International (EN)Angelalign Technology Privacy Notice
Last Updated: 21 October 2025
Effective Date: 21 October 2025
1. Overview
Angelalign Technology Inc., and its global subsidiaries (“Angelalign,” “we,” “us”) care about your privacy. This notice explains what personal data we collect, how we use it, and your rights. You can contact our privacy team at privacyservices@angelaligner.com
2. Who This Notice Applies To
This notice applies to:
- Patients receiving dental treatment using Angelalign products or platforms
- Dental professionals and clinics/practices using Angelalign products or services
- Website visitors interacting with our site
- Partners, distributors, or research collaborators
- Job applicants (see our Candidate Notice)
3. How Angelalign Handles Your Personal Information
Angelalign can handle your information in two main ways, depending on how you interact with us:
When We are in Charge (Data Controller)
Sometimes we decide how and why your personal information is used — for example, when you:
- Create an account on our iOrtho platform
- Contact us for customer support
- Make a payment or receive a product directly from us
- Take part in marketing, training, or research with your consent
In these cases, we are responsible for:
- Keeping your information safe
- Telling you clearly how it is used
- Making sure you can access, correct, or delete it if you wish
When We Work for Your Clinic/Practice (Data Processor)
Sometimes your dentist or orthodontic clinic/practice is in charge of your data, and we simply process it on their behalf.
For example:
- When we host your treatment scans or plans for your clinic/practice
- When we provide digital tools your clinic/practices uses to manage your treatment
In these situations:
- Your clinic/practice decides what data we process and why
- We follow their instructions and keep your information secure
- We do not use your data for anything else
In Short
- If you are a patient, your clinic usually controls your data, and Angelalign helps by processing it securely.
- If you use our website or contact us directly, we control that data.
4. What Information We Collect
| Category | Examples |
|---|---|
| Identification Data | Name, contact details, ID/passport numbers |
| Professional Data | Clinic name, license number, job title, credentials |
| Account Data | Login ID, passwords, access logs |
| Financial Data | Payment information, billing details, tax records |
| Health and Diagnostic Data | Dental scans, X-rays, clinical notes, treatment plans, photographs |
| Device and Technical Data | IP address, browser type, device ID, location data, cookies |
| Marketing and Preference Data | Communication preferences, event participation, interests |
5. How We Use Your Information
We use your personal information to:
- Deliver and manage our products, aligners, and digital services
- Support dental treatment planning and case management
- Manage professional relationships and accounts
- Process payments and orders
- Respond to inquiries and provide customer support
- Improve and operate our services, websites, and technology
- Conduct training, education, and marketing (with your consent)
- Comply with applicable laws, regulations, and professional standards
- Maintain cybersecurity, fraud prevention, and risk management
Sensitive data (like health information) is always processed with your consent or under legal/contractual requirements.
6. Legal Bases for Processing
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Contract performance (e.g., where we need to perform the contract, we are about to enter into or have entered into with you or your licensed orthodontic professional)
- Consent (e.g., for health data, marketing, or cross-border transfers)
- Legal obligation (e.g., tax, medical device, or regulatory reporting)
- Legitimate interest (e.g., service improvement, security)
- Vital interests (e.g., to protect someone’s health or safety)
7. Purpose, Data Type, and Lawful Basis Table
To provide transparency, we have summarized the main purposes for which we process personal data, the types of data involved, and the lawful basis for processing found in the table below;
| Purpose / Activity | Type of Data | Lawful Basis for Processing |
|---|---|---|
| To register you as a new user on iOrtho – create accounts, manage systems, prevent fraud, send marketing | Identity, Contact | Performance of contract; legal obligation; legitimate interests; consent |
| To process and deliver products – payments, fees, foreign exchange | Identity, Contact, Financial Data | Performance of contract; legal obligation; legitimate interests (debt recovery) |
| When you communicate with us – queries, feedback | Identity, Contact | Performance of contract; legitimate interests (better service) |
| To manage relationships – notifications, feedback, technical issues | Identity, Contact | Performance of contract; legal obligation; legitimate interests (records management) |
| To administer and protect business and website – troubleshooting, IT, security | Identity, Contact, Technical Data | Legitimate interests (business operations); legal obligation |
| To deliver website content | Identity, Contact | Legitimate interests (product/service development, marketing) |
| Data analytics – improve services | Technical Data | Legitimate interests (product/service development, marketing) |
| Recommendations and suggestions | Identity, Contact, Technical Data | Legitimate interests (product/service development) |
| Public and social media information | Identity, Contact, Technical Data | Legitimate interests (branding, market awareness) |
| Verifying professional credentials | Identity, Contact, Professional Data | Legal obligation |
| Online purchases | Identity, Contact, Professional Data, Financial Data | Performance of contract |
| Treatment planning and case management (including iOrtho platform use) | Health and Diagnostic Data | Contract performance; explicit consent (for health data); vital interests |
| Providing products and services via iOrtho (e.g. case gallery, iOrtho Club) | Identity, Contact, Health and Diagnostic Data | Contract performance; consent for sensitive data |
| Post-Market Surveillance (PMS) and regulatory compliance | Identity, Contact, Health and Diagnostic Data | Legal obligation (e.g. EU MDR, medical device law); contract performance |
| Research and product improvement using iOrtho | Anonymised Clinical Records | Legitimate interest; consent (where required) |
| Managing professional and business relationships | Identity, Contact | Legitimate interest; contract performance |
| Customer support and inquiries | Contact Data | Legitimate interest; contract performance |
| Payment processing and billing | Financial Data | Contract performance; legal obligation |
| Marketing and educational activities | Contact Data | Consent; legitimate interest (where permitted) |
8. Sharing your Data
We may share your data with:
- Angelalign affiliates and subsidiaries (for operations)
- Clinics or distributors (as part of your treatment)
- Service providers (IT, logistics, payments, marketing)
- Regulators if required by law
We do not sell your personal data. Some data may be shared for analytics or marketing only with consent.
9. International Data Transfers
When personal data moves across borders Angelalign uses legally recognised contractual mechanisms (SCCs, BAAs, PIPL standard contracts) combined with technical safeguards to ensure that cross-border personal data transfers comply with GDPR, UK GDPR, PIPL, LGPD, HIPAA, and other relevant laws.
EU/UK/Switzerland: Standard Contractual Clauses (SCCs), International Data Agreements or adequacy decisions (a copy can be found by contacting us.
10. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
11. Your Rights
Under certain circumstances, you have following rights under data protection laws in relation to your personal data:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Opt out of sale or sharing (for U.S. residents)
- Lodge a complaint with your data protection authority
Send requests to privacyservices@angelaligner.com
We will respond within applicable legal timeframes (usually 30 days).
12. Security Measures
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We use organizational, technical, and physical safeguards, some of these include:
- Encryption of data in transit and at rest
- Multi-factor authentication and role-based access
- Regular vulnerability testing and monitoring
- Employee privacy and security training
- Incident response and breach notification processes
13. Website Users
When you visit our website, we may collect limited technical and usage information automatically to help us operate and secure the site, and to understand how it’s used.
We use cookies and similar technologies to make the site function properly, remember your preferences, and improve your browsing experience. You can manage your cookie choices at any time through your browser settings or our Cookie Preference Centre.
14. Children’s Data
We do not directly collect data from children, however our doctors may treat patients who are children. Data collected as part of treatment from a doctor, including information from children, is stored securely on our systems. We protect this data with strong security measures, restrict access to authorised personnel, and delete any data collected without proper consent.
15. Updates to This Notice
We may update this Notice to reflect changes in laws or practices.
The latest version will always be posted on our website with a new “Last Updated” date.
16. Contact Us
If you have any questions about this Privacy Notice, your personal data, or wish to exercise your privacy rights, you can contact you local office found at Contact Us | Angel Aligner or email privacyservices@angelaligner.com
17. Global privacy offices
Depending on your location, you may have additional rights or protections under local privacy laws. Angelalign complies with these regulations and provides guidance which can be found by contacting privacyservices@angelaligner.com
| Country | Applicable Laws | Key Differences | Contact |
|---|---|---|---|
| United States | CCPA, CPRA, HIPAA (for healthcare providers) | California residents may request to know what personal information is collected, request deletion or correction, and opt out of sale or sharing. Angelalign may act as a HIPAA Business Associate when processing PHI for clinics; HIPAA rules apply for privacy, security, and breach notifications. | Federal Trade Commission (FTC): www.ftc.gov California Attorney General: www.oag.ca.gov/privacy |
| Australia | Privacy Act 1988 (OAIC) | Individuals may access and correct their personal data. Angelalign adheres to the Australian Privacy Principles regarding collection, storage, use, disclosure, and international transfers. | Office of the Australian Information Commissioner (OAIC): www.oaic.gov.au |
| United Kingdom | UK GDPR, Data Protection Act 2018 | Rights include access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Sensitive data such as health information is processed only with explicit consent or for healthcare provision. | Information Commissioner’s Office (ICO): www.ico.org.uk |
| European Union | GDPR | Similar rights to the UK, including the right to complain to a supervisory authority. Processing of health and sensitive data requires explicit consent or is justified by healthcare provision or legal obligations. | Relevant EU Member State Supervisory Authority |
| Switzerland | Swiss Federal Act on Data Protection (FADP) | Individuals may request access, correction, or deletion of their personal data. Transfers outside Switzerland require adequate safeguards. | Federal Data Protection and Information Commissioner (FDPIC): www.edoeb.admin.ch |
| China | Personal Information Protection Law (PIPL) | Sensitive data and cross-border transfers require explicit consent and security assessments. Data subjects may access, correct, delete, withdraw consent, or cancel accounts. | Cyberspace Administration of China (CAC): www.cac.gov.cn |
| Russia | Federal Law on Personal Data (No. 152-FZ) | Local residents have rights to access, correct, and delete personal data. Cross-border transfers require compliance with Russian data localization rules. | Roskomnadzor: www.rkn.gov.ru |
| Singapore | Personal Data Protection Act (PDPA) | Individuals may request access or correction of their personal data. Angelalign complies with PDPA’s consent, purpose limitation, and security obligations. | Personal Data Protection Commission (PDPC): www.pdpc.gov.sg |
