Last updated: August 18, 2023
Changzhou Sifary Medical Technology Co.,Ltd., (hereinafter referred to as “we” and “Eighteeth”) (refers Changzhou Sifary Medical Technology Co.,Ltd., and its affiliated companies including but not limited to Changzhou Sifary Medical Technology GmbH, Changzhou Sifary Medical Technology Inc.) acknowledge that the protection of personal information is one of our most significant legal obligations. We respect your right to privacy and value the relationship with customers, business partners and others by complying with all applicable privacy and data protection laws.
In general, this Global Privacy Policy (hereinafter referred to as “Privacy Policy”) applies to all websites and applications operated by or on behalf of Eighteeth entities worldwide. However, different Eighteeth websites, Apps, products and services may have different purposes and functions. If additional or different information are required for a specific Eighteeth website, App, product and service, we will provide those information separately on the relevant website, App, product and service.
This Privacy Policy sets out what personal information we collect, how we collect it, how we use it, your rights in connection with how we process your personal information and other important topics relating to privacy and personal information protection. In addition, you should comply with applicable data protection laws when using our products and services.
Controller
The controller for personal information collected under this Privacy Policy is the relevant Eighteeth entities in the region of data origin.
1. Personal Information Eighteeth Collects
Eighteeth collects the following types of personal information:
(1) Information You Provide
Eighteeth collects the personal information you provide, which may include:
(i) contact information including your name, e-mail address, mobile phone number, company name, job title, country and address;
(ii) questions, requests and orders you may make including your contact information, product related information (such as product model, serial number and purchasing date) and the information generated by using our product and service (such as the 3D data and images of teeth or other scan object);
(iii) log-in information, including the ID you created and its password, social media account information (such as Google account, Facebook account, Twitter account, Wechat account), type of your business.
(iv) information about your preference, such as your preferred methods of communication and products or service types you may be interested in provided by you voluntarily.
(v) patient information, for products and services you are using for digital dental solutions, unless you transfer and share your patient information via the Eighteeth Dental Digital Cloud Platform or other product or service of digital dental solutions, Eighteeth does not access or process patient information. Please note that you should ensure the patient has given his/her consent or other appropriately sufficient legal ground for related personal information processing activity when you use our products and service.
(2) Information Automatically Gathered When You Use Our Products and Service
Eighteeth automatically collects the information generated when you use our products and services, which may include:
(i) device and browser information, such as product model, serial number, browser type, IP address and operating system;
(ii) product use information, such as the frequency, time and duration of using the product;
(iii) scan object information, such as the name and length, width and height of the scan object for our products. Please note that you should ensure the object is allowed to be scanned when you use our 3D scanner and related service.
(3) Information from Business Partners
Eighteeth collects personal information through our business partners (mainly distributors). The information collected may include contact information such as name, e-mail address, mobile phone number, company name, job title, country and address.
Eighteeth may combine the information we collect from our business partners with the information we collect directly from you or your device as described above.
You have the right to choose whether to provide the personal information to Eighteeth and the scope of personal information to be provided. You may choose not to provide necessary information, but if you do so, we may not be able to use the basic functions of our products and services.
2. How Eighteeth Uses Your Personal Information and Purposes.
Eighteeth may use your personal information for the following purposes:
(1) Provide products and services
● Fulfilling our obligations towards you as a customer, such as fulfilling the transactions of products and/or services and providing service and support
● Enabling functions of Eighteeth products and/or service towards you as an user
● Enabling general customer care and customer service, such as responding to questions and registering user information
● Responding complaints and requests for technical support
● Enabling you participate in our activities or enjoy the preferential price of our products and services.
(2) Communicate with you or your company.
● Enabling communication with you via post, e-mail, telephone, SMS/MMS or other instant messaging
● Marketing ourselves and our products via e-mail, SMS/MMS, post and telephone
● Providing you with relevant information and customized offers in paper documents or via the internet
● Responding to complaints and requests in connection with our processing of your personal information
(3) Improve Eighteeth websites, Apps, products and service
● Enabling deep learning of the 3D scanner and relevant hardware, software and service
● Customizing and configuring the products and service to your preference and making them easier to use and more compatible with your business
● Improving our products and services, developing new Eighteeth websites, Apps, products and service
(4) Others
● Establishing, exercising, or defending legal claims
● Complying with laws, regulations, court orders, or other legal process
● Detecting, preventing, and responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law
● Protecting your or others’ health, safety, welfare, rights or property or Eighteeth’s rights or property.
We may use your personal information for purposes other than the ones listed above. Should this be the case, we will inform you of the purpose in accordance with applicable laws and regulations.
3. How Eighteeth Uses Cookies and Similar Technologies
(1) Cookies
To ensure that the website can work properly, we store small temporary data files called cookies on your computer or mobile device. Cookies typically contain identifiers, site names, and some numbers and characters. Cookies enable websites to store data such as your preferences.
We will not use cookies for any purpose other than those described in this policy. You can manage or delete cookies according to your preference by changing your browser settings. You can clear all cookies saved on your computer, and most web browsers can block cookies. However, if you do so, you will need to change the user settings yourself each time you visit our website. To learn more about changing your browser settings, you can visit the settings page for the browser you are using.
(2) Web Beacons and Pixel Tags
Besides cookies, we use other similar technologies such as web beacons and pixel tags on our website. For example, an email we send to you may contain a click URL to the content of our website. If you click on this link, we will track this click to help us understand your product or service preferences and improve customer service. A Web beacon is usually a transparent image embedded in a web site or e-mail message. With the help of pixel tags in e-mail messages, we can tell if the e-mail message is open. If you do not want your activity to be tracked in this way, you can unsubscribe from our mailing list at any time.
(3) Do Not Track
Many web browsers have the function of Do Not Track that can publish Do Not Track requests to websites. If your browser is enabled with Do Not Track, all of our websites will respect your choice.
4. How Eighteeth May Share Your Personal Information
Eighteeth will not share or disclose your personal information except as described here:
(1) Sharing with other Eighteeth affiliates
We may share your personal information with other Eighteeth affiliates which maybe in different countries/territories. Eighteeth affiliates will only use your personal information complying with this Privacy Policy and applicable privacy and data protection laws.
(2) Sharing with third-party service providers
Eighteeth may engage different third-party service providers to support our products and service, including customer service, logistics service, technical support etc.. Eighteeth requires these third-party service providers to use the shared personal information only within the scope of performing service on our behalf and complying with applicable privacy and data protection laws.
Appropriate safeguards to ensure the integrity and security of your Personal Data when engaging such service providers will be implemented.
(3) Sharing with business partners
Eighteeth may share your personal information with our business partners who cooperate with us to provide products and service to you, such as dealers or distributors. Eighteeth requires these business partners to use your personal information complying with this Privacy Policy and applicable privacy and data protection laws.
(4) Others
Eighteeth may share your personal information with third parties when it is necessary to: (i) comply with laws, regulations, court orders, or other legal process; (ii) detect, prevent, and respond to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law; or (iii) protect your or others’ health, safety, welfare, rights or property or Eighteeth’s rights or property.
We may need to share your personal information with more recipients than the ones listed above. Should this be the case, we will inform you of the change in accordance with applicable laws and regulations.
5. How Eighteeth Secures Your Personal Information
We have taken industry-compliant security measures to protect the personal information you provide from unauthorized access, public disclosure, use, modification, damage or loss of data. We will take all reasonable measures to protect your personal information. For example, we provide secure ways of accessing to the site, we use encryption to ensure the confidentiality of data, we use trusted protection scares against malicious attacks on data, we deploy access controls to ensure that only authorized personnel have access to personal information, and we conduct security and privacy training courses to enhance employee awareness of the importance of protecting personal information.
We have a management system to correct and prevent personal information security risks as well as the appropriate technical and organizational measures to address such risks. In the event of an unfortunate personal information security incident, we will promptly inform you of the basic circumstances and possible impact of the security incident, the measures we have taken or will take, the advice you may take to prevent and reduce risk, your remedial measures, etc. according to the requirements with applicable privacy and data protection laws. We will promptly inform you of the incident-related situation by mail, letter, telephone, push notification, etc.. When it is difficult to inform personal information subject one by one, we will take a reasonable and effective way to issue an announcement. At the same time, we will also be in accordance with the requirements of the regulatory authorities to report the handling of personal information security incidents.
6. Retention of Your Personal Information
In general, Eighteeth will keep your information as long as it is needed to achieve our purposes listed above, as well as for the time necessary to meet any legal, tax, or reporting requirements. How long we will keep your personal information will vary depending on the specific purpose we collect and use your personal information.
We do not keep your personal information for longer than necessary unless we cannot delete it for legal or technical reasons.
7. Global Transfer of Your Personal Information
In order to provide you with the products and service and to facilitate our global operations, your personal information might be transferred to third countries/territories and/or a third party outside the country/territory where you reside for processing. The privacy and data protection laws of these countries/territories may be different from that of your country/territory.
To fully protect your personal information, we will only transfer your personal information to countries/territories with adequate safeguards in place and in full compliance with applicable laws and for the purposes in this Privacy Policy.
8. Children
Eighteeth websites, Apps, products and service are not intended for children under the age of 13 or the relevant minimum age under applicable local legal requirements.
We do not knowingly collect personal information from children, unless the information is collected under the consent of a parent or guardian or is legally collected by our clinic user and shared as a patient case via the Eighteeth Dental Digital Cloud Platform.
If we discover that we have accidentally collected personal information from a child, we will remove that child’s personal information from our records as soon as reasonably possible.
9. Right in Relation to Your Personal Information
You have certain rights towards your personal information pursuant to applicable privacy and data protection laws. In general, the rights you have include but not limited to:
(1) Right to access and correct personal information
You have the right to review, correct and update the personal information we collect from you. Once you exercise the right to access or correct and we have confirmed your verification, we will disclose to you the scope and categories of personal information we collected about you, the specific purpose for collecting your personal information, the sharing and disclosure of your personal information and relevant information you request or correct the information you request.
(2) Right to delete personal information
You have the right to request that Eighteeth delete your personal information we collect, subject to certain exceptions. Once you exercise the right to deletion and we have confirmed your verification, we will delete or direct our service providers to delete your personal information from our records. Please note that we may deny your request if retaining the information is necessary for us to provide products and service you requested, perform the contract with you, detect, prevent, and respond to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law or fulfill other legal obligations.
(3) Other rights
You have other rights towards your personal information besides the above-mentioned rights according to the applicable privacy and data protection laws.
You can exercise your rights using the tools that we make available via our websites, Apps, products and service or emailing us or sending us a letter to the address below and we will treat your requests in accordance with applicable privacy and data protection laws.
E-mail: dpo@sifary.com
Address: [No.99 Qingyang Road, Xuejia Town,Xinbei District, Changzhou City, Jiangsu Province, China ]
10. Additional Information for GDPR
If you are a resident in EU/EEA, the following should apply in addition to the above contents.
(1) Controller
If you are a user, such as a clinic, you are considered data controller when you collect and handle personal information (i.e. patient personal information), no matter if such information is on paper or in digital form within Eighteeth’s products and service.
If you are a user, such as a lab, you are considered data processor when you are storing and processing patient cases containing personal information on behalf of clinics in order to fulfill and deliver the orders placed by the clinics.
(2) Legal basis for processing your personal data
The legal basis for Eighteeth’s processing of your personal data will depend on the specific purposes of the processing. For most personal data processing activities covered in this Privacy Policy, the legal basis are that the processing is necessary for the performance of a contract with you, the processing is necessary for the legitimate interest of Eighteeth, the processing is necessary for comply with legal obligations or your consent.
● Processing on the legal basis of performance of the contract
Examples of processing activities for which it is necessary for performance of a contract are mainly providing products and services may include: (i) fulfilling our obligations towards you as a customer, such as carrying through purchases and the provision of service and support; (ii) enabling functions of Eighteeth products and service towards you as a user; (iii)enabling general customer care and customer service; or (iv) responding to your complaints and requests.
● Processing on the legal basis of legitimate interests
The legitimate interests we rely on to process your personal data may include: (i) communicating with current or potential customers; (ii) enabling deep learning of the 3D scanner and relevant hardware, software and service; or (iii) improving our products and services, developing new Eighteeth websites, Apps, products and service.
● Processing on the legal basis of legal obligations
Examples of processing activities in which we must process your personal data to fulfill our legal obligations may include: (i) establishing, exercising, or defending legal claims; (ii) complying with court orders or other legal process; or (iii) detecting, preventing, and responding to fraud, intellectual property infringement, violation of our contracts or agreements, violations of law.
● Processing on the legal basis of your consent
Examples of processing activities for which we use your consent as the legal basis may include: (i) marketing ourselves and our products and providing you with relevant information and customized offers in newsletters and on the internet; or (ii) customizing our products and service to your preference.
(3) Cross-border transfer of your personal data
Eighteeth has several servers around the world so that Eighteeth entities may transfer data between them and the service providers to ensure the most efficient data processing. Third-party countries/territories to which we may transfer your personal data include United Kingdom, Singapore, China (the mainland)and the United States. Certain countries in which recipients and data processors may be located and to which Personal Data may be transferred may however not have the same level of protection of Personal Data as the one afforded in the EEA. For Personal Data transferred to countries outside of the EEA in such cases, we have established standard contractual clauses with our service providers to ensure they protect your information and to enforce legal transfers of data internationally. Moreover, Eighteeth will always comply with applicable laws and seek to retain data in its region of origin or ensure adequate and appropriate technical and legal safeguards for international data transfers.
For the Eighteeth Dental Digital Cloud Platform, which has 4 servers worldwide each located in a geographically separate regions: one in United Kingdom, serving the EMEA region; one in the United States, serving the Americas; one in Singapore, serving Oceania and Asia except China (the mainland) and some other countries/regions in EMEA; and one in China, serving China (the mainland).
Eighteeth Dental Digital Cloud Platform requires customer accounts are not available to the general public. The data transmitted to and from the Eighteeth Dental Digital Cloud Platform is encrypted using TLS1.2 and AES256 to ensure any data intercepted during transit will be unreadable. This transfer protocol also contains a built-in integrity check to ensure data is not improperly modified during transmission.
(4) Your rights toward your personal data
According to General Data Protection Regulation and applicable laws in EU, you have the following rights towards your personal data:
● Right to access. You can request details of your personal data that we hold. We will confirm your verification and disclose supplementary information including the categories of data, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, and the safeguards regarding data transfers to non-EU/EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your personal data, but we may charge you a fee to cover our administrative costs if you request further copies of the same information.
● Right to rectification. We will conform with your verification and comply with your request to correct incomplete or inaccurate parts of your personal data.
● Right to erasure. At your request, we will delete your personal data promptly if: (i) it is no longer necessary to retain your personal data; (ii) you withdraw the consent which formed the basis of your personal data processing; (iii) you object to the processing of your personal data and there are no overriding legitimate grounds for such processing; (iv) you object to the processing of your personal data and there are no overriding legitimate grounds for such processing; (v) your personal data was processed illegally; or (vi) your personal data must be deleted for us to comply with our legal obligations. We will decline your request for erasure if processing of your personal data is necessary: (i) to comply with our legal obligations; (ii) in pursuit of a legal action; (iii) to detect and monitor fraud; or (iv) for the performance of a task in the public interest.
● Right to data portability. At your request, we will provide you free of charge with your personal data in a structured, commonly used and machine readable format, if: (i) the processing of your personal data is based on your consent or required for the performance of a contract; or (ii) the processing is carried out by automated means.
● Right to object processing. Where we process your personal data based upon our legitimate interest (or that of a third party), you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims.
● Right to restrict processing. At your request, we will limit the processing of your personal data if: (i) you dispute the accuracy of your personal data; (ii) your personal data was processed unlawfully and you request a limitation on processing, rather than the deletion of your personal data; (iii) we no longer need to process your personal data, but you require your personal data in connection with a legal claim; or (iv) you object to the processing pending verification as to whether an overriding legitimate ground for such processing exists. We may continue to store your personal data to the extent required to ensure that your request to limit the processing is respected in the future.
● Right not to be subject to decisions based solely on automated processing. You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your personal data, unless you have given us your explicit consent or where they are necessary for a contract with us.
● Right to withdraw consent. You have the right to withdraw any consent you may have previously given us at any time.
● Right to complain to a supervisory authority. If you are not satisfied with our response, you have the right to complain to or seek advice from a supervisory authority and/or bring a claim against us in the court where the defendant is located.
11. Updates
This Privacy Policy may be updated to reflect changes of laws and regulations or our processing of your personal data. In the event there is material change to this Privacy Policy we will inform you via e-mail or notice on our website, platform and setting of software.
12. Contact us
If you have any questions or opinions regarding this Privacy Policy, or if you have a request regarding information you provided us, you may either email us or send us a letter to the address below:
E-mail: dpo@sifary.com
Address: [No.99 Qingyang Road, Xuejia Town,Xinbei District, Changzhou City, Jiangsu Province, China]