Privacy Policy.

Personal information you disclose to us

In short: We collect personal information that you provide to us.

We collect personal information that you voluntarily provide when you register on the Services, express interest in obtaining information about us or our products and Services, participate in activities on the Services, or otherwise contact us.

Personal Information Provided by You.

The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. It may include:

Phone number.

In short: We process your information to provide, improve, and administer our Services, communicate with you, ensure security and prevent fraud, and comply with legal obligations. We may also process your information for other purposes with your consent.

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

To facilitate account creation, authentication, and management. We may process your information so you can create and log in to your account and keep it in working order.

To deliver and facilitate services. We may process your information to provide you with the requested service.

To respond to inquiries and provide support. We may process your information to respond to your questions and resolve any issues you might have with the requested service.

To send administrative information. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

To fulfill and manage orders. We may process your information to handle orders, payments, returns, and exchanges made through the Services.

To protect our Services. We may process your information as part of efforts to keep our Services safe and secure, including fraud monitoring and prevention.

To identify usage trends. We may process information about how you use our Services to better understand usage patterns and improve them.

To save or protect an individual’s vital interests. We may process your information when necessary to prevent harm or protect someone’s vital interests.

In short: We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, such as with your consent, to comply with laws, to provide you with services, to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.

If you are located in the EU or UK.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on to process your personal information. We may rely on the following legal bases:

Consent. We may process your information if you have given us permission (i.e., consent) to use your personal information for a specific purpose. You can withdraw your consent at any time.

Performance of a Contract. We may process your personal information when necessary to fulfill our contractual obligations to you, including providing our Services or at your request prior to entering into a contract.

Legitimate Interests. We may process your information when it is reasonably necessary to achieve our legitimate business interests, provided those interests do not override your rights and freedoms. Examples include:

• Analyzing how our Services are used to improve them and engage users.
• Supporting marketing activities.
• Diagnosing problems and preventing fraudulent activities.
• Understanding how users interact with our products and Services to improve user experience.

In legal terms, we are generally the data controller under European data protection laws for the personal information described in this notice, since we determine the means and purposes of processing. This notice does not apply to personal information we process as a data processor on behalf of our customers. In such cases, the customer is the data controller, and we process information only according to their instructions. For more information, review your customer’s privacy policies.

If you are located in Canada.

We may process your information if you have given us specific permission (i.e., express consent) to use your personal information for a specific purpose, or in cases where your permission can be inferred (i.e., implied consent). You can withdraw your consent at any time.

• In some exceptional cases, we may be legally permitted to process your information without your consent, including:
• If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way.
• For investigations, fraud detection, and prevention.
• For business transactions, provided certain conditions are met.
• If contained in a witness statement and necessary to assess, process, or settle an insurance claim.
• For identifying injured, ill, or deceased persons and communicating with next of kin.
• If we reasonably believe an individual has been, is, or may be a victim of financial abuse.
• If collection with consent would compromise the availability or accuracy of information and the collection is reasonable for investigating a breach of an agreement or contravention of laws.
• If disclosure is required to comply with a subpoena, warrant, court order, or rules of the court.
• If produced by an individual during employment, business, or profession and collected for consistent purposes.
• If collection is solely for journalistic, artistic, or literary purposes.
• If the information is publicly available and specified by regulations.

In short: We may share information in specific situations described in this section and/or with the following categories of third parties.

Vendors, Consultants, and Other Third-Party Service Providers.
We may share your data with third-party vendors, service providers, contractors, or agents (“third parties”) who perform services for us or on our behalf and require access to such information to do their work. We have contracts with these third parties designed to safeguard your personal information. This means they cannot use your information for any purpose other than what we instruct, nor share it with any organization apart from us. They are also required to protect the data they hold on our behalf and retain it only for the period we specify. Categories of third parties we may share personal information with include:

• Cloud Computing Services.
• Communication & Collaboration Tools.
• Data Analytics Services.
• Data Storage Service Providers.
• Government Entities.
• Payment Processors.
• Performance Monitoring Tools.
• Product Engineering & Design Tools.
• Testing Tools.
• User Account Registration & Authentication Services.
• Website Hosting Service Providers.

We may also share your personal information in the following situations:

Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or part of our business by another company.

Affiliates. We may share your information with our affiliates, who are required to honor this privacy notice. Affiliates include our parent company, subsidiaries, joint venture partners, or other companies we control or that are under common control with us.

Business Partners. We may share your information with business partners to offer you certain products, services, or promotions.

In short: We are not responsible for the safety of any information you share with third parties that we may link to or who advertise on our Services but are not affiliated with our Services.

Our Services may link to third-party websites, online services, or mobile applications, and/or contain advertisements from third parties that are not affiliated with us and may link to other websites, services, or applications. Accordingly, we do not guarantee the practices of these third parties and are not liable for any loss or damage caused by the use of such third-party websites, services, or applications.

The inclusion of a link to a third-party website, service, or application does not imply endorsement by us. We cannot guarantee the safety or privacy of any data you provide to third parties. Any information collected by third parties is not covered by this privacy notice. We are not responsible for the content, privacy, or security practices of any third parties, including other websites, services, or applications linked to or from our Services. You should review the policies of these third parties and contact them directly with any questions.

In short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (such as web beacons and pixels) to access or store information. Specific details about how we use these technologies and how you can refuse certain cookies are provided in our Cookie Notice: [Cookie Notice URL].

In short: If you choose to register or log in to our Services using a social media account, we may have access to certain information about you.

Our Services allow you to register and log in using your third-party social media account details (such as Facebook or Twitter). If you choose to do this, we will receive certain profile information from your social media provider. The profile information may vary depending on the provider, but often includes your name, email address, friends list, profile picture, and other information you choose to make public on the platform. If you log in using Facebook, we may also request access to additional permissions, such as your friends, check-ins, and likes, which you can grant or deny individually.

We will use the information we receive only for purposes described in this privacy notice or otherwise made clear to you through the Services. Please note that we do not control and are not responsible for other uses of your personal information by the third-party social media provider. We recommend reviewing their privacy notice to understand how they collect, use, and share your personal information, and how you can manage your privacy settings on their platforms.

In short: We may transfer, store, and process your information in countries other than your own.

In some countries listed in paragraph 1 of this policy, cross-border data transfers are not performed for local users of the Services.

Our partner cloud servers are located in the US, UK, Spain, Thailand, Singapore, Australia, Kyrgyzstan, and Russia. If you access our Services from outside these countries, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by third parties with whom we may share your personal information (see “When and with whom do we share your personal information?”), in countries where third-party servers are located, and in other countries.

If you are a resident of the European Economic Area (EEA), the United Kingdom (UK), or the Russian Federation (RU), please note that these countries may not have data protection laws as comprehensive as those in your country. However, we will take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.

European Commission’s Standard Contractual Clauses.

We have implemented measures to protect your personal information, including the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect personal information originating from the EEA or UK in accordance with European data protection laws.

Our data processing agreements, including standard contractual clauses and other relevant safeguards with third-party service providers and partners, can be provided upon request.

Binding Corporate Rules.

These comprise a set of Binding Corporate Rules (“BCRs”) established and implemented at Tap Medical. Our BCRs are based on the data protection standards of our cloud providers and provide an adequate level of protection for personal information we process internationally. You can request a copy of our BCRs from us.

EU-US and Swiss-US Privacy Shield Frameworks.

Tap Medical participates in the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU, UK, and Switzerland to the United States. Compliance is implemented through Amazon Web Services cloud infrastructure and its functionality.

Although Privacy Shield is no longer considered a valid transfer mechanism under EU and Swiss data protection law (following the judgment of the Court of Justice of the European Union in Case C-311/18 and the opinion of the Federal Data Protection and Information Commissioner of Switzerland dated 8 September 2020), Tap Medical continues to comply with the principles of the EU-US and Swiss-US Privacy Shield Frameworks. To learn more about the Privacy Shield program, please visit www.privacyshield.gov.

You can also check Amazon Web Services certification on their website.

Tap Medical adheres to the Privacy Shield Principles when processing personal information from the EU, UK, or Switzerland. If we transfer your information to a third-party agent in the United States, and such agent processes your personal information inconsistently with the Privacy Shield Principles, we remain liable unless we can demonstrate we are not responsible for the event giving rise to the issue.

With respect to personal information received or transferred under the Privacy Shield Frameworks, Tap Medical is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal information in response to lawful requests from public authorities, including national security or law enforcement requirements.

If you have any questions or concerns regarding Tap Medical’s Privacy Shield certification, please contact us using the details below. We are committed to resolving any complaints or disputes about our collection and use of your personal information under the Privacy Shield.

In short: We keep your information for as long as necessary to fulfill the purposes outlined in this privacy notice, unless otherwise required by law.

We will only retain your personal information for as long as necessary to achieve the purposes described in this privacy notice, unless a longer retention period is required or permitted by law (for example, for tax, accounting, or other legal obligations). No purpose in this notice requires us to keep your personal information longer than the period during which you maintain an account with us, or 12 months after the termination of your account.

When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. If deletion is not immediately possible (for example, because your information is stored in backup archives), we will securely store and isolate your information from further processing until deletion is feasible.

In short: We aim to protect your personal information through a combination of organizational and technical security measures.

We have implemented appropriate and reasonable technical and organizational measures designed to protect the security of the personal information we process. However, despite our safeguards and efforts, no electronic transmission over the Internet or information storage system can be guaranteed to be 100% secure. Therefore, we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to bypass our security and improperly collect, access, steal, or modify your information.

Although we take every reasonable precaution to protect your personal information, any transmission of information to and from our Services is at your own risk. You should only access the Services in a secure environment.

In short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years old or that you are the parent or guardian of such a minor and consent to their use of the Services. If we learn that personal information from users under 18 has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records.

If you become aware of any data we may have collected from children under 18, please contact us at info(@)dentaltap.com.

In short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Canada, and Russia, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.

Depending on applicable data protection laws, your rights may include:

• Access and copy. The right to request access to and obtain a copy of your personal information.
• Rectification or erasure. The right to request correction or deletion of your personal information.
• Restriction. The right to request restrictions on the processing of your personal information.
• Data portability. Where applicable, the right to receive your information in a structured, commonly used, and machine-readable format.
• Objection. In certain circumstances, the right to object to the processing of your personal information.

You can exercise these rights by contacting us using the details provided in the section “How can you contact us about this notice?” below.

Withdrawing your consent.
If we rely on your consent to process your personal information (express or implied depending on applicable law), you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal, nor does it affect processing based on other lawful grounds. You can withdraw your consent by contacting us or updating your preferences.

Account Information.

Our Services allow you to manage your personal data, third-party data, and payment information. You can change or delete this information yourself. To review, update, or terminate your account, you can:

• Log in to your account settings and update your information.
• Contact us using the contact details provided.

When you request account termination, we will deactivate or delete your account and information from our active databases. However, we may retain certain information to prevent fraud, troubleshoot issues, assist with investigations, enforce legal terms, or comply with applicable law.

Cookies and similar technologies.

Most web browsers accept cookies by default. You can usually configure your browser to remove or reject cookies. Doing so may affect certain features or services of our Services. To opt out of interest-based advertising by advertisers on our Services, visit http://www.aboutads.info/choices/

.For further information, see our Cookie Notice: [Cookie Notice URL].

If you have questions or comments about your privacy rights, you may email us at info(@)dentaltap.com.

Most web browsers, mobile operating systems, and mobile applications include a Do-Not-Track (DNT) feature or setting that you can activate to signal your preference not to have data about your online browsing activities monitored or collected.

Currently, no uniform technology standard for recognizing and implementing DNT signals has been finalized. As a result, we do not respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online.

If a standard for online tracking is adopted in the future that we are required to follow, we will update this privacy notice to reflect that practice.

In short: Yes. If you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the “Shine The Light” law, allows California residents to request and obtain from us, once a year and free of charge, information about the categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with whom we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit it in writing using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with our Services, you have the right to request removal of unwanted data that you publicly post on the Services. To request removal, contact us using the information below and include the email address associated with your account along with a statement that you reside in California. We will ensure the data is no longer publicly displayed on the Services; however, please note that it may not be completely removed from all of our systems (e.g., backups).

CCPA Privacy Notice

The California Code of Regulations defines a “resident” as:

Every individual who is in the State of California for other than a temporary or transitory purpose; and
Every individual who is domiciled in California but is outside the state for a temporary or transitory purpose.

All other individuals are defined as “non-residents.”

If this definition of “resident” applies to you, we must adhere to certain rights and obligations regarding your personal information.

We will use and retain the collected personal information as needed to provide the Services or for the following periods:

Category A: 12 months.
Category B: 12 months.
Category C: 12 months.
Category D: 12 months.
Category G: 12 months.

We may also collect other personal information outside of these categories when you interact with us in person, online, by phone, or by mail in connection with:

• Receiving help through our customer support channels.
• Participation in customer surveys or contests.
• Facilitation of service delivery and responding to your inquiries.
• How do we use and share your personal information?

Tap Medical collects and shares your personal information through:

Targeting cookies / Marketing cookies

More information about our data collection and sharing practices can be found in this privacy notice and our Cookie Notice: [Cookie Notice URL].

You can opt out of sharing your personal information by disabling cookies in your Cookie Preference Settings and clicking the Delete All link on our homepage.

Will your information be shared with anyone else?

We may disclose your personal information to our service providers under written contracts. Each service provider is a for-profit entity that processes information on our behalf and follows strict privacy protection obligations.

We may also use your personal information for our own business purposes, such as internal research, technological development, and demonstration. This is not considered “selling” your personal information.

Tap Medical has disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

Category A: Identifiers, such as your real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, IP address, email address, and account name.

Category G: Geolocation data, such as device location.

The categories of third parties to whom we disclosed personal information for a business or commercial purpose are listed under “When and with whom do we share your personal information?”, and include:

Data Analytics Services.

Your rights with respect to your personal data.

Right to request deletion of your data

You may request the deletion of your personal information. We will honor your request, subject to certain legal exceptions, such as:

The exercise of another consumer’s right to free speech.

Compliance with legal obligations.

Processing necessary to prevent illegal activities.

Right to be informed.
Depending on circumstances, you have the right to know:

• Whether we collect and use your personal information.
• The categories of personal information we collect.
• The purposes for which we use your personal information.
• Whether we sell or share personal information with third parties.
• The categories of personal information sold, shared, or disclosed for a business purpose.
• The categories of third parties to whom information was sold, shared, or disclosed.
• The business or commercial purpose for collecting, sharing, or selling personal information.
• The specific pieces of personal information we collected about you.

In accordance with applicable law, we are not required to provide or delete information that has been de-identified or to re-identify data to verify a consumer request.

Right to non-discrimination for exercising privacy rights
We will not discriminate against you for exercising your privacy rights.

In short: Yes. If you are a resident of Virginia, you may have specific rights regarding access to and use of your personal information.

Virginia CDPA Privacy Notice.

Under the Virginia Consumer Data Protection Act (CDPA):

“Consumer” means a natural person who is a resident of the Commonwealth acting only in an individual or household context. It does not include a natural person acting in a commercial or employment context.

“Personal data” means any information linked or reasonably linkable to an identified or identifiable natural person. It does not include de-identified data or publicly available information.

“Sale of personal data” means the exchange of personal data for monetary consideration.

If this definition of “consumer” applies to you, we must adhere to certain rights and obligations regarding your personal data.

The information we collect, use, and disclose about you may vary depending on how you interact with Tap Medical and our Services. For more details, please see the following sections:

1. What information do we collect?
2. How do we process your information?
3. When and with whom do we share your personal information?

Your rights with respect to your personal data.

Under the Virginia CDPA, you may have the right to:

• Be informed whether or not we are processing your personal data.
• Access your personal data.
• Correct inaccuracies in your personal data.
• Request deletion of your personal data.
• Obtain a copy of the personal data you previously shared with us.
• Opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in decisions that produce legal or similarly significant effects.

Tap Medical processes personal data solely to ensure the correct functioning of our Services and does not sell such personal data to third parties for business or commercial purposes.

For more information about our data collection and sharing practices, please refer to this privacy notice and our Cookie Notice: [Cookie Notice URL].

In short: Yes. We will update this notice as necessary to remain compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be identified by an updated “Revised” date and will take effect as soon as it is accessible. If we make material changes to this privacy notice, we may notify you by prominently posting a notice of such changes or by sending you a direct notification.

We encourage you to review this privacy notice regularly to stay informed about how we are protecting your information.

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO), Viki Moyo, by email at info(@)dentaltap.com
.