TDO PRIVACY POLICY

1. INTRODUCTION. TDO Software, Inc. (“TDO,” “us,” “we,” or “Company”) is committed to respecting the privacy rights of our customers, visitors, and other users of our website, software and products (“Products,” which include services). We deal with users directly through the Company website (the “Company Site”) and indirectly through the practice management system and Products we provide to dental professionals (“TDO Customers”). TDO Software is installed on servers in the offices of all TDO Customers and some subscribe to TDO Cloud Service that includes a website for their practice (the “Services Site”). We created this Privacy Policy to give you confidence as you visit and use the Company Site or the Services Site or deal with TDO Customers, and to demonstrate our commitment to fair information practices and the protection of privacy. This Privacy Policy is only applicable to the Company Site and the Services Site (together, the “Sites”) and the limited involvement we have with the information collected by TDO Customers. It does not cover any website that you may be able to access either from (a) the Sites or (b) TDO Customers who provision their own websites. Any of these other websites may have data collection, storage, and use practices and policies that differ materially from this Privacy Policy.

Our Privacy Policy is separate and distinct from and in addition to our compliance with U.S. HIPAA Rules found in 45 CFR Part 160 and 164.

2. FOR VISITORS TO THE COMPANY SITE (NOT THE WEBSITES OF TDO CUSTOMERS SUCH AS YOUR DENTAL PROFESSIONAL) - INFORMATION COLLECTION AND USE

2.1. TYPES OF INFORMATION COLLECTED

(a) TRAFFIC DATA COLLECTED. We automatically track and collect the following categories of information when you visit the Company Site: (1) IP addresses; (2) domain servers; (3) types of computers accessing the site; and (4) types of web browsers used to access the site (collectively “Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the site. We also use “cookies” to customize content specific to your interests, to ensure that you do not see the same advertisement repeatedly, and to store your password so you do not have to re-enter it each time you visit the site.

(b) PERSONAL INFORMATION COLLECTED. In order for you to request and receive information from us or for TDO Customers (only) to pay charges incurred or post information in discussion forums or chat groups, we require you to provide us with certain information that personally identifies you (“Personal Information”). Personal Information includes the following categories of information: (1) Contact Data (such as your name, mailing address, and e-mail address); (2) Financial Data (such as your account or credit card number); (3) Demographic Data (such as your zip/postal code, age, date of birth) and (4) Other Data Collected that could directly or indirectly identify you. If you communicate with us by e-mail or complete online forms, surveys, or contest entries, any information provided in such communication may be collected as Personal Information. Any messages that TDO Customers post to any of our chat groups, bulletin boards, or forums will be public information as described below, not Personal Information.

(c) GENERAL DATA PROTECTION REGULATION (GDPR) - EUROPEAN REPRESENTATIVE. Pursuant to Article 27 of Europe’s General Data Protection Regulation (GDPR), TDO Software Inc. has appointed European Data Protection Office (EDPO) as its GDPR representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by sending an email to privacy@edpo.brussels, using EDPO’s online request form, or writing to EDPO at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

TDO Software Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. TDO Software Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. TDO Software Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, TDO Software, Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact TDO Software, Inc. at webadmin@tdo4endo.com.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, TDO Software, Inc. commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to ICDR-AAA, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of ICDR-AAA are provided at no cost to you.

2.2. USES OF INFORMATION COLLECTED

We believe in minimizing the data we collect and limiting its use and purpose to those (1) for which we have been given permission, (2) necessary to provide the Products you purchase or interact with (including services by your dental professional) or (3) we might be required or permitted for legal compliance or lawful purposes.

(a) USE OF INFORMATION. We use Contact Data to send you information about our company or our Products, or promotional material from some of our partners, or to contact you when necessary. We use TDO Customer Financial Data to verify their qualifications for certain Products and to bill you for them. We use your Demographic Data to customize and tailor your experience on the site, displaying content that we think you might be interested in and according to your preferences.

(b) SHARING OF PERSONAL INFORMATION. We share certain categories of information we collect from you in the ways described in this Privacy Policy. We share Demographic Data with advertisers and other third parties only on an aggregate (i.e., non-personally-identifiable) basis. We share Contact Data of TDO Customers with other TDO Customers so they can contact each other for allowable purposes. We also share Contact Data and Financial Data with our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to our operation of the Sites. Those business partners have all agreed to uphold the same standards of security and confidentiality that we have promised to you in this Privacy Policy, and they will only use your Contact Data and other Personal Information to carry out their specific business obligations to the Company. If you do not want us to share your Contact Data with any third parties, please email us at webadmin@tdo4endo.com and we will do so, but please understand that such a request will likely limit your ability to take advantage of all of the features we offer on the Company Site.

(c) USER CHOICE REGARDING COLLECTION, USE, AND DISTRIBUTION OF PERSONAL INFORMATION. You may choose not to provide us with any Personal Information. In such an event, you can still access and use some of the Company Site; however, you will not be able to access and use those portions of the Company Site that require your Personal Information.

(d) USER RIGHTS TO ACCESS, CORRECT, AMEND, ERASE OR DELETE PERSONAL INFORMATION. You have the right to access the Personal Information that we have about you and you have the right to correct, amend, erase or delete that information at your choice or when it is inaccurate or has been processed in violation of the U.S. Department of Commerce’s Data Privacy Principles (referenced below). If you want to access, correct, amend or delete your Personal Information on the Company Site, please email us at webadmin@tdo4endo.com and we will cooperate with you do so, but please understand that, while we won’t take any prohibited action due to your making a request, such a request will likely limit your ability to take advantage of all the features that we offer on the Company Site. We will acknowledge your data requests within 10 business days and respond within 30 calendar days, including, when requested, sending you a copy of your Personal Information that we have collected.

3. FOR VISITORS TO THE SITES OF TDO CUSTOMERS SUCH AS YOUR DENTAL PROFESSIONAL (AND THEIR PATIENTS, EMPLOYEES AND REFERRING MEDICAL PROFESSIONALS) – INFORMATION COLLECTION AND USE

While we have designed their practice management systems, TDO Customers primarily control the information that is collected and how it is used and shared, not us. As described below, we do have access to or process some of the data that the customer of TDO Cloud Service collects in its system. Further, TDO Cloud Service includes a website configured for each of these TDO Customers and we back up the data in the practice management systems of those customers.

3.1. TYPES OF INFORMATION COLLECTED

(a) TRAFFIC DATA COLLECTED. The Services Site is configured to automatically track and collect the following categories of information when you visit the Services Site: (1) IP addresses; (2) domain servers; (3) types of computers accessing the Site; and (4) types of web browsers used to access the Services Site (collectively “Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is helpful for marketing purposes or for improving your experience on the Services Site. The Services Site also use “cookies” to customize content specific to your interests, to ensure that you do not see the same advertisement repeatedly, and to store your password so you do not have to re-enter it each time you visit the Services Site.

(b) PERSONAL INFORMATION COLLECTED. In order for you (that is, TDO Customers, their authorized patients, employees, contractors or referring dental professionals) to access certain premium services and functionality that is delivered via the Services Site or directly by the TDO Customer, you might be required to provide certain information that personally identifies you (“Personal Information”). Personal Information includes the following categories of information: (1) Contact Data (such as your name, mailing address, and e-mail address); (2) Demographic Data (such as your zip/postal code, age, date of birth, names of dentists and doctors) and (3) Other Data Collected that could directly or indirectly identify you (including patients’ dental and medical records, billing history, miscellaneous notes and your use of the Services Site). If you communicate with us by email any information provided in such communication may be collected as Personal Information.

3.2. USES OF INFORMATION COLLECTED

We believe in minimizing the data we collect and limiting its use and purpose to those (1) for which we have been given permission, (2) necessary to deliver the services that the TDO Customer wants to provide to you or (3) we might be required or permitted for legal compliance or lawful purposes.

(a) USE OF INFORMATION. As described above, we do not control the data that is collected by the TDO Customer or how it is used or shared. While the TDO Customer’s practice management system is configured for backup storage in the office, the TDO Customer might also store Personal Information in another location. For customers of TDO Cloud service, we provide backup and storage remotely.

We provide troubleshooting, administrative and technical services to all TDO Customers and when requested can access information that is collected on the practice management system to provide that assistance. For customers of TDO Cloud Service, we can track the log-in and activities of all users and can also monitor some aspects of the TDO Customer’s practice, including number of medical professionals, hours worked, locations, site licenses and usage.

(b) SHARING OF PERSONAL INFORMATION OF TDO CUSTOMERS. We share certain categories of information we collect from TDO Customers in the ways described in this Privacy Policy. We share Demographic Data with advertisers and other third parties only on an aggregate (i.e., non-personally-identifiable) basis. We share Contact Data with other companies who may want to send information about their Products or services, unless you have specifically requested that we not share Contact Data with such companies. We also share Contact Data and Financial Data with our business partners who assist us by performing core services (such as hosting, billing, fulfillment, or data storage and security) related to our operation of the Services Site. Those business partners have all agreed to uphold the same standards of security and confidentiality that we have promised to you in this Privacy Policy, and they will only use your Contact Data and other Personal Information to carry out their specific business obligations to us. If you do not want us to share your Contact Data with any third parties, please email us at webadmin@tdo4endo.com, but please understand that such a request will likely limit your ability to take advantage of all of the features and services we offer.

(c) USER CHOICE REGARDING COLLECTION, USE, AND DISTRIBUTION OF PERSONAL INFORMATION. You may choose not to provide us with any Personal Information. In such an event, you can still access and use much of the Services Site; however you will not be able to access and use those portions of that site that require your Personal Information.

(d) USER RIGHTS TO ACCESS AND TO CORRECT, AMEND, ERASE OR DELETE PERSONAL INFORMATION. You have the right to access the Personal Information that we have about you and you have the right to correct, amend, erase or delete that information at your choice or when it is inaccurate or has been processed in violation of the U.S. Department of Commerce’s Data Privacy Principles (referenced below). If your Personal Information has been submitted to us by a TDO Customer such as your dental professional and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the TDO Customer directly. Because we may only access the data of TDO Customers upon instructions from the respective customer, if you wish to make your request directly to us, please provide the name of the TDO Customer who submitted your data when you contact us. We will refer your request to that TDO Customer, and will support that TDO Customer as needed in responding to your request within a reasonable timeframe. Please contact us at webadmin@tdo4endo.com. If you request to delete your Personal Information that is still necessary for us or TDO Customers to provide the services you have ordered, the request will be honored only to the extent that (1) it is approved by the TDO Customer who controls your Personal Information, (2) the Personal Information is no longer necessary for any services being provided and (3) the Personal Information is no longer required for our legitimate business purposes, legal or contractual record keeping requirements. We will assist the TDO Customer when requested in transferring or porting your Personal Information where it is technically feasible to transfer it automatically. Please understand that such a request will likely limit your ability to take advantage of all the features on the Site of the TDO Customer.

4. FOR VISITORS TO THE COMPANY SITE AND THE SITES OF TDO CUSTOMERS SUCH AS YOUR DENTAL PROFESSIONAL (AND THEIR PATIENTS, EMPLOYEES AND REFERRING MEDICAL PROFESSIONALS)

4.1. ANALYTICS AND CONVERSION TRACKING

(a) We may use analytics services that use cookies, Javascript and similar technologies to help us analyze how users use the Products. The information generated by these services about your use of the Products (including your IP address or a truncated version of your IP address) is transmitted to and stored by analytics service providers on their servers. Those service providers will use this information for the purpose of evaluating your, and other users’, use of the Products, compiling reports for us on website activity and providing other services relating to website activity and Internet usage.

(b) We may collect information about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For example, we use cookies on our site for Google Analytics (the “Analytics Service”). The Analytics Service is a web-based analytics tool that helps website owners understand how visitors engage with their website. The Analytics Service customers can view a variety of reports about how visitors interact with their website so that they can improve it.

(c) Like many services, the Analytics Service uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use the Sites. We then use the information to compile reports and to help us improve the Sites.

(d) Cookies contain information that is transferred to your computer’s hard drive. These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page.

(e) The Analytics Service collects information anonymously. They report website trends without identifying individual visitors. You can opt out of the Analytics Service without affecting how you visit our site. For more information on opting out of being tracked by Google Analytics across all websites you use, visit https://tools.google.com/dlpage/gaoptout.

(f) We may also use Google conversion tracking and/or similar services to help us understand your and other users’ use of TDO Products.

4.2 NEW, IMPROVED OR ENHANCED PRODUCTS. We use the information that we collect to deliver, improve, update and enhance the Products in order to (1) improve and optimize the operation and performance of the Products, (2) identify security risks, errors or possible enhancements, (3) detect and address fraud and abuse, (4) collect aggregate statistics about use of the Products and (5) understand and analyze how you use the Products. Much of the data collected is aggregated or statistical data about how individuals use the Products, and is not linked to Personal Information, however, to the extent it is or is linked to Personal Information, we treat it accordingly.

4.3 CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION. Except as otherwise provided in this Privacy Policy, we will keep your Personal Information private and will not share it with third parties, unless such disclosure is necessary to: (a) comply with a court order or other legal process; (b) protect our rights or property; or (c) enforce our Terms of Service. Your Personal Information is stored on secure servers that are not accessible by third parties. We provide you with the capability to transmit your Personal Information via secured and encrypted channels if you use a similarly equipped web browser.

(a) LOST OR STOLEN INFORMATION. If you have provided your credit card information to us, you must promptly notify us if your credit card, user name, or password is lost, stolen, or used without permission. In such an event, we will remove that credit card number, user name, or password from your account and update our records accordingly. We will give prompt notice to you and appropriate government authorities of any data breach involving your Personal Information and will cooperate in any investigations conducted.

(b) PUBLIC INFORMATION. The Sites contain links to other websites. We are not responsible for the privacy practices or the content of such websites. We also make chat rooms, forums, message boards, and newsgroups available to TDO Customers. Please understand that any information that is disclosed in these areas becomes public information. We have no control over its use and you should exercise caution when deciding to disclose your Personal Information.

(c) STORED INFORMATION. We follow generally accepted standards to store and protect the Personal Information we collect, both during transmission and once it is stored, including encryption where appropriate. We retain Personal Information only for as long as necessary to support TDO Customers or their provision of services to others, and then for legitimate legal or business purposes.

(d) “DO NOT TRACK.” Some browsers allow you to automatically notify website you visit not to track you using a “Do Not Track” signal. Due to the lack of consensus of what such signals mean, we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser.

4.4 AGE RESTRICTIONS. Our Sites are intended for use by those 18 and over, including the parents and guardians of minor children. Our Sites are not targeted to, intended to be used by or designed to entice individuals under the age of 18. If you know of or have reason to believe that anyone under the age of 18 has provided us with any Personal Information, please contact us.

5. UPDATES AND CHANGES TO PRIVACY POLICY. We reserve the right, at any time and without notice, to add to, change, update, or modify this Privacy Policy, simply by posting such change, update, or modification on the Company Site and without any other notice to you. Any such change, update, or modification will be effective immediately upon posting on the Company Site.

6. SITE TERMS OF USE. Use of the Sites is governed by, and subject to, the Terms of Use (the “Terms”). This Privacy Policy is incorporated into the Terms. Your use, or access, of the Sites constitutes your agreement to be bound by these provisions. IF YOU DO NOT AGREE TO THE TERMS AND THIS PRIVACY POLICY YOU MAY NOT ACCESS OR OTHERWISE USE THE SITES.

7. TRANSFER OF PERSONAL INFORMATION ABROAD AND DATA PRIVACY FRAMEWORK (DPF). Our servers are maintained in the United States and that is where we provide customer support. By using the Sites or the services of a TDO Customer or communicating with us, you freely and specifically give us your consent to export your personally identifiable information to the United States and to store and use it in the United States as specified in this Privacy Policy. You understand that data stored in the United States may be subject to lawful requests by the courts or law enforcement authorities in the United States. TDO Software Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. TDO Software Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. TDO Software Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

8. LAW. This Privacy Policy and our legal obligations hereunder are subject to the laws of the State of California and the U.S. regardless of your location. You hereby consent to the exclusive jurisdiction of and venue in the courts located in the State of California, County of San Diego, in all disputes arising out of or relating to the Sites, except as specifically provided below. With respect to Personal Information received or transferred pursuant to each Data Privacy Framework, TDO is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. We cooperate with government and law enforcement officials to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials as we, in our sole discretion, believe appropriate to respond to claims and legal process (including in response to lawful requests by public authorities, including to meet national security or law enforcement requirements), to protect property and rights, to protect public safety or to prevent activity that we consider to be illegal or unethical.

9. CONTACT. For questions or concerns relating to privacy, we can be contacted at webadmin@tdo4endo.com.