This Privacy Statement (the “Privacy Statement”) applies to, 3D Diagnostix, Inc. (“3D Diagnostix”,“3DDX”, or “we”), a Massachusetts, United States corporation with its headquarters at 24 Denby Rd Boston, MA 02134, USA and all of our global affiliates. We respect your privacy rights and value your trust. The Privacy Statement describes how we collect, receive, use, store, share, transfer and process your personal data as well as your rights in determining what we do with the information that we collect or hold about you.

3DDX is responsible for the processing of your personal information when you visit our web page, purchase a product, enroll in one of our email services, request information, register on the website, enter one of our contests, participate in a promotion, use any of the other interactive portions of our website, communicate with us through social media, or in connection with an actual or potential business or employment relationship with us (together “data subjects”), and any other sites or services under our control where this Privacy Statement is displayed. You may contact us at any time via the methods described below.

This Privacy Statement also covers our collection, use and disclosure of personal information that we collect through our services https://3ddx.com and https://3ddiagnostix.com/newconnect-ui. The use of information collected through our service is limited to the purpose of providing the service for which our client has engaged 3DDX.

Types of personal data we process
The types of information we may hold and process about you include:
a) Contact information(such as name, postal or email address, and phone number);
b) Business contact information (such as job title, department and name of organization);
c) Professional information (such as experience with 3DDX products or services);
d) Payment details(including payment card number, expiration date, and billing address);
e) Shipping information (including the shipping address and phone number);
f) Username and password for the account you may establish on our website;
g) Content (such as photographs and comments);
h) Information about you or your patients’ physical condition or health which may be provided to us by your or your health providers to enable us to deliver services and manufacture products for you;
i) Information generated by us in the course of managing our relationship with you, such as a history of our interactions with you, your purchases from us and information about your use of our products;
j) Other information(such as demographic data, and shopping behavior and preferences);
k) Server log files .We automatically gather server log file information when you visit our websites. This includes IP address, browser type, referring and exit web pages, and your operating system. For more information about our use of cookies and similar tracking technologies, please see the relevant section in this Privacy Notice below.

In the European Union (EU), “personal data” is defined very broadly and includes any information relating to a natural person, who can be identified, directly or indirectly, from data that we hold about them or from data that is combined with other information. It may include data relating to our employees, customers, patients, shareholders, contractors or the staff of our suppliers, visitors to our buildings or website users.

Purposes for which we collect and process personal data
3DDX needs to process a certain amount of Personal Data about you for a variety of purposes.  3DDX will only process your Personal Data in accordance with applicable law which may include:
a) Manage our business relationship with you, for example: (i) process your transaction;(ii) manage and maintain your account with us; (iii) respond to your questions and comments and provide customer support; (iv) set up a 3DDX Connect account;(v) allocate a Territory Sales Manager or equivalent to be your dedicated account manager
b) Marketing, advertising and public relations, for example: (i) marketing our business and products to you; (ii) provide you with information you have requested about our company, our products and our services; (iii) provide you with information about, or samples of, our product range for marketing purposes; (iv) contact you through email,  telephone or postal mail; (v) tailor your experience on our website by providing content that is relevant to your interests and geographic region;
c) Maintenance and statistics, for example: (i) help diagnose problems with our server; administer the website, and compile broad statistical data; (ii) update and maintain our website;
d) Compliance, legal, regulatory and ethical purposes, for example (i) enforce our Terms of Use or other legal rights; (ii) comply with applicable laws, regulations and requests from governmental agencies; (iii) and comply with industry standards and our policies;
e) Research and product development, for example we may use information about your experience of using our products to help us improve our products.

Legal ground for processing the personal data
EU Data protection law requires us to have a legal basis before processing any Personal Data about you.  The legal basis for us processing your Personal Data for the above purposes may be because: (i) you have provided your consent; (ii) it is necessary to for the performance of a contract with you; (iii) the processing is necessary for our compliance with a legal obligation; or (iv) the processing is in our legitimate interests of operating and promoting our business.
To the extent provided by applicable law, you may withdraw any consent you previously provided to us, or object at anytime on legitimate grounds, to the processing of your Personal Data. In some circumstances, withdrawing your consent to 3DDX’s use or disclosure of your Personal Data will mean that you cannot take advantage of certain 3DDX products or services.

Disclosure of personal data
We intend to keep your Personal Data confidential, in compliance with our legal obligations. We do not sell, rent, trade or otherwise disclose this information to third parties, other than as described in this Privacy Statement, for the purposes described above, or as we disclose to you at the time the data is collected. We may disclose your Personal Data in accordance with, and where permitted by, applicable law.

Third Party Service Providers/Vendors
We share your information with third parties who provide services on our behalf to help with our business activities.  These companies are authorized to use your personal data only as necessary to provide these services to us, pursuant to written instructions.  In such cases, these companies must abide by our data privacy and security requirements, and are not allowed to use personal data they receive from us for any other purpose. Representative business processes that our service providers/vendors assist US with include:
•          Network or cyber security monitoring and intrusion detection
•          Web or application development/management
•          Shipping and fulfilling orders
•          Payment processing
•          Sending marketing communications
•          Fulfilling subscription services
•          Providing cloud computing infrastructure/storage/processing, etc.
•          Technical administration, such as hosting, managing and maintaining [our sites, services, applications, etc.]
•          Analytics, so that we may better understand how our site is being used in order to optimize resources

Within Our Corporate Family:  We disclose PI to affiliated companies related by common ownership or control to carry out regular business activities, such as to provide, maintain and personalize our sites and services, to communicate with you, and to accomplish our legitimate business purposes, pursuant to contractual safeguards.

Aggregated Data:  We disclose aggregated data that no longer identifies individual users and other de-identified information for [regulatory compliance, market analysis, and other business purposes].

Legal Compliance:  In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  We may also disclose your personal information as required by law, such as to comply with a subpoena or other legal process, when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Cookies and similar tracking technologies
We and our service providers use technologies on [our sites and services] to collect information that helps us improve the quality of [our sites and services] and the online experience of our visitors and users.  In this Privacy Statement, we refer to these technologies, which include cookies–small text files stored on your computer or mobile device to remember your actions or preferences over time—analytics and remarketing beacons and similar technologies from third party providers, collectively as “cookies.”  Cookies allow us to personalize your return visits to our [sites and services] and to save you time during certain activities, such as remembering your user preferences; remaining logged into our site; or storing items in a checkout cart.  Most web browsers support cookies, and users can control the use of cookies at the individual browser level.  Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our [sites and services].

We and our service providers use cookies and similar technologies for the following purposes:
•          deliver advertisements that we believe are more relevant to your interests;
•          to detect and combat fraud
•          to gather information about our user base as a whole
•          to monitor and provide analytics about the performance, trends and operation of [our website, mobile application or services]
•          to enable you to use and access our website, mobile application or services
•          to better understand how our users interact with our website, application or services
•          to store and honor your preferences and settings

A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive, mobile phone or other device.  You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not.  However, some of the services and features offered through our websites may not function properly if your cookies are disabled.

The following are examples of cookies that may be used on our websites:
a) Strictly necessary cookies. These cookies are essential in order to enable you to move around the website and use its features. Without these cookies, services you have asked for, like saving your account login info, adding products to a cart, checking out, cannot be provided.
b) Performance/analytic cookies. These cookies collect data about how visitors use our websites, including the country from which the visitor is accessing from. They allow us to recognize and count the number of visitors and to see how visitors move around the site when they are using it.  All data these cookies collect is aggregated and do not seek to personally identify you.
c) Functionality cookies. These are used to recognize you when you return to our website. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region). Your browser settings may allow you to automatically transmit a “Do Not Track” signal to websites and online services you visit. However, there is no consensus among industry participants as to what “Do Not Track” means in this context. Like many websites and online services, our websites currently do not alter their practices when they receive a “Do Not Track” signal from a visitor’s browser. To find out more about “Do Not Track,” visit http://www.allaboutdnt.com.

Third-party advertisers and other organizations may use their own cookies to collect information about your activities on our [sites and services] and/or the advertisements you have clicked on. This information may be used by them to serve advertisements that they believe are most likely to be of interest to you based on content you have viewed. Third-party advertisers may also use this information to measure the effectiveness of their advertisements. We do not control these cookies and to disable or reject third-party cookies, please refer to the relevant third party’s website.

If you would prefer to not receive personalized ads based on your browser or device usage, you may generally express your opt-out preference to no longer receive tailored advertisements.  Please note that you will continue to see advertisements, but they will no longer be tailored toy our interests. To opt-out of interest-based advertising by participating companies in the following consumer choice mechanisms, please visit:

-Digital Advertising Alliance (DAA)’s self-regulatory opt-out page (http://optout.aboutads.info/)and mobile application-based “AppChoices” download page(https://youradchoices.com/appchoices)

-European Interactive Digital Advertising Alliance (EDAA)’s consumer opt-out page(http://youronlinechoices.eu)-Network Advertising Initiative (NAI)’s self-regulatory opt-out page(http://optout.networkadvertising.org/).

Security measures used to protect the personal data
3DDX will take appropriate physical, technical and organizational security measures designed to safeguard and secure any information you provide to us. Your Personal Data will be retained for the duration of our business relationship and for a period of time thereafter as required by applicable local law or where we have a legitimate and lawful purpose.

Analytics and advertising
Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
Google Analytics cookies are stored based on Art. 6 (1) (f) DSGVO. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.

Data Subject Rights
3DDX respects your control over your information and, upon request, we will confirm whether we hold or are processing information that we have collected from you. You also have the right to amend or update inaccurate or incomplete personal data, request deletion of your personal data, or request that we no longer use it.  Under certain circumstances we will not be able to fulfill your request, such as if it interferes with our regulatory obligations, affects legal matters, we cannot verify your identity, or it involves disproportionate cost or effort, but in any event we will respond toy our request within a reasonable time frame and provide you an explanation.
Individuals may also have the right to lodge a complaint with the local data protection authority if they believe that their personal data is not being processed in accordance with applicable data protection law. If you would like to exercise any of these rights, please contact the 3DDX Privacy Contact at info@3ddx.com.  To assist us in responding to such requests in a timely fashion, please include the phrase “Privacy Rights Request” in the title of your message.
Please note that for personal data about you that we have obtained or received for processing on behalf of a separate, unaffiliated entity–which determined the means and purposes of processing, all such requests should be made to that entity directly.  We will honor and support any instructions they provide us with respect to your personal information.
Data subjects may, where permitted by applicable law, request copies of their Personal Data. This is known as a subject access request or SAR.
If you would like to make a SAR, i.e. a request for copies of the Personal Data we hold about you, you may do so by writing to the Data Protection Contact whose details are provided below. The request should make clear that a SAR is being made.  We may ask you to provide evidence of your identity if it is not clear.
Responding to a SAR can be a time consuming exercise. 3DDX may be able to get the information that you require more quickly if you are as specific as possible in your request. E.g., “I would like a copy of my Personal data contained in my website member account file” or if you would like a copy of a particular document it would be helpful if the document is described carefully, including the title, creation date, author and likely place of storage.  This will help us to respond to your SAR as quickly as possible. You may be asked for further details to assist us if insufficient information is provided.

Public Areas
This website may make chat rooms, careers, message boards, and/or news groups available to its users at various times. Please remember that, unless otherwise stated, any information that is disclosed in these areas becomes public information and you should exercise caution when deciding to disclose your personal information in these areas. Do not use these areas to post personal information about third parties or discuss information about specific, identifiable patients.

Links to other websites
Our website may contain links to other websites. 3D DIAGNOSTIX is not responsible for the privacy practices or the content of unaffiliated third-party websites. To help ensure the protection of your privacy, we recommend that you review the privacy policy of any website you visit via a link from the website.

California
California law permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. Under the law, a business must either provide this information or permit California residents to opt in to, or opt out of, this type of sharing. If you are a California resident and would like information identifying the categories of personal information which we share with our affiliates and/or third parties for marketing purposes, and the contact information for such affiliates and/or third parties, please submit a written request using the contact details at the beginning of this Privacy Statement.

International transfer of personal data
We may disclose or transfer your personal data to a third party in countries outside the country in which it was originally collected for further processing in accordance with the purposes set out in section 2 above, in particular your personal data maybe transferred throughout the 3DDX branches. In these circumstances we will, as required by applicable law, ensure that your privacy rights are adequately protected by organizational, technical, contractual and/or other lawful means. You may be entitled under applicable law to receive a copy of the safeguards which we have put in place to protect your personal data and privacy rights; please get in touch with the Data Protection Contact for further information on how to exercise this right.

EU-U.S. Privacy Shield
3DDX participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. 3DDX is committed to subjecting all personal data received from European Union (EU) member countries, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List. [https://www.privacyshield.gov/list]

3DDX is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. 3DDX complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, 3DDX is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.  In certain situations, 3DDX may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Under certain conditions, more fully described on the Privacy Shield website [https://www.privacyshield.gov/article?id=How-to-Submit-a-Complaint], you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

Updates to our privacy statement
We may at any time in our sole discretion revise or update this Privacy Statement. If we propose to make any material changes, we will notify you by means of a notice on this page prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Questions about this privacy statement
If you have any questions or comments about this Privacy Statement, 3DDX privacy practices, or if you would like us to update information or preferences you provided to us, please contact us at:
Email: info@3ddx.com with “FYA: Data protection officer” in the subject header (the “Data Protection Contact”),
Web: http://www.3ddx.com and use the information on the “Contact Us” page,
Telephone: +1 (866) 834-7925 Toll-Free and +1 (617) 820-5279 outside the US and Canada