Align Technology, Inc. – CCPA Privacy Statement
Last Updated: January 1, 2020
This California Consumer Privacy Act (“CCPA”) privacy notice (this “CCPA Notice”) is included in our Privacy Policy and applies to Align Technology, Inc. and its affiliates ( ‘we’ or "Align") processing of ‘personal information,’ as defined in the CCPA, of California residents (collectively, “Consumers,” “you,” or “your”). Any capitalized terms or other terms not defined herein shall have the meaning ascribed to them in the Privacy Policy or, if not defined herein or in the Privacy Policy, the CCPA. To the extent of any conflict between this CCPA Notice and the rest of our Privacy Policy, this CCPA Notice shall control only with respect to Consumers and their personal information. If you are located elsewhere, please see our Privacy Policy [here].
You may find a copy of this Privacy Policy in PDF format [here].
For individuals with disabilities, alternative methods of viewing or receiving this privacy policy, please contact privacy@aligntech.com.
General
This CCPA Notice provides further detail regarding (a) how we have processed Consumers’ personal information within the past twelve (12) months and (b) your rights under the CCPA.
Personal Information We May Collect
We collect and disclose the following personal information for our business purposes. For more information regarding the purposes for which we use personal information that we’ve collected (and the categories of entities we share with for such purposes), please see [here].
Categories of Personal Information |
Examples |
Source of Personal Information |
|---|---|---|
| Identifiers |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
| Legally Protected Characteristics |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
| Commercial Purchasing Information |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
| Biometric Information |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
| Internet or Network Activity |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
| Geolocation |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
| Inferences drawn from any of these personal information categories |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
| Financial Information (information described in CA Code §1798.80) |
|
Websites, Mobile Applications, Member Registration, On-line Forms, Transactions, or Services (information collected directly from user)
Other Sources (Healthcare Providers, Social Media, Public Databases, or Other Third Parties) |
Your CCPA Rights
Access
You may request that Align disclose certain information regarding our use of your personal information over the past twelve (12) months. You may only make such requests twice per twelve (12) months.
Upon verifying your request (see below), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- The specific pieces of personal information we collected about you.
- Our business purpose for collecting that personal information.
- The categories of third parties with whom we share personal information.
Deletion
You have the right to request that Align delete any of the personal information collected from you and retained by us, subject to certain exceptions. Once your request is verified (see below) and we have determined that we are required to delete that information in accordance with applicable law, we will delete and direct our service providers to delete your personal information from our records. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA. Please note that a record of your deletion request may be kept pursuant to our legal obligations.
Exercising Your Rights
To exercise any of the rights described above, please submit a request to us by:
- Email us at privacy@aligntech.com
Please note that Consumers have a right to not receive discriminatory treatment for the exercise of their rights under the CCPA.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. You may only make a verifiable consumer request for access twice within a 12-month period. Your verifiable consumer request must:
- Provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf; and
- Describe your request with sufficient detail to properly understand and respond to it.
We will only use the personal information that you have provided in a verifiable consumer request in order to verify your request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.
Making a verifiable consumer request does not require you to create an account with us. We consider a request made through your password-protected account sufficiently verified when the request relates to personal information associated with that specific account.
Verifying Your Request
Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. You may also make a request on behalf of your minor child. In all cases, your request must be verified before we take action (and shall take such action pursuant to the timing permitted under the CCPA). Verifying your request may require you to:
- Provide sufficient information to allow us to reasonably verify that you are the person about whom we collected personal information, or a person authorized to act on your behalf; and
- Describe your request with sufficient detail to properly understand and respond to it.
We will only use the personal information that you have provided in a verifiable request in order to verify your request. As stated above, we cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.
Making a verifiable request does not require you to create an account with us. We consider a request made through your password-protected account sufficiently “verified” when the request relates to personal information associated with that specific account and you have complied with any of our existing authentication practices.
Response Timing and Format
We aim to respond to customer requests within forty-five (45) days of receipt. If we are unable to deliver a response to verifiable consumer requests within this timeframe, we will inform you of the reason and estimated extension period in writing1. We will deliver a response to your existing account with us, if applicable, or a written response by mail or electronically, at your option.
Any disclosures will cover only the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. Data portability requests will be issued in a format that is readily useable, we do not charge a fee unless your request is excessive, repetitive, or manifestly unfounded. If the request warrants a reasonable fee, we will tell you why and provide you with a cost estimate before completing your request.
1 The response period may be extended up to forty-five (45) additional days where necessary, taking into account the complexity of your request.
Fees
Please note that we may charge a reasonable fee or refuse to act on a request if such request is excessive, repetitive, or manifestly unfounded.
Changes to this Privacy Statement
If, in the future, we intend to process your personal information for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately (either within this Privacy Policy or elsewhere), and the “Effective Date” at the top of this page will be updated accordingly.
Further information
If you have any queries, questions, concerns or require any further information in relation to the Privacy Statement or you wish to exercise any of your rights, please do not hesitate to contact Align at privacy@aligntech.com.
