Personal information refers to kinds of information which is recorded electronically or otherwise and can identify a person or reflect a person’s activities either independently or when combined with other information.

Align only collects and uses your personal information for the following purposes set out in this Policy:

1.    Providing you with online self-services
   
   
   1.    Business Function 1: Start free assessment
   
   

   To complete the free assessment, you need to provide the following information: the problem you want to fix through orthodontic treatment, your identification (teenagers, adults or parents looking for solutions for their children), your biggest concern about the treatment process, your name, email address, mobile phone number, and postal code.

   You also need to provide the following information during the treatment: your age and gender.

   In the process of registration, if you provide the following additional information, it will be helpful for us to provide better services and improve your experience: occupation, company, educational background. But if you don’t provide such information, it won’t affect the basic functions of the services.

   The above information you provide will be authorized for our use during your use of the services.

   
   
   2.    Business Function 2: Product and services presentation, and search of Invisalign providers
   
   

   When you visit or use our websites, we and our third-party service provider may automatically collect your location information and log information. The log information may include:

   1.    The information in server log, such as Internet Protocol (IP) address, information about Internet Service Provider, clickstream data, browser type and language, the webpages browsed and logged out, date or time stamp, your login information, browser type and version, time zone settings, browser plug-in type and version, operating system and platform.
   
   
   2.    The information related to your visits: including a complete Uniform Resource Locator (URL) clickstream (including date and time) directing to, passing through, and coming from our websites, information you browse or search for; page response time, download errors, length of time of visiting certain pages, page interaction information (such as scrolling, clicking, and mouse-over), and methods for browsing the page.
   
   
   3.    Information about the computer you use to download any content from our websites to your computer or device, including unique device identifiers, usage information (such as page requests and the average time of browsing our site), operating system, browser type, and mobile network information, etc. Such information is used for system management and reporting the aggregated information to our advertisers.
   
   
2.    Conducting internal audit, data analysis and research, improving our products or services


3.    Products and services promotion


4.    Other usages



Personal sensitive information ¹ refers to personal information whose disclosure, illegal provision or misuse may do harm to human and property’s safety and will tend to cause damages to personal reputation, physical and mental health, or result in discriminatory treatment.

To complete the treatment process, you need to provide: health information about your teeth (including but not limited to photos of your teeth and face)

Align will collect and use your personal sensitive information solely for the following purposes described in this Policy.

1.    Conducting X-ray examination and taking impression


2.    Customizing the treatment plan


3.    Other purposes



We’ll obtain your prior consent when we use information for other purposes not set out in this Policy.

We’ll obtain your prior consent when we use information collected for specific purposes for any other purposes.

Cookies are small-sized text files. By reading the information included in them, we can distinguish you from other users, facilitate your visit, collect statistical data, and support personalized online experience.

When you visit our websites, we may assign your company one Cookie or some cookies. By visiting our websites, you agree that we place cookies on your computer or device.

Our websites currently are using cookies for the following purposes including without limitation testing the multimedia features of your web browser, tracking the promotional advertising we display to you, storing current login and purchasing information in the secure part of the websites, providing a unique identifier for your computer or device so that we can generate statistical data regarding use of websites.

Most browsers automatically accept cookies, but you can refuse cookies by modifying your browser settings. For more information about cookies and changing browser settings to refuse cookies, please visit the “Help” menu in your browser. If you refuse cookies from our sites, you may not able to use all the functions of the sites which may result in restrictions or improper functioning of certain features provided by our sites.

Our websites may allow third parties to download cookies into your device. When you visit our websites, third parties such as analytic companies and business partners may use cookies and other techniques to collect non-personal data about your online activities. The above information may be used to assess use of our websites, and personalize the content of our websites’ advertising. We can’t access or control cookies or other features that may be used by such third parties. And this Privacy Policy does not cover the use of cookies or information protection measures by such third parties.

Web beacon and pixel tag
In addition to cookies, we will also use some other similar techniques such as web beacon and pixel tag on our websites. For example, the email we send to you may include a click URL that links to the content of our websites. If you click on this link, we’ll track this click to help us to understand your products or services preferences and improve customer service. Web beacons are clear images that is embedded in the websites or emails. By virtue of pixel tag in emails, we can tell whether the email has been opened or not. If you don’t want your activities to be tracked in this way, you can unsubscribe from our mailing list at any time.

Do Not Track
Most web browsers have a Do Not Track feature that can issue Do Not Track requests to websites. Currently, major Internet standard organizations have not yet set up policies to specify how websites should respond to such requests. However, your browser has Do-Not Track features enabled, all of our websites will respect your choice.

1.    Sharing



We will not share your personal information with any companies other than Align, any organizations or any individuals, with the following exceptions:

1.    Information sharing when explicit consent is obtained: After we obtain your explicit consent, we’ll share your personal information with other parties.


2.    We may share your personal information with other parties in accordance with laws and regulations or mandatory requirements by government authorities.


3.    Sharing with our affiliates: your personal information may be shared with Align’s affiliates. We will only share necessary personal information and be subject to purposes stated in this Policy. If affiliates want to change the purpose for which personal information is processed, they will obtain your consent again.


4.    Sharing with authorized partners: Some services will be provided by authorized partners solely to fulfill purposes stated in this Policy. We may share some of your personal information with partners in order to provide better customer service and user experience. We will share your personal information solely for legal, justified, necessary, specific, clear purposes and will share personal information required for providing the services. Our partners have no right to share your personal information for any other purposes.



At present, our authorized partners include the following types:



1.    Authorized partners for advertising and analytic services. Unless we get your consent, we will not share your personally identifiable information (information that can identify you, such as name or email with which we’ll contact you or identify you) with partners providing advertising and analytic services. We will provide these partners with information about coverage and effectiveness of their advertising, and will not provide your personally identifiable information or we will aggregate such information in order that they will not be personally identifiable. For example, only when advertisers agree to comply with our advertising guidelines, we will let them know the effects of their advertisements or how many people saw their advertisements or installed the application after seeing the advertisements, or providing these partners with demographic information that is not personally identifiable (for example, 25-year-old male in Beijing likes software development) to help them understand their audience or customers.


2.    Suppliers, service providers and other partners. We will send information to suppliers, service providers and other partners that support our business globally. Such support includes providing technical infrastructure services, analyzing how we use our services, assessing the effectiveness of advertising and services, providing customer services, payment facilities and conducting academic research and surveys.



For companies, organizations, individuals with whom we share personal information, we will sign strict NDA with them and require them to process personal information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures.



2.    Transfer



We will not transfer your personal information to any companies other than Align, any organizations or any individuals with the following exceptions：

1.    Transfer after express consent is obtained: after your express consent is obtained, we will transfer your personal information to other parties.


2.    When personal information transfer is involved in the process of merger, acquisition or bankruptcy liquidation, we will require the new company or organization holding your personal information to continue to be subject to this Privacy Policy. Otherwise, we will require this company or organization to obtain your consent again.


3.    Public Disclosure



We will publicly disclose your personal information only under the following circumstances:

1.    After your explicit consent is obtained


2.    Disclosure based on laws: we may publicly disclose your personal information when required by laws, legal procedures, proceedings or mandatory requirements of government authorities.

1.    We have taken security protection measures which comply with the industry standards to protect your personal information, and to prevent data from unauthorized access, public disclosure, use, modification, damage or loss. We will take all reasonable and feasible measures to protect your personal information. For example, when you exchange data (such as credit card information) between your browser and “services”, it will be protected SSL encryption; we’ll also provide https secure browsing for Align’s websites; we’ll use encryption techniques to ensure confidentiality of data; we will use trusted protection mechanisms to prevent data from malicious attacks; we’ll deploy access control mechanisms to ensure only authorized staff have access to personal information; and we will organize training courses on security and privacy to strengthen employees’ awareness about importance of personal information protection.


2.    We’ll take all reasonable and feasible measures to ensure that no irrelevant personal information is collected. We will only retain your personal information for the period required to fulfill the purposes described in this Policy unless the retention period needs to be extended or it is permitted by laws.


3.    Internet is not an absolutely secured environment and email, instant messaging, and other ways of communication with other Align users are not encrypted. We strongly recommend that you don’t send personal information by these methods. Please use a complex password to help us secure your account.


4.    After personal information security incidents happen unfortunately, we’ll inform you the following in a timely fashion in accordance with requirements of laws and regulations: the basic situation and the potential influence of the incident, the measures we’ve taken or will take, the suggestion for your self-protection and risk reduction, remedies, etc. We will promptly notify you of the incident by email, letter, telephone, push notification, etc. When it is difficult to notify owners of personal information one by one, we’ll issue a notice in a reasonable and effective manner. In the meantime, we’ll report on the handling of personal information security incidents according to the requirements of laws and regulations.

In accordance with China’s relevant laws, regulations and standards, and common practice in other countries, regions, we guarantee that you exercise the following rights in your personal information:

1.    Access to your personal information



You have the right to access your personal information, with those exceptions in laws and regulations. If you want to exercise data access rights, you can request access by sending a written request to the following Align’s email address: privacy@aligntech.com

2.    Correction of your personal information



When you find your personal information we process is incorrect, you have the right to require us to correct it. You can request correction by sending a written request to the following Align’s email address: privacy@aligntech.com

3.    Deletion of your personal information



You can request deletion of personal information under the following circumstances:

1.    If our processing of your personal information violates laws and regulations


2.    If we collect, use your personal information without obtaining your consent.


3.    If our processing of your personal information violates any agreement with you


4.    If you no longer use our products or services or close your account


5.    If we no long provide products or services for you

When you delete information from our services, we may not immediately delete it accordingly from the back-up system, but will delete such information when updating the back-up.

4.    Changing the scope of your consent



Each business function requires some basic personal information to be completed (see part one of this Policy). For collecting and using personal information additionally collected, you may give or withdraw your consent at any time.

When you withdraw your consent, we’ll no longer process the corresponding personal information. However, your decision to withdraw your consent will not affect the processing of personal information which is conducted based on your previous consent. If you don’t want to accept the commercial advertisements we send to you, you can cancel at any time by sending an email to privacy@aligntech.com

5.    Responding to your request above



To ensure security, you may need to provide a written request or otherwise to prove your identity. We may require you to verify your identity before processing your request.

We’ll respond within 30 days.

For your reasonable request, we don’t charge fees in principle. However, we will charge a certain amount of costs for requests that are repeated many times and exceed reasonable limits. For those requests that are duplicative, require excessive technical means (for example, which need to develop new systems or fundamentally change current practices), pose risks to the legitimate rights of others, or are very impractical (for example, involving backup of information stored on tapes), we may reject them.

We will not be able to respond to your request, under the circumstances according to laws and regulations.

1.    Directly related to national security and national defense security;


2.    Directly related to public safety, public health, major public interests


3.    Directly related to criminal investigation, prosecution, trial and execution of judgments, etc.


4.    There is sufficient evidence that you have a malicious will or abuse your rights.


5.    Responding to your request will result in significant damages to legitimate rights and interests of you, other individuals, and organizations.


6.    Trade secrets involved.

Our products, websites and services are aimed at adults and teenagers. We will not collect children’s information without parents or guardians’ consent.

We’ll only use or publicly disclose children’s personal information collected under parents or guardians’ consent if permitted by law, explicit consent of parents or guardians are obtained and it is necessary for protecting children.

Although the definition of children varies according to local laws and custom, we’ll not treat anyone under 14 years old as children.

If we find that we collect children’s personal information without prior consent of verifiable parents or guardians, we’ll try to delete such data as soon as possible.

In principle, personal information collected and generated within People’s Republic of China will be stored within the territory of People’s Republic of China.

Since we operate globally, upon meeting requirements of Chinese laws and regulations, your personal information may also be stored on our servers which may be located outside the jurisdiction of your place of residence.

According to this Policy, you agree the personal information above may be transferred to any countries or regions where our subsidiaries and affiliates operate and be processed by us and/or affiliates.

This Privacy Policy and the collecting of information based on this Privacy Policy are governed and interpreted by laws of People’s Republic of China. No matter where we transfer, store or process your personal information, we’ll take reasonable steps to protect privacy of your personal information.

Our privacy policy may change.

Without your explicit consent, we’ll not reduce your rights based on this Privacy Policy. We will post any changes of this Policy on this webpage.

For significant changes, we’ll also provide explicit notice explaining the specific changes to this Privacy Policy.

The significant changes in this Policy includes without limitation:

1.    There have been major changes in our service mode. For example, the purpose of processing personal information, the type of personal information to be processed, the use of personal information, etc.


2.    We have undergone major changes in ownership structure, organizational structure, changes in owners caused by business adjustments, bankruptcy, M&A, etc.


3.    The main objects of personal information sharing, transfer or disclosure happen


4.    Your rights about personal information processing and the exercising way changes significantly


5.    There are changes in the department responsible for personal information security, contact, compliant channels;


6.    Personal information security effect assessment report indicates high risks.

We’ll file the old version of this Policy for your reference

If you have any questions, opinions or suggestions, you can contact us at the following email address: privacy@aligntech.com

We have set up a department specialized for personal information protection or (a personal information protection specialist), you can contact them at the above email address.

Generally, we’ll give responses within 30 days.