General Privacy Policy

Effective: November 18, 2023

1. Scope of This Policy

This Privacy Policy is intended to inform users of the Pearl Inc. website at hellopearl.com (the “Site”) and/or users of any of our products or services (collectively with the Site, the "Service") about how we gather and use personal information in connection with the Service. “Pearl” or the terms “we,” us,” “our,” or similar terms refer to Pearl Inc. “You” or “your” or similar terms refer to you as auser of our Service. If you have any questions regarding this information or our privacy practices, please contact us via the method set out in the How to Contact Us section at the end of this Privacy Policy.

Pearl Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S.DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department ofCommerce.  Pearl Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.  Pearl Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

2. Agreement to Terms

By using our Service, you consent to our Privacy Policy and Terms of Use and to our collection, use, and sharing of your information, and other activities, as described below. If you do not agree to the terms of this Privacy Policy or our Terms of Use, then you should immediately discontinue use of the Service without providing us with any personal information.

3. Information We Collect

Pearl collects the following categories of personal information (a) directly from you, such as through registration or feedback forms, (b) from the device and browser that you use to access our Site, and (c) cookies and similar technologies.

·      Identifiers. We may collect first and last name and account username and password.

·      Professional Information. We may collect professional contact details from you. This includes your title or position and professional contact information (e.g.,address, email address, and phone number).

·      Payment Information. In the event you make a payment using a corporate or other credit card issued in your name, we collect your name and credit card number, expiration date, and CVV code.

·      Device Information. We collect device information when you visit our Site. This includes your computer or mobile device type, browser type, online identifiers,IP address, and geolocation information.

·      Interaction with our Site. We may collect information concerning your interaction with our Site, including when you access the Site and your browsing activity on the Site (such as which pages you visit, in what order, and for how long). This may include “traffic” data or tracking information provided by the Site’s host or similar providers (e.g., HubSpot) that may be helpful for marketing purposes or for improving the Service.

·      Onward transfers of personal information to third parties. Personal information is processed at Pearl's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.
       Pearl will take all steps reasonably necessary to ensure that any personal information is treated securely and in accordance with this Privacy Policy and no transfer of personal data will take place to an organization or a country unless there are adequate controls in place including the security of personal information.
       Pearl complies with the Notice and Choice Principles of the Data Privacy Framework Program when transferring personal information. Pearl must enter into a contract with any third-party controller that provides that such data may only be processed for limited and specified purposes consistent with the consent provided by the individual and that the recipient will provide the same level of protection as the Principles and will notify the organization if it makes a determination that it can no longer meet this obligation. The contract will provide that when such a determination is made the third-party controller ceases processing or takes other reasonable and appropriate steps to remediate.
       To transfer personal data to a third party acting as an agent, Pearl must: (i) transfer such data only for limited and specified purposes; (ii) ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles; (iii) take reasonable and appropriate steps to ensure that the agent effectively processes the personal information transferred in a manner consistent with the organization’s obligations under the Principles; (iv) require the agent to notify the organization if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles; (v) upon notice, including under (iv), take reasonable and appropriate steps to stop and remediate unauthorized processing; and (vi) provide a summary or a representative copy of the relevant privacy provisions of its contract with that agent to the Program upon request personal information.

You are not required to provide all personal information identified in this Privacy Policy to use our Service or to interact with us, but certain functionality will not be available if you do not provide certain personal information. For example, if you do not provide certain personal information, we may not be able to respond to your requests or allow you to register an account.

4. Health Information

We primarily provide services to dentists’ offices, dental laboratories, and other business entities. We provide these entities with software and other services to assist them in the diagnosis and treatment of medical conditions and to support their business operations. These entities may provide personal information, including health and medical information, about their patients to us in connection with their use of the Service. These entities are directly responsible to their patients for the use and disclosure of patient health or medical information.

In addition, patient information provided to us by these entities may be considered Protected Health Information as that term is defined in the Health Insurance Portability and Accountability Act of 1996 and Health Information Technology for Economic and Clinical Health Act and in regulations promulgated there under and it may also be subject to regulation under state law. We offer and provide Services in a manner that complies with all applicable laws and regulations we are aware of and/or become known to us and will continue to do so.

5. Cookies

We store certain information that gets collected automatically at our end through cookies and other similar technologies on our Site. A cookie is a small string of information that a website that you visit transfers to your browser for identification purposes.Cookies can be used to follow your activity while using a website or across websites, and that information helps companies understand your preferences and tendencies, as well as improve and personalize your website experience. Some cookies are necessary to operate a website, while others can be functional or analytical. The cookies we use are divided into the following categories:

·      Strictly Necessary Cookies. These are required for the operation of our Site. They include, for example, cookies that are intended to secure our Site.

·      Analytical/Performance Cookies. These allow us to recognize and count the number of users on ourSite and understand how such users navigate through the Site (e.g., when and which pages are visited, in what order the pages are visited, and where a user is located). This helps improve how the Site works, for example, by ensuring that users can find what they are looking for easily.

·      Functional Cookies. These improve the functional performance of the Site and make it easier for you to use. For example, cookies are used to remember that you previously visited our Site and your preferences.

You can prevent the use of certain cookies by modifying your Internet browser settings, typically under the sections “Help,”“Internet Options,” or “Settings.” If you disable or delete certain cookies in your Internet browser settings, you may still access our Site, however, you might not be able to access or use important functions or features of our Site.

Do-Not-Track Signals. At this time, Pearl does not recognize automated browser signals regarding tracking mechanisms, which may include“do-not-track” instructions.

6. Children’s Privacy

The Service is not directed at users under the age of sixteen and Pearl does not knowingly collect personal information from individuals under the age of sixteen. If you are aware of, or suspect that, someone under the age of 16is using the Service without permission, please notify us immediately by contacting us as detailed below. If you have questions or concerns about the Internet and privacy for your child, we encourage you to check out the FTC Guidelines for protecting your child’s privacy online.

7. Our Use of Personal Information

We collect and use personal information for the following purposes:

·      Providing the Service and providing goods and services request by, or anticipated within the context of our relationship with, you.

·      Managing our relationship with you.

·      Responding to inquiries or requests and requesting feedback.

·      Tracking use of login credentials to access our Service.

·      Analyzing use of, and improving, our Service.

·      Administering promotions, events, or surveys.

·      Providing relevant promotional materials and other marketing.

·      Detecting security incidents and protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for such activity.

·      Conducting investigations, complying with legal and regulatory obligations and industry standards, and responding to lawful requests for information from the government or pursuant to valid legal process.

8. Our Disclosure of Personal Information

Pearl may share personal information with the following third parties:

·      Service providers, who help us provide, maintain, and improve the Service, including IT service and hosting providers, web analytics providers, customer invoicing providers, and marketing providers.

·      Advisers and financial institutions, including auditors, notaries, business continuity support service providers, and legal, tax, and risk and compliance advisers.

·      Government bodies, dispute resolution organizations, law enforcement agencies, or third parties in connection with (a) responding to a subpoena, search warrant, or other lawful request for information that we receive; (b) cooperating in a law enforcement or similar investigation; or (c) otherwise protecting our rights, as applicable.

·      If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of all or a portion of our assets, or transition of service to another provider(collectively, a “Transaction”), your personal information and other information may be shared in the diligence process with counterparties and others assisting with the Transaction and transferred to a successor or affiliate as part of that Transaction along with other assets.

9. Privacy Choices

If you no longer want to receive marketing communications from us, you may unsubscribe at any time by following the unsubscribe options in the communication itself or selecting the opt-out box in your user account. Please note that you cannot unsubscribe from certain correspondence from us, including messages relating directly to your account or order processing.

If you wish to access, update, and/or correct inaccuracies in your account information, you may do so by logging into your account.

10. Security

We maintain reasonable technical and organizational measures to protect personal information from loss, misuse, alteration, or unintentional destruction. We have implemented various security measures to protect both the personal information and the general information that we receive through the Service.

Whenever personal information is given out online there is a risk that third parties may intercept and use that information. Although we seek to protect personal information and privacy, we cannot guarantee the security of any information disclosed online. To the extent permitted under applicable law, we assume no liability or responsibility for disclosure of information due to errors in transmission, unauthorized access by third parties, or other causes beyond our control.

You play an important role in keeping your information secure. You should not share your password with anyone. If you have reason to believe that your account is no longer secure, please contact us immediately at the information in the How to Contact Us section below.

11. Additional Disclosures for Residents of the United Kingdom (UK), Switzerland (CH) and European Union (EU)

This section provides additional information for residents of the UK, CH and EU.

Data Processing

Pearl is a US based company, most of our operations are conducted in the United States. All Services regarding personal information originating from the United Kingdom and the European Economic Area are processed in Ireland and is never transferred to the United States. We implement the standard contractual clauses approved by the European Commission.

For the purposes of the EU and UK GDPR (General Data Protection Regulation), refers to the Company as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

Legal Basis for Processing Personal Data under GDPR

We may process Personal Data under the following conditions:

Consent: You have given Your consent for processing Personal Data for one or more specific purposes.

Performance of a contract: Provision of Personal Data is necessary for the performance of an agreement with your health care provider for any obligations thereof.

In any case, the Company will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Your Rights under the GDPR

The Company undertakes to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights.

You have the right under this Privacy Policy, and by law if You are within the EU, CH, or UK, to:

Request access to Your Personal Data. The right to access, update or delete the information We have on You. Whenever made possible, you can access, update or request deletion of Your Personal Data directly within Your account settings section. If you are unable to perform these actions yourself, please contact Us to assist You. This also enables You to receive a copy of the Personal Data We hold about You.

Request correction of the Personal Data that We hold about You. You have the right to have any incomplete or inaccurate information We hold about You corrected.

Object to processing of Your Personal Data. This right exists where We are relying on a legitimate interest as the legal basis for Our processing and there is something about Your particular situation, which makes You want to object to our processing of Your Personal Data on this ground. You also have the right to object to where We are processing Your Personal Data for direct marketing purposes.

Request erasure of Your Personal Data. You have the right to ask Us to delete or remove Personal Data when there is no good reason for Us to continue processing it.

Request the transfer of Your Personal Data. We will provide to You, or to a third-partyYou have chosen, Your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for Us to use or where We used the information to carry out a contract with You.

Withdraw Your consent. You have the right to withdraw Your consent on using yourPersonal Data. If You withdraw Your consent, we may not be able to provide You with access to certain specific functionalities of the Service.

Exercising of Your GDPR Data Protection Rights

You may exercise Your rights of access, rectification, cancellation, and opposition by contacting Us. Please note that we may ask You to verify Your identity before responding to such requests. If You make a request, we will try our best to respond to You as soon as possible.

You have the right to complain to a Data Protection Authority about Our collection and use of Your Personal Data. For more information, if You are in the European Economic Area (EEA), please contact Your local data protection authority in the EEA.

In addition, as a US company, Pearl is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation and any other U.S. authorized statutory body.

We comply with the EU-U.S. Data Processing Framework Principles and Swiss-U.S. Data Processing Framework Principles as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. We have certified the Department of Commerce that it adheres to the Data Processing Framework (DPF) Principles. If there is any conflict between the terms in this privacy policy and the DPF Principles, the DPF Principles shall govern. To learn more about the DPF Principles program please visit Assistance Services (dataprivacyframework.gov).

Retention of Personal Information

We retain personal information for as long as necessary to fulfill the purposes for which the information was collected; as needed to address tax, corporate compliance, employment, litigation, and other legal rights and obligations; and as otherwise permitted by law.

Legal Basis for Processing Personal Information

Where required, we have several different legal grounds on which we collect and process personal information for the purposes set out in the section above, Our Use of Personal Information, including: (i) as may be necessary to perform a contract; (ii) as necessary to comply with a legal obligation; (iii) consent (where you have provided consent as appropriate under applicable law); and (iv) as necessary for our legitimate interests (such as when we act to maintain our business generally, including maintaining the safety and security of the Service).

Automated Decision-making

We do not use automated decision-making without human intervention, including profiling, in a way that produces legal effects concerning you or that otherwise significantly affects you.

Your Rights

To the extent required under applicable law, EU, CH and UK residents have the right of:

·      Access. You have the right to request a copy of the personal information we are processing about you, which we will provide to you in electronic form.

·      Rectification. You have the right to request that any incomplete or inaccurate personal information that we process about you is amended.

·      Deletion. You have the right to request that we delete personal information that we process about you, unless, for example, we are required to retain such data to comply with a legal obligation or to establish, exercise or defend legal claims.

·      Restriction. You have the right to request that we restrict our processing of your personal information where: (i) you believe such data to be inaccurate; (ii) our processing is unlawful; or (iii) we no longer need to process such data for a particular purpose, but where we are not able to delete the data due to a legal or other obligation or because you do not want us to delete it.

·      Portability. You have the right to request that we transmit the personal information we hold with respect to you to another data controller.

·      Objection. Where the legal justification for our processing of your personal information is in our legitimate interest, you have the right to object to such processing on grounds relating to your situation (e.g., direct marketing). We will abide by your request unless we have compelling legitimate grounds for the processing which override your interests and rights, or if we need to continue to process the data for the establishment, exercise, or defense of a legal claim.

.      Arbitration. You may, under certain conditions, invoke binding arbitration in any dispute with us over the terms of this policy.

·      Withdrawing Consent. If you have consented to our processing of your personal information, you have the right to withdraw your consent at any time, free of charge. Please note that if you withdraw your consent, this will not affect the lawfulness of our processing of your information on the basis of your consent before the point in time when you withdraw your consent, nor will it affect the processing of personal information conducted in reliance on lawful processing grounds other than consent.

Some rights may be limited, and we may need to retain certain personal information as required or permitted by applicable law.To inquire about or exercise the rights listed above, at any time, contact us at customersupport@hellopearl.com with the subject line “EU Privacy” so that we can get your email to the right team. We will respond to your request consistent with applicable law.

If you feel that your request or concern was not satisfactorily resolved by us, you have the right to lodge a complaint with your local data protection authority.

12. Alternative dispute resolution provider designated to address complaints and provide appropriate recourse free of charge to any affected individual.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Pearl commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to Data Privacy Framework Resolution | JAMS Mediation, Arbitration, ADR Services (jamsadr.com), an alternative dispute resolution provider based in the United States, the European Union, the United Kingdom, and/or Switzerland.  If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit Data Privacy Framework Resolution | JAMS Mediation, Arbitration, ADR Services (jamsadr.com/DPF-Dispute-Resolution) for more information or to file a complaint.  The services of JAMS Mediation are provided at no cost to you.

13. Additional Disclosures for Residents of Brazil

This section provides additional information for residents of Brazil.

Data Transfers

As a US company, most of our operations are conducted in the United States and to provide the Service, personal information will be processed in the United States, where laws regarding processing of personal information may be less stringent than the laws in your country. We provide appropriate protections for cross-border transfers as required by applicable law for international data transfers.

Retention of Your Personal Information

We retain personal information for as long as necessary to fulfill the purposes for which the information was collect; as needed to address tax, corporate compliance, employment, litigation, and other legal rights and obligations; and as otherwise permitted by law.

Legal Basis for Processing Your Personal Information

Where required, we have several different legal grounds on which we collect and process your personal information for the purposes set out in the Our Use of Personal Information section above, including: (i) as may be necessary to perform a contract; (ii) as necessary to comply with a legal obligation; (iii) consent (where consent has been provided as appropriate under applicable law); and (iv) as necessary for our legitimate interests (such as when we act to maintain our business generally, including maintaining the safety and security of the Service).

Automated Processing

We do not use automated processing to make decisions that may affect you significantly. However, we use profiling and analytics to understand how people use our Site. These analytics help us understand and improve the Service. We also use artificial intelligence on our platform to assist dental professionals with the diagnosis and treatment of dental conditions but any output from our platform is reviewed by a dental professional.

Your Rights

As available and except as limited under applicable law, individuals in Brazil have the rights to request:

·      Confirmation of processing of personal information.

·      Access to your personal information.

·      Correction of incomplete, inaccurate, or outdated personal information.

·      Anonymization, blocking, or deletion of unnecessary, excessive information.

·      Personal information portability to another service provider or product, upon express request.

·      Deletion of personal information processed with your consent.

·      Obtaining information about the entities with which Pearl has shared your personal information.

·      Information on the possibility of you not providing consent, as well as being informed about the consequences should you not give consent.

·      Revocation of consent.

Some rights may be limited, and we may need to retain certain personal information, as required, or permitted by applicable law. To inquire about or exercise the rights listed above, at any time, contact us at customersupport@hellopearl.com with the subject line “Brazil Privacy” so that we can get your email to the right team. We will respond to your request consistent with applicable law.

13. Additional Disclosure for Residents of Australia and New Zealand

If you are resident of Australia or NewZealand, you have the right to access the personal information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access or update/correct your personal information, contact us at customersupport@hellopearl.com with the subject line “AU/NZ Privacy” so that we can get your email to the right team. We will respond to your request consistent with applicable law.

As a US company, most of our operations are conducted in the United States and to provide the Service, personal information will be processed in the United States. When your personal information is no longer needed for the purpose for which it was obtained, we will take reason able steps to destroy or permanently de-identify your personal information.

If you have any questions or wish to lodge a complaint, you may do so by contacting us at the information in the How to Contact Us section below. If you submit a complaint, we will investigate your complaint and determine the steps that we will take to resolve it. We will contact you if we need any additional information from you and will notify us of the outcome of the investigation.

14. Additional Disclosures for Residents of Canada

This section contains additional disclosures for residents of Canada. If you wish to access, update, and/or correct inaccuracies in your personal information or change your consent preferences, you may log into your account or contact us at customersupport@hellopearl.com with the subject line “Canada Privacy” so that we can get your email to the right team. You may also contact us for information about how foreign-based service providers process your personal information or if you have any questions or complaints about the manner in which we treat your personal information.

We retain personal information for as long as necessary to fulfill the purposes for which the information was collect; as needed to address tax, corporate compliance, employment, litigation, and other legal rights and obligations; and as otherwise permitted by law.

15. Links to Other Websites

For your convenience, we may link to third-party sites and services, or otherwise display third-party content through our Site to provide increased value to our visitors. We have no control over these linked sites, each of which has separate privacy and data collection policies and practices independent from us. As such we have no responsibility or liability for these independent policies or actions and are not responsible for the privacy practices or the content of any such websites. Please note that these other sites may send their own cookies to users, collect data, or solicit personal information, and we encourage you to review their policies before engaging with these third-party sites.

16. Effective Date and Changes to This Privacy Policy

This Privacy Policy is effective as of the date at the top of this policy. Pearl has the discretion to update this Privacy Policy at any time. When we do, we will revise the effective date at the top of this page. We encourage users to frequently check this page for any changes and to stay informed about how we are helping to protect the personal information we collect, especially before you provide information, and particularly personal information, directly to us through the Service. In the event of a material change to this Privacy Policy, we will provide a message through our website or via email informing you of the change.

17. How to Contact Us

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Pearl Inc. commits to resolve DPF Principles-related complaints about our collection and use of your personal information.  EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Pearl at: customersupport@hellopearl.com.

If you have any questions about this Privacy Policy or our Service, please contact us at customersupport@hellopearl.com.