Privacy Policy

Last updated: February 16, 2023
Effective Date: February 16, 2023
Notice:
EA values your personal information and the personal information you provide with us. We will process the personal information in strict accordance with the the Health Insurance Portability and Accountability Act of 1996, the Health Information Technology for Economic and Clinical Health Act and the other applicable laws as well as the provisions of this Agreement (collectively, “Applicable Requirements).
This Agreement applies to all products and/or services provided by Shanghai EA Medical Instruments Co., Ltd. (registered address: Room 601-603, No. 500 Zhengli Road, Yangpu District, Shanghai) and its Affiliates (hereinafter referred to as "EA" or "We"). And your visit to this system or usage of products and/or services provided by the site is also subject to this Agreement.
Therefore, before you visit or use this system or the products and/or services provided by EA, please read carefully to fully understand this Agreement, especially the terms in bold. If you click the "Confirm" button or check "Agree", it means you have fully understood and agreed to this Agreement. Any questions, comments or suggestions about the provisions or content of this Agreement, please contact us through the contact information provided at the bottom of this Agreement. We are glad to provide you any assistance.

PartI Definitions

1. Personal information: means any information relating to an identified or identifiable natural person ('information subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data processing: means any operations performed on personal information (whether by automated means). Common data processing includes (but is not limited to) collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal information.
3. Affiliate: means any other entities directly or indirectly controlled by Angelalign Technology Inc., which include but are not limited to: USA ANGELALIGN TECHNOLOGY Corp and Angelalign Technology Pte. Ltd..

PartII Privacy Policy

This Agreement explains to you how EA, may collect, retain, process, share and transfer your personal information when you visit our sites or use our system, and does not apply to online websites or services that we do not own or control.
I. How we collect and use your personal information
II. How we share and publicly disclose your personal information
III. How we store and protect your personal information
IV. How you should manage your personal information
V. How we protect the personal information of children
VI. How your personal information is transferred globally
VII. How we modify and update this Agreement
VIII. How to contact us

I. How we collect and use your personal information

We may acquire your personal information or the personal information of others that you provide from a variety of channels. You can provide us the information while browsing our system, through our social media pages and mini programs, or while participating in our activities. When you visit our system, browse our social media pages, or use mini programs, we will collect information about your device or your usage by automated means like Cookies, web server logs and Web Beacon. We may also collect your personal information indirectly from other channels.
1. Personal information collection
(1) Personal information of you and others that you actively provide to us
- Registering a system account or related services
To register an account on the EA system as a doctor, doctor’s assistant/consultant, medical student or the contact person of the clinic or hospital that you belong to, you need to provide us with your personal information, including but not limited to: your name, avatar, phone number, social media account (e.g. WeChat ID), email, physician practice certificate and other relevant qualification certificates, name, delivery address, phone number, email, and bank account number of you and/or the clinic or hospital that you belong to, and the other information reasonably required by EA.
- Obtaining products and/or services
To obtain products and/or services provided by EA, you will provide us with (un)processed personal information of patients, including but not limited to: patient's name, and delivery address. We understand that you provide us with the aforementioned personal information of patients in the purpose of providing EA products and/or services to them. You are authorized and qualified to use the information as well as provide it to us and authorize us in accordance with Applicable Requirements to process the information. Before you collect patient data of minors who have reached the age of 16, you should obtain express consent of them and their guardians. For those under the age of 16, you should obtain the express consent of their guardians. If you fail to obtain the above consent, you must not collect relevant patient personal information.
- Payment for the products and/or services and financial order management
For the purpose of products and/or services payment, financial order management and internal audit, we will collect the payment information of you and/or the clinic, hospital or company that you belong to, including name of drawee, bank account and the other related information reasonably required by EA.
(2) Personal information collected by EA during your use of our products and/or services
To ensure the safe operation of the system, and to provide you with convenient, reliable and trustworthy products, services and use environment, we may collect your operation, logging, network and device information (including but not limited to device model, device identification code, operating system, IP address, operator, etc.) and other personal information based on the permission setting of your mobile device system (including but not limited to service recommendation based on location permission, photo upload based on camera permission, etc.). If you enable these permissions, you authorize us to collect and use the personal information to implement the above-mentioned functions. If you disable these permissions, you cancel the authorization and we will no longer collecting and using the personal data. This way, we will not be able to provide you with the above-mentioned functions corresponding to the authorization. Your disabling of the permissions will not affect the processing of personal information based on authorization as described previously. Meanwhile, in order to prevent malicious programs and the necessary for safe operation, we will collect the installed application information or running process information, the overall operation of the application, the overall installation and use of the application, frequency, application crashes, application sources, performance data, etc.
(3) Personal information collected by EA indirectly through a third party
In order to provide you with better, higher-quality and more personalized services, or provide services for you, or in order to prevent Internet fraud, our Affiliates and partners will share your personal information legally sourced with us in accordance with Applicable Requirements or agreement with you, or with your prior consent. You agree that we are authorized to obtain the personal information you provide and process the information within the scope of your authorization.
You are obligated to provide real and effective personal information about you and your patients. The information should be updated in time in case of any change so that we can verify your identity and provide related products and/or services. If you submit another person's personal information, you should obtain his/her legitimate authorization.
2. Use of Personal Information
By providing your personal information to EA, you agree that EA can use the information alone or in combination with existing information for the following purposes:
(1) Allow you to use, purchase, or subscribe to products and services provided by EA, and EA may label products and documents with relevant information, including your and your patient’s name, address, telephone number and the other contact information;
(2) Provide you with relevant information about our products, services, news and events;
(3) Provide information about you or your medical institute to patients and allow them to contact you;
(4) Help you to establish and manage the information and files of patients registered with EA, and produce and customize products and services according to your treatment plan;
(5) Resolve malfunctions of our system and services;
(6) Facilitate internal audit, data analysis and research to improve our products or services;
(7) Transfer your personal information for the purpose of transactions such as mergers, acquisitions or asset sales. Before the transfer, we will give you prior notice and ensure that your personal information will get protection equivalent to this Agreement;
(8) Use for purposes required by laws and regulations, court orders or other legal procedures, or government organs;
(9) Other legal purposes
After personal information collection, we will use technical means to de-identify it. De-identified personal information will not be able to identify the subject without using additional information. Please understand and agree that, in this case, we are authorized to use the de-identified information; and without disclosing your personal information, we are allowed to analyze the user database and make commercial use. We will use collected personal information in accordance with the provisions of this Agreement to realize the functions of our products and/or services. We will seek your consent before we use such information for other purposes not stated in this Agreement, or use the  information collected for specific purposes for other purposes.
3. How do we use Cookie
(1) A cookie is a small text file that our sites store on your computer or mobile device when you visit our systems. Our systems, apps and other services, send this data to your browser when you first request a web page and then store the data on your computer or other device so the website or app can access, store or collect information from your device when you first request a web page. Browsers support cookies and similar technologies (such as local storage and pixels) so that our systems can remember information about your visit and can use the information to improve your experience and to create aggregated anonymized statistics about usage of the site. In this Agreement, we use the term “cookie” to refer both to cookies and similar technologies.
(2) You can manage or delete the cookies as you like. You can refuse cookies by modifying your browser settings, or you can clear all cookies saved in your mobile device. In this case, you may need to repeat the login and change user settings each time you visit this system, which will affect your use of this system to some extent. For further information of our cookies, please click here.

II. How we share and publicly disclose your personal information

1. We will keep personal information you provide confidential and safe in accordance with Applicable Requirements, and will not provide or display the information to any third party in any way, except in the following cases:
(1) We have obtained your express consent or authorization in advance that you authorize us or we access by ourselves such information as patient information.
(2) When judicial or administrative organs require our system to disclose personal information in accordance with legal procedures and statutory powers, we will provide relevant information accordingly. We shall be exempt from liability for any disclosure in this case.
(3) We assume no liability towards any leakage, loss, embezzlement or falsification of personal information caused by force majeure and affecting the normal operation of the system, such as hacking, computer virus invasions or attacks, or temporary shutdown by government control.
(4) We assume no liability towards any leakage, loss, embezzlement or falsification of personal information caused by you telling others your password or sharing your registered account with others.
(5) We assume no liability towards any leakage, loss, embezzlement or falsification of personal information occurring on any other systems linked to this system.
2. By providing us personal information, you agree that EA can share the information with third parties for the purposes specified in this Agreement under the following circumstances:
(1) We may share the personal information you provide with our Affiliates. We will only share necessary information for the purposes stated in this Agreement. If our Affiliates want to change the purpose of processing personal information, they will gain your approval again. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves;
(2) We may share your orders, account, device, location, and other personal information with third parties such as partners to ensure your smooth access to our products and services. We will only share your personal information for legal, just, necessary, specific and clear purposes in the intention to successfully provide products and services for you. Our partners are not entitled to use the shared personal information for any other purpose. At present, our partners include the following types:
- Supplier of goods or technical services
We may share the personal information you provide with third parties that support EA in ways like supplying materials, or providing infrastructure or technical services, logistics and distribution services, payment services, and data processing.
- Partners who jointly promote with us
For your better experience of browsing and using this system, and to keep you informed about products and/or services in a timely manner, we sometimes entrust other companies to promote our products and services. We may share both personal and non-personal information you provide with our joint marketing partners. For this purpose, we will notify you to obtain your consent. If patient personal information is involved, the patient's approval will be obtained either by you or by ourselves.
- Third-party components
To better provide you with products and services, we may share your personal information with third-party components embedded in the system and APP. Please click here for details .
- Other purposes you agree
Personal information shared to achieve the purpose you agree to from time to time, including any other purpose stated upon information collection (for example: we may share the collected information with your medical institute or other users of this system); and
- Others
Personal information provided to courts or government organs in accordance with laws and regulations, court orders or other legal procedures, or the requirements of government organs.
We will sign confidentiality agreements with companies, organizations, and individuals with whom we share personal information, to require them to treat personal information in compliance with our instructions, this Agreement, and any other relevant confidentiality and security measures.
3. We will not transfer your personal information to any company, organization, or individual except for the following circumstances:
(1) Transfer with express consent: After obtaining your express consent, we will transfer the personal information you provide to other parties. If the patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves;
(2) In case of any acquisition, merger or insolvency liquidation, or other circumstances involving merger, acquisition or insolvency liquidation, of EA, if personal information transfer is involved, we will require the new company, organization or individual that holds your personal information to continue to follow this Agreement, or we will require such a company, organization or individual to obtain your authorization and consent again. If patient personal information is involved, the patient's approval will be obtained either by you or by ourselves.
4. We will only publicly disclose your personal information under the following circumstances:
(1) We have obtained your express consent or you choose to disclose the information proactively. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves;
(2) If we are confirmed that you have violated laws and regulations or seriously violated EA's relevant agreement or rules, or we try to protect the personal and property safety of users of EA and its Affiliates or to protect the public from infringement, we may disclose your personal information by following laws and regulations or relevant agreement rules of EA. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves.

III. How we store and protect your personal information

1. In accordance with Applicable Requirements, we will keep the web log information for at least 6 months. We will only retain you and other personal information provided by you for the necessary shortest period for the purpose set forth in this Agreement, unless otherwise provided by laws and regulations or otherwise authorized and agreed by you. After aforementioned storage period expires, we will delete or anonymize your personal information and the personal information you provided.
2. The personal information collected and generated during our operations will be stored in your country of residence, except the following circumstances: (1) Clearly stipulated by laws and regulations; or (2) Express authorization is obtained from you. If patient's personal information is involved, the patient's approval will be obtained either by you or by ourselves.
3. During your use of our products and/or services, we will continue to store the personal information you provide within the shortest period required for providing the products and services, unless you cancel authorization, delete the information, or deregister the account.
4. We have taken reasonable and feasible safety protection measures that conform to industry standards to keep and protect the personal information you provide from unauthorized access, public disclosure, usage, modification, damage or loss. Information submitted online is encrypted for transmission for security; the back-end storage system and the front-end user information collection system are physically separated by being deployed on different servers; the network equipment and security equipment at the security boundary are regularly assessed and audited, vulnerabilities are patched in time, and weak passwords are eliminated; system- and code-level vulnerability scans are performed on a regular basis to detect security vulnerabilities and configuration non-conformances; all O&M personnel accessing electronic personal information shall pass the two-factor authenticated bastion host before performing any operation so that all operations are recorded.
5. We have grouped an information security management team and formulated a detailed system security management system and personal information protection system. Moreover, we have passed relevant national certification on data security.
6. We will take reasonable and feasible measures to ensure that only related personal information is collected.
7. Given that the Internet is not absolutely safe, we do not recommend that you send personal information in e-mail, instant messaging, and communication with other users, although parts of these ways are encrypted. Please use a relatively complex password so that we can guarantee the personal information security of you and your patients.
8. We have formulated a network security incident report and disposal management system, based on which we handle personal information security incidents by following the four steps of reporting, responding, post-analyzing, and rectifying. We will also inform you of the specific situation and remedy measures in accordance with laws and regulations in a timely manner. Meanwhile, we will also report the disposal of the incident according to the requirements of the regulatory authorities. With regard to the patient personal information you provide, you may need to notify the corresponding subject after you receive our security incident notification.

IV. How you should manage your personal information

1. Query and modify your personal information and the personal information you provide: After registration success, account information such as user name and password will be generated. You can log in to your account and query and modify the account information in "Settings" or send us a written request at our email. If you find a security breach or illegal use of your account, please send a written request to our email to notify us in a timely manner and report the case to a relevant department.
2. Delete your personal information and the personal information you provide, and deregister your account: You have the right to deregister your account and request that we delete the personal information collected on this system. You can send an email to us to submit the requirements. You understand that we will verify your identity before deleting your personal information and the personal information you provide or deregistering your account. Unless otherwise specified by law, if the user logs out, EA will delete your personal information and the personal information you provide, and stop providing services (including but not limited to login and placing orders. The points in your account will be cleared). Note that when your information has been deleted from our services or after we receive and agree to your application for deletion, the corresponding one may not be removed from the backup system immediately, but will be done when update for backup.
3. When you cancel authorization, delete personal information, or deregister your account, we will delete your personal information and the personal information you provide in accordance with the law, or anonymize it as permitted by law to keep it in a state where it cannot be retrieved or accessed. However, we will still store some of your information in accordance with the law.
4. Please take good care of your account information, and ensure the security of your account and the actions implemented through the account. Unless required by relevant laws and with the consent of EA, your account is for your use only, and you may not borrow, transfer, gift, inherit or allow others to use your account in any way. backup.
5. We will not be able to respond to your request and reserve the right to seize your account if your request:
(1) concerns national security and/or national defense;
(2) concerns public security, public health, and/or major public interests;
(3) concerns criminal investigation, prosecution, trial, and/or execution of judgments;
(4) proves by sufficient evidence that you have subjective malice or abuse of rights;
(5) seriously prejudicial to your, other individuals' or organizations' legitimate rights and interests if your request is responded to;
(6) fails to protect judicial independence and judicial proceedings;
(7) opposes the prevention, investigation, detection and prosecution of breaches of ethics for regulated professions;
(8) concerns a monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (1) to (5) and (7);
(9) concerns the protection of the data subject or the rights and freedoms of others;
(10) concerns the enforcement of civil law claims.
6. If this system is to be closed, we will stop collecting the personal information you provide after relevant services stop operating. We will notify you of the closing in an announcement. The personal information already held will be deleted or anonymized.
We will generally process the above-mentioned requests within 15 working days.
For your reasonable request, we will not charge you any fees in principle, but for repeated requests that exceed the reasonable limit, we will collect a certain cost as the case may be. We may reject requests that are unreasonably repetitive, require too many technical means (for example, the need to develop new systems or fundamentally change existing practices), pose risks to the legitimate rights and interests of others, or are highly impractical.

V. How we protect the personal information of children

Without the consent of their parents or guardians, children (under 16) are not allowed to create accounts on this system. If your patient is a child, it is recommended that you ask his or her parent or guardian to read this Agreement carefully and use our services or provide us with information with prior consent. We will only use, share, transfer or disclose the personal information of a child collected with the consent of his or her parent or guardian for using our products or services if the laws and regulations permit, the parent or guardian explicitly agrees, or it is necessary for protecting the child.

VI. How your personal information is transferred globally

1. In principle, the personal information collected and generated during our operations will be stored in your country of residence.
2. EA operates globally and may therefore transfer your personal information to other countries in which we operate, including countries other than your country of residence. Your personal information may also be stored on our servers, which may be located outside your country of residence. However, we will continue to protect your information in accordance with this Agreement and signed Standard Contractual Clause / Data Process Agreement. By providing us your personal information, you agree to such transfers, processing and/or storage anywhere in the world, including the People’s Republic of China.

VII. How we modify and update this Agreement

1. We may modify and update this Agreement (referred to as "Changes") from time to time in accordance with changes in Applicable Requirements, or for the need to maintain the transaction order or protect consumer rights. You can check or download the latest version at the bottom of this system at any time.
2. If you disagree with any change, you have the right to give us feedback through the contact information provided by us. If the feedback is accepted, we will appropriately adjust the changed items.
3. If you still disagree with the changed items, you should stop using system services from the effective date when the changed items go into effect, and the changed items will have no effect on you. If you continue to use system services after the changed items take effect, it shall be deemed as you have agreed to in the changed items.

VIII. How to contact us

If you have any questions or suggestions about this system or this Agreement, or you have any complaints, please contact us via accounting@angelaligner.com, and we will deal with it within 15 working days.
Version: A0