period of time thereafter as required by applicable local law or where we have a legitimate and lawful purpose.

Data Subject Rights

Data protection laws often provide individuals with numerous rights, including the right to: access, rectify, erase, restrict and object to the processing of, their Personal Data. Individuals may also have the right to lodge a complaint with the local data protection authority if they believe that their Personal Data is not being processed in accordance with applicable data protection law. If you or others whose information you provide would like to exercise any of these rights, please contact ArchForm at info@archform.co. To assist us in responding to such requests in a timely fashion, please include the phrase “Privacy Rights Request” in the title of the message.
Data subjects may, where permitted by applicable law, request copies of their Personal Data. This is known as a subject access request or “SAR”.
If a data subject would like to make a SAR, i.e., a request for copies of the Personal Data we hold about them, a data subject may do so by writing to the Data Protection Contact whose details are provided above. The request should make clear that a SAR is being made. We may ask the data subject to provide evidence of their identity if it is not clear.
Responding to a SAR can be a time consuming exercise. ArchForm may be able to get the information that the data subject requires more quickly if they are as specific as possible in their request (e.g., “I would like a copy of my Personal data contained in my website member account file”) or if the data subject would like a copy of a particular document it would be helpful if the document is described carefully, including the title, creation date, author and likely place of storage. This will help us to respond to the SAR as quickly as possible. The data subject may be asked for further details to assist us if insufficient information is provided.

Links to Other Websites

Our Site may contain links to other websites. ArchForm is not responsible for the privacy practices or the content of unaffiliated third-party websites. To help ensure the protection of your privacy, we recommend that you review the privacy policy of any website you visit via a link from the Site.

Updates to Our Privacy Policy

We may at any time in our sole discretion revise or update this Privacy Policy. We will indicate at the top of the Privacy Policy when it was most recently updated. All changes are effective immediately when they are posted and apply to all access to and use of the Site thereafter.

Cookies/Tracking Statement

In order to collect certain data described in this Privacy Policy, we may use cookie technology on the Site.
A cookie is a small piece of information which is sent to your browser and stored on your computer's hard drive, mobile phone or other device. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. However, some of the services and features offered through the Site may not function properly if your cookies are disabled.
The following are examples of cookies that may be used on the Site:
Strictly necessary cookies. These cookies are essential in order to enable you to move around the Site and use its features, such as allowing us to keep track of the images you upload and download. Without these cookies, services you have asked for cannot be provided.
Performance/analytic cookies. These cookies collect data about how visitors use the Site, including the country from which he visitor is accessing from. They allow us to recognize and count the number of visitors and to see how visitors move around the site when they are using it. All data these cookies collect is aggregated and do not seek to personally identify you. We may use Unity Analytics for these purposes. To learn more about the privacy policy of Unity Analytics, click here.
Functionality cookies. These are used to recognize you when you return to the Site. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
If necessary to comply with applicable law, we will ask for your consent to place cookies on your device. Once your consent has been provided, this message will not appear again when you revisit. If you, or another user of your computer, wish to withdraw your consent at any time, you can do so by altering your browser settings.
When you visit the Site, we may allow some third parties (such as data analytics companies) to collect information about your online activities over time and across different websites. Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. However, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, the Site currently does not alter their practices when they receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” visit http://www.allaboutdnt.com.

Children’s Privacy

This Site is intended for use only by persons 18 years of age or older. By using the Site you represent that you are at least 18 years of age. In addition, we do not knowingly solicit or collect Personal Data online from children under the age of 13 without parental or guardian consent. Please using the contact details at the beginning of this Privacy Policy if you believe we may have collected such information without parental or guardian consent.

California

California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. Under the law, a business must either provide this information or permit California residents to opt in to, or opt out of, this type of sharing. If you or any individual whose information you provide are a California resident and would like information identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and the contact information for such affiliates and/or third parties, please submit a written request using the contact details at the beginning of this Privacy Policy.