1 Version 2021.03.01

TDO PRIVACY POLICY

1. INTRODUCTION. TDO Software, Inc. (“TDO,” “us,” “we,” or “Company”) is committed to

respecting the privacy rights of our customers, visitors, and other users of our website, software and

products (“Products,” which include services). We deal with users directly through the Company

website (the “Company Site”) and indirectly through the practice management system and Products

we provide to dental professionals (“TDO Customers”). TDO Software is installed on servers in the

offices of all TDO Customers and some subscribe to TDO Cloud Service that includes a website for

their practice (the “Services Site”). We created this Privacy Policy to give you confidence as you visit

and use the Company Site or the Services Site or deal with TDO Customers, and to demonstrate our

commitment to fair information practices and the protection of privacy. This Privacy Policy is only

applicable to the Company Site and the Services Site (together, the “Sites”) and the limited

involvement we have with the information collected by TDO Customers. It does not cover any

website that you may be able to access either from (a) the Sites or (b) TDO Customers who provision

their own websites. Any of these other websites may have data collection, storage, and use practices

and policies that differ materially from this Privacy Policy.

Our Privacy Policy is separate and distinct from and in addition to our compliance with U.S.

HIPAA Rules found in 45 CFR Part 160 and 164.

2. FOR VISITORS TO THE COMPANY SITE (NOT THE WEBSITES OF TDO CUSTOMERS

SUCH AS YOUR DENTAL PROFESSIONAL) - INFORMATION COLLECTION AND USE

2.1. TYPES OF INFORMATION COLLECTED

(a) TRAFFIC DATA COLLECTED. We automatically track and collect the following categories

of information when you visit the Company Site: (1) IP addresses; (2) domain servers; (3) types of

computers accessing the site; and (4) types of web browsers used to access the site (collectively

“Traffic Data”). Traffic Data is anonymous information that does not personally identify you but is

helpful for marketing purposes or for improving your experience on the site. We also use “cookies”

to customize content specific to your interests, to ensure that you do not see the same advertisement

repeatedly, and to store your password so you do not have to re-enter it each time you visit the site.

(b) PERSONAL INFORMATION COLLECTED. In order for you to request and receive

information from us or for TDO Customers (only) to pay charges incurred or post information in

discussion forums or chat groups, we require you to provide us with certain information that

personally identifies you (“Personal Information”). Personal Information includes the following

categories of information: (1) Contact Data (such as your name, mailing address, and e-mail address);

(2) Financial Data (such as your account or credit card number); (3) Demographic Data (such as your

zip/postal code, age, date of birth) and (4) Other Data Collected that could directly or indirectly

identify you. If you communicate with us by e-mail or complete online forms, surveys, or contest

entries, any information provided in such communication may be collected as Personal Information.

Any messages that TDO Customers post to any of our chat groups, bulletin boards, or forums will be

public information as described below, not Personal Information.

REPRESENTATIVE. Pursuant to Article 27 of Europe’s General Data Protection Regulation

(GDPR), TDO Software Inc. has appointed European Data Protection Office (EDPO) as its GDPR

representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR by

2 Version 2021.03.01

sending an email to privacy@edpo.brussels, using EDPO’s online request form, or writing to EDPO

at Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

2.2. USES OF INFORMATION COLLECTED

We believe in minimizing the data we collect and limiting its use and purpose to those (1) for which

we have been given permission, (2) necessary to provide the Products you purchase or interact with

(including services by your dental professional) or (3) we might be required or permitted for legal

compliance or lawful purposes.

(a) USE OF INFORMATION. We use Contact Data to send you information about our company

or our Products, or promotional material from some of our partners, or to contact you when necessary.

We use TDO Customer Financial Data to verify their qualifications for certain Products and to bill

you for them. We use your Demographic Data to customize and tailor your experience on the site,

displaying content that we think you might be interested in and according to your preferences.

(b) SHARING OF PERSONAL INFORMATION. We share certain categories of information we

collect from you in the ways described in this Privacy Policy. We share Demographic Data with

advertisers and other third parties only on an aggregate (i.e., non-personally-identifiable) basis. We

share Contact Data of TDO Customers with other TDO Customers so they can contact each other for

allowable purposes. We also share Contact Data and Financial Data with our business partners who

assist us by performing core services (such as hosting, billing, fulfillment, or data storage and

security) related to our operation of the Sites. Those business partners have all agreed to uphold the

same standards of security and confidentiality that we have promised to you in this Privacy Policy,

and they will only use your Contact Data and other Personal Information to carry out their specific

business obligations to the Company. If you do not want us to share your Contact Data with any third

parties, please email us at webadmin@tdo4endo.com and we will do so, but please understand that

such a request will likely limit your ability to take advantage of all of the features we offer on the

Company Site.

PERSONAL INFORMATION. You may choose not to provide us with any Personal Information. In

such an event, you can still access and use some of the Company Site; however, you will not be able

to access and use those portions of the Company Site that require your Personal Information.

(d) USER RIGHTS TO ACCESS, CORRECT, AMEND, ERASE OR DELETE PERSONAL

INFORMATION. You have the right to access the Personal Information that we have about you and

you have the right to correct, amend, erase or delete that information at your choice or when it is

inaccurate or has been processed in violation of the U.S. Department of Commerce’s Privacy Shield

Principles (referenced below). If you want to access, correct, amend or delete your Personal

Information on the Company Site, please email us at webadmin@tdo4endo.com and we will

cooperate with you do so, but please understand that, while we won’t take any prohibited action due

to your making a request, such a request will likely limit your ability to take advantage of all the

features that we offer on the Company Site. We will acknowledge your data requests within 10

business days and respond within 30 calendar days, including, when requested, sending you a copy

of your Personal Information that we have collected.

3 Version 2021.03.01

3. FOR VISITORS TO THE SITES OF TDO CUSTOMERS SUCH AS YOUR DENTAL

PROFESSIONAL (AND THEIR PATIENTS, EMPLOYEES AND REFERRING MEDICAL

PROFESSIONALS) – INFORMATION COLLECTION AND USE

While we have designed their practice management systems, TDO Customers primarily control

the information that is collected and how it is used and shared, not us. As described below, we do

have access to or process some of the data that the customer of TDO Cloud Service collects in its

system. Further, TDO Cloud Service includes a website configured for each of these TDO Customers

and we back up the data in the practice management systems of those customers.

3.1. TYPES OF INFORMATION COLLECTED

(a) TRAFFIC DATA COLLECTED. The Services Site is configured to automatically track and

collect the following categories of information when you visit the Services Site: (1) IP addresses; (2)

domain servers; (3) types of computers accessing the Site; and (4) types of web browsers used to

access the Services Site (collectively “Traffic Data”). Traffic Data is anonymous information that

does not personally identify you but is helpful for marketing purposes or for improving your

experience on the Services Site. The Services Site also use “cookies” to customize content specific

to your interests, to ensure that you do not see the same advertisement repeatedly, and to store your

password so you do not have to re-enter it each time you visit the Services Site.

(b) PERSONAL INFORMATION COLLECTED. In order for you (that is, TDO Customers, their

authorized patients, employees, contractors or referring dental professionals) to access certain

premium services and functionality that is delivered via the Services Site or directly by the TDO

Customer, you might be required to provide certain information that personally identifies you

(“Personal Information”). Personal Information includes the following categories of information: (1)

Contact Data (such as your name, mailing address, and e-mail address); (2) Demographic Data (such

as your zip/postal code, age, date of birth, names of dentists and doctors) and (3) Other Data Collected

that could directly or indirectly identify you (including patients’ dental and medical records, billing

history, miscellaneous notes and your use of the Services Site). If you communicate with us by email

any information provided in such communication may be collected as Personal Information.

3.2. USES OF INFORMATION COLLECTED

We believe in minimizing the data we collect and limiting its use and purpose to those (1) for which

we have been given permission, (2) necessary to deliver the services that the TDO Customer wants

to provide to you or (3) we might be required or permitted for legal compliance or lawful purposes.

(a) USE OF INFORMATION. As described above, we do not control the data that is collected by

the TDO Customer or how it is used or shared. While the TDO Customer’s practice management

system is configured for backup storage in the office, the TDO Customer might also store Personal

Information in another location. For customers of TDO Cloud service, we provide backup and storage

remotely.

We provide troubleshooting, administrative and technical services to all TDO Customers and when

requested can access information that is collected on the practice management system to provide that

assistance. For customers of TDO Cloud Service, we can track the log-in and activities of all users

and can also monitor some aspects of the TDO Customer’s practice, including number of medical

professionals, hours worked, locations, site licenses and usage.

4 Version 2021.03.01

(b) SHARING OF PERSONAL INFORMATION OF TDO CUSTOMERS. We share certain

categories of information we collect from TDO Customers in the ways described in this Privacy

Policy. We share Demographic Data with advertisers and other third parties only on an aggregate

(i.e., non-personally-identifiable) basis. We share Contact Data with other companies who may want

to send information about their Products or services, unless you have specifically requested that we

not share Contact Data with such companies. We also share Contact Data and Financial Data with

our business partners who assist us by performing core services (such as hosting, billing, fulfillment,

or data storage and security) related to our operation of the Services Site. Those business partners

have all agreed to uphold the same standards of security and confidentiality that we have promised

to you in this Privacy Policy, and they will only use your Contact Data and other Personal Information

to carry out their specific business obligations to us. If you do not want us to share your Contact Data

with any third parties, please email us at webadmin@tdo4endo.com, but please understand that such

a request will likely limit your ability to take advantage of all of the features and services we offer.

PERSONAL INFORMATION. You may choose not to provide us with any Personal Information. In

such an event, you can still access and use much of the Services Site; however you will not be able

to access and use those portions of that site that require your Personal Information.

(d) USER RIGHTS TO ACCESS AND TO CORRECT, AMEND, ERASE OR DELETE

PERSONAL INFORMATION. You have the right to access the Personal Information that we have

about you and you have the right to correct, amend, erase or delete that information at your choice or

when it is inaccurate or has been processed in violation of the U.S. Department of Commerce’s

Privacy Shield Principles (referenced below). If your Personal Information has been submitted to

us by a TDO Customer such as your dental professional and you wish to exercise any rights

you may have under applicable data protection laws, please inquire with the TDO Customer

directly. Because we may only access the data of TDO Customers upon instructions from the

respective customer, if you wish to make your request directly to us, please provide the name

of the TDO Customer who submitted your data when you contact us. We will refer your request

to that TDO Customer, and will support that TDO Customer as needed in responding to your

request within a reasonable timeframe. Please contact us at webadmin@tdo4endo.com. If you

request to delete your Personal Information that is still necessary for us or TDO Customers to provide

the services you have ordered, the request will be honored only to the extent that (1) it is approved

by the TDO Customer who controls your Personal Information, (2) the Personal Information is no

longer necessary for any services being provided and (3) the Personal Information is no longer

required for our legitimate business purposes, legal or contractual record keeping requirements. We

will assist the TDO Customer when requested in transferring or porting your Personal Information

where it is technically feasible to transfer it automatically. Please understand that such a request will

likely limit your ability to take advantage of all the features on the Site of the TDO Customer.

4. FOR VISITORS TO THE COMPANY SITE AND THE SITES OF TDO CUSTOMERS

SUCH AS YOUR DENTAL PROFESSIONAL (AND THEIR PATIENTS, EMPLOYEES AND

REFERRING MEDICAL PROFESSIONALS)

4.1. ANALYTICS AND CONVERSION TRACKING

(a) We may use analytics services that use cookies, Javascript and similar technologies to help

us analyze how users use the Products. The information generated by these services about your use

of the Products (including your IP address or a truncated version of your IP address) is transmitted to

5 Version 2021.03.01

and stored by analytics service providers on their servers. Those service providers will use this

information for the purpose of evaluating your, and other users’, use of the Products, compiling

reports for us on website activity and providing other services relating to website activity and Internet

usage.

(b) We may collect information about your computer, including your IP address, operating

system and browser type, for system administration and in order to create reports. This is statistical

data about our users’ browsing actions and patterns, and does not identify any individual. For

example, we use cookies on our site for Google Analytics (the “Analytics Service”). The Analytics

Service is a web-based analytics tool that helps website owners understand how visitors engage with

their website. The Analytics Service customers can view a variety of reports about how visitors

interact with their website so that they can improve it.

interactions as in our case, where they are used to collect information about how visitors use the Sites.

We then use the information to compile reports and to help us improve the Sites.

(d) Cookies contain information that is transferred to your computer’s hard drive. These

cookies are used to store information, such as the time that the current visit occurred, whether the

visitor has been to the site before and what site referred the visitor to the web page.

(e) The Analytics Service collects information anonymously. They report website trends

without identifying individual visitors. You can opt out of the Analytics Service without affecting

how you visit our site. For more information on opting out of being tracked by Google Analytics

across all websites you use, visit https://tools.google.com/dlpage/gaoptout.

(f) We may also use Google conversion tracking and/or similar services to help us understand

your and other users’ use of TDO Products.

4.2 NEW, IMPROVED OR ENHANCED PRODUCTS. We use the information that we collect

to deliver, improve, update and enhance the Products in order to (1) improve and optimize the

operation and performance of the Products, (2) identify security risks, errors or possible

enhancements, (3) detect and address fraud and abuse, (4) collect aggregate statistics about use of

the Products and (5) understand and analyze how you use the Products. Much of the data collected

is aggregated or statistical data about how individuals use the Products, and is not linked to

Personal Information, however, to the extent it is or is linked to Personal Information, we treat it

accordingly.

4.3 CONFIDENTIALITY AND SECURITY OF PERSONAL INFORMATION. Except as

otherwise provided in this Privacy Policy, we will keep your Personal Information private and will

not share it with third parties, unless such disclosure is necessary to: (a) comply with a court order or

other legal process; (b) protect our rights or property; or (c) enforce our Terms of Service. Your

Personal Information is stored on secure servers that are not accessible by third parties. We provide

you with the capability to transmit your Personal Information via secured and encrypted channels if

you use a similarly equipped web browser.

(a) LOST OR STOLEN INFORMATION. If you have provided your credit card information to

us, you must promptly notify us if your credit card, user name, or password is lost, stolen, or used

without permission. In such an event, we will remove that credit card number, user name, or password

from your account and update our records accordingly. We will give prompt notice to you and

6 Version 2021.03.01

appropriate government authorities of any data breach involving your Personal Information and will

cooperate in any investigations conducted.

(b) PUBLIC INFORMATION. The Sites contain links to other websites. We are not responsible

for the privacy practices or the content of such websites. We also make chat rooms, forums, message

boards, and newsgroups available to TDO Customers. Please understand that any information that is

disclosed in these areas becomes public information. We have no control over its use and you should

exercise caution when deciding to disclose your Personal Information.

Personal Information we collect, both during transmission and once it is stored, including encryption

where appropriate. We retain Personal Information only for as long as necessary to support TDO

Customers or their provision of services to others, and then for legitimate legal or business purposes.

(d) “DO NOT TRACK.” Some browsers allow you to automatically notify website you visit not

to track you using a “Do Not Track” signal. Due to the lack of consensus of what such signals mean,

we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s

browser.

4.4 AGE RESTRICTIONS. Our Sites are intended for use by those 18 and over, including the

parents and guardians of minor children. Our Sites are not targeted to, intended to be used by or

designed to entice individuals under the age of 18. If you know of or have reason to believe that

anyone under the age of 18 has provided us with any Personal Information, please contact us.

5. UPDATES AND CHANGES TO PRIVACY POLICY. We reserve the right, at any time and

without notice, to add to, change, update, or modify this Privacy Policy, simply by posting such

change, update, or modification on the Company Site and without any other notice to you. Any such

change, update, or modification will be effective immediately upon posting on the Company Site.

6. SITE TERMS OF USE. Use of the Sites is governed by, and subject to, the Terms of Use (the

“Terms”). This Privacy Policy is incorporated into the Terms. Your use, or access, of the Sites

constitutes your agreement to be bound by these provisions. IF YOU DO NOT AGREE TO THE

TERMS AND THIS PRIVACY POLICY YOU MAY NOT ACCESS OR OTHERWISE USE THE

SITES.

7. TRANSFER OF PERSONAL INFORMATION ABROAD AND PRIVACY SHIELD

FRAMEWORK. Our servers are maintained in the United States and that is where we provide

customer support. By using the Sites or the services of a TDO Customer or communicating with us,

you freely and specifically give us your consent to export your personally identifiable information to

the United States and to store and use it in the United States as specified in this Privacy Policy. You

understand that data stored in the United States may be subject to lawful requests by the courts or law

enforcement authorities in the United States. TDO complies with the EU-U.S. Privacy Shield

Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of

Commerce regarding the collection, use, and retention of Personal Information transferred from the

European Union and Switzerland to the United States. TDO has certified to Department of Commerce

that it adheres to the Privacy Shield Principles. If there is a conflict between the terms in this Privacy

Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more

about the Privacy Shield program, and to view our certification, please visit

https://www.privacyshield.gov/. TDO is responsible for the processing of Personal Information we

receive under each Privacy Shield Framework, and subsequently transfers to a third party acting as

7 Version 2021.03.01

an agent on our behalf. In compliance with the Privacy Shield Principles, TDO commits to resolve

complaints about our collection or use of your Personal Information. EU and Swiss individuals with

inquiries or complaints regarding our Privacy Shield Policy should first contact TDO at

webadmin@tdo4endo.com. TDO has further committed to refer unresolved Privacy Shield

complaints to ICDR-AAA, an alternative dispute resolution provider located in the United States. If

you do not receive timely acknowledgement of your complaint from us, or if we have not addressed

your complaint to your satisfaction, please visit https://go.adr.org/privacyshield.html for more

information or to file a complaint. The services of https://go.adr.org/privacyshield.html are provided

at no cost to you. Under certain conditions, more fully described on the Privacy Shield website, you

may invoke binding arbitration when other dispute resolution procedures have been exhausted.

8. LAW. This Privacy Policy and our legal obligations hereunder are subject to the laws of the

State of California and the U.S. regardless of your location. You hereby consent to the exclusive

jurisdiction of and venue in the courts located in the State of California, County of San Diego, in all

disputes arising out of or relating to the Sites, except as specifically provided below. With respect to

Personal Information received or transferred pursuant to each Privacy Shield Framework, TDO is

subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. We cooperate

with government and law enforcement officials to enforce and comply with the law. We will disclose

any information about you to government or law enforcement officials as we, in our sole discretion,

believe appropriate to respond to claims and legal process (including in response to lawful requests

by public authorities, including to meet national security or law enforcement requirements), to protect

property and rights, to protect public safety or to prevent activity that we consider to be illegal or

unethical.

9. CONTACT. For questions or concerns relating to privacy, we can be contacted at

webadmin@tdo4endo.com.