PRIVACY NOTICE

1. Introduction to this policy

1. System 2 (“S2” or “We”) are committed to protecting and respecting your privacy.

1. This Privacy Notice sets out how S2 uses and protects any information that you give to us. We respect your privacy and are committed to protecting your personal information. This Privacy Notice explains how we collect, transfer, process, use and disclose your data and sets out our security practices.  By visiting alligator.dental.com or using our corresponding Alligator Dental Mobile App (the website and App are referred to as our “Platform” or the “Alligator Dental Platform”) you are accepting and consenting to the practices described in this Privacy Notice.

1. We do not sell personal information and have never done so.

1. Our Platform and Privacy Notice are intended only for individuals within the United States.  However, S2has operations both within and outside the U.S. Therefore, we may need to transfer and use your personal information outside the United States. We implement appropriate measures to protect your personal information when we transfer your personal information outside of your home country such as data transfer agreements that incorporate standard data protection clauses. The data privacy laws in the countries to which we transfer it may not be the same as the laws in the United States. Law enforcement agencies, regulatory agencies, security authorities or courts in the countries we transfer your personal information to may have the right to see your personal information.

1. If anything in this Privacy Notice conflicts with local law in your jurisdiction, local law prevails.
2. Your Consent

By using our Platform, you consent to our online Privacy Notice.

Your information, including personal data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.  Your consent to this Privacy Notice followed by your submission of such information represents your agreement to that transfer.

1. Information we collect about you

We will collect information about you from a variety of sources including directly from you, from our research and business partners and from others.  The personal information that we collect and process or disclose may include the following data about you:

1. Name, Contact information and Unique Identifiers: Identifiers, such as a real name, postal address, telephone number, unique personal identifier, device ID, email address, discount card number, health insurance information or other similar identifiers as well as demographic information such as date of birth, place of birth, country of residence, etc. and your written or digital signature.

1. Medical Information: Any information in possession of or derived from yourself, a healthcare provider, healthcare insurer, healthcare service plan, pharmaceutical company, or contractor regarding your medical history, physical condition, or treatment.  This includes your subscriber identification number, any unique identifier used by a health insurer to identify you or any information in your application and claims history (including prescription information).

1. Protected Characteristics: Characteristics of legally protected classifications such as race, gender, age or nationality or religion.

1. Geolocation Data: Precise geographic location information about you or the device.

1. Education and Professional Information: Your professional or employment related information.

1. Inferences: Inferences drawn from any of the information listed above to create a profile about you reflecting your preferences characteristics, psychological trends, preferences, predispositions, behavior, attitudes and aptitudes.
2. Banking/financial information:  Examples include credit/debit card numbers and expiration date, checking account and routing numbers, check or credit/debit card images.
3. Audio/visual information: Examples include call recordings or chat transcripts.

1. Information We Receive From Other Sources:  This is information we receive about you if you use any of the other websites we operate or the other goods/services we or our business partners provide.  In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this Platform.  We will also have told you for what purpose we will share and combine your data.  We are working closely with third parties (including, for example, business partners, trusted clients, third party vendors and service providers).  We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

1. How we collect or obtain your information

1. Voluntary Disclosure. We may ask you to provide us with personal information when you communicate with us online or offline, including events, surveys, and marketing or promotional programs. You are not required to provide us your personal information; however, if you choose not to provide the requested information, you may not be able to use some or all of the features of the Platform or we may not be able to fulfill your requested interaction.

1. Third-Party Data Sources. We may collect personal information from third-party data sources such as data brokers, consumer reporting agencies, marketing partners, analytics firms, dental plans, discount plans, dental or healthcare providers or their affiliates, insurers, and government agencies.
2. Cookies and Other Automated Tools.  We use cookies (a small text file placed on your computer or other electronic device to identify your computer and browser) and other automated tools such as tracking pixels to improve the experience of the Plan, such as saving your preferences from visit to visit to present you with a customized version of the Platform. Many web browsers are initially set up to accept cookies. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. Instructions for how to manage cookies in popular browsers are available at: Edge, Internet Explorer, Firefox, Chrome, Safari (iOS), Safari (Mac), and Opera. However, certain features of our Platform may not work if you delete or disable cookies.
3. We use the following types of cookies:
4. Session Cookies: Session cookies keep track of you or your information as you move from page to page within our Platform and are typically deleted once you close your browsers.

1. Persistent Cookies: Persistent cookies reside on your system and allow us to customize your experience if you leave and later return to our Platform. For example, persistent cookies may allow us to remember your preferences.
2. Advertising Cookies: Advertising cookies are used to learn more about you and advertise products/services that might interest you.
3. Analytics Cookies: Analytics cookies help us understand how our Platform is working and who is visiting our Platform. Google Analytics is one tool we use, and you can learn more by reviewing Google's Privacy Policy.

We may employ software technology that enables us to track certain aspects of a user's visit to our Platform. This technology helps us better manage content on our Platform by informing us what content is effective, how consumers engage with our Platform, and how consumers arrive at and/or depart from our Platform. The software typically uses two methods to track user activity: (1) “tracking pixels” and (2) “clear gifs.” Tracking pixels are pieces of executable code that are embedded in a web page that track usage activity including which pages are viewed, when they are viewed, and how long the pages are viewed. Clear gifs are tiny graphics with unique identifiers which are embedded in web pages and email messages that track whether a user views a web page or email message. User activity information may be associated with additional information about a user's session and personal information, if provided by the user.

If you arrive at our Platform by “clicking through” from another website, then certain information about you that you provided to that other website, such as the terms you searched that led you to our Platform, may be transmitted to us and we may use it. You should review the Privacy Notice of any website from which you reached our Platform to determine what information the operator collects and how it uses such information. We may retain information about you provided to us by other websites and will use it in accordance with this Privacy Notice. Such information may be associated with other usage data or personal information.

1. Information from Advertisements

If you arrive at our Platform via an advertisement (e.g., banner ad), we may collect information regarding the advertisement with which you interacted and your interactions (e.g., item clicked, date and time).

1. Social Media Widgets

The Platform may include social media features, such as Facebook, YouTube, Pinterest, LinkedIn, Instagram, and Twitter widgets. These features may collect information about your IP address and the pages you visit on our Platform as well as other personal information. A cookie may be set to ensure that a feature properly functions. Your interactions with features are governed by the privacy policies of the companies that provide them.

1. Mobile App

When you use Platform, we may collect your geolocation data and other information. This is so that we can provide you with a list of participating providers nearest to you. We do not share geolocation data with any third parties. If you do not want to use the Platform’s geolocation feature, you can turn off the location services for the Platform by changing the permissions on your mobile device. If you wish to stop all collection of information by the App, you can uninstall it. If you wish for us to permanently delete your geolocation data, you can contact us at help@alligator.com.

1. Uses made of the information

We use your personal information for the purposes we have described below in this Privacy Notice, or for purposes which are reasonably compatible with the ones described. We will not, use it for other purposes without your permission, unless we have a legal right or obligation to do so.  

1.  To manage our relationship with you.

We will use your personal information:

• To verify eligibility for our products and services, coordinate our services with our dental savings plan affiliates and dental providers and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• To respond to your requests:
• To improve our level of service;
• To provide our products and services to you:
• To promote our products and services;
• To manage your account, if necessary;
• To provide you with information when you request it. or when we believe it may be of interest to you;
• To invite you to provide your views on our products and services, participate in research or attend events:
• To report any product adverse events that you notify us about;
• To perform analytics and understand your preferences;
• To gain insights and feedback on our products and services in order to correct or improve them, by analyzing information from external sources such as Google, Facebook and Twitter (and others);
• For our own administrative and quality assurance purposes; and
• For other purposes that may be detailed on a website or mobile application which will be described at the time the information is collected.

1. To manage and Improve our processes and our business operations.

We will use your personal information to:

• Manage our network and information systems security: and
• Prepare and perform management reporting and analysis, including analytics and metrics.

1. To achieve other purposes

We will also use your personal information:

• To follow applicable laws and regulations;
• To respond to lawful requests from competent public authorities;
• To tell you about changes to our terms, conditions and policies;
• To exercise or defend S2 against potential, threatened or actual litigation;
• To respond to and handle your queries or requests; and
• When we sell, assign or transfer all or part of our business.
• If your personal information is shared with a strategic partner of S2, such as GlaxoSmithKline PLC (“GSK”), such personal information may be used by us or GSK to communicate with you for promotional or marketing purposes.

1. Disclosure of your information

We will disclose your personal information to third parties:

• Who are necessary to provide the services we offer.  Our Platform currently offers a dental discount card program that relies upon the dental service network of Careington International Corporation, who receives your personal information in order to, among other things, validate eligibility for receiving the benefits of the dental discount card program.  Please review their privacy policy (as of January 1, 2020, available at https://www1.careington.com/(S(oeh0j3hhseb3o2ihlah4akec))/help/privacy-statement/index.aspx) which describes their use of your personal information, including personal information received by us.
• Who are engaged in a strategic partnership or similar business relationship with us to support the services we offer, including, without limitation, GlaxoSmithKline PLC.
• In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
• If S2 or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or to protect the rights, property, or safety of S2, our customers, or others.

1. Where we store your personal data

Unfortunately, the transmission of information via the Internet or a mobile phone network connection is not completely secure.  Although we will do our best to protect your personal information, we cannot guarantee the security of the personal information you transmit to our websites or mobile applications: any transmission is at your own risk.  While we cannot guarantee that loss, misuse or alteration to data will not occur, once we have received your information, we will employ appropriate technical security measures to help prevent such unfortunate occurrences. The servers are located in the United States and hosted by Microsoft Azure. The servers are operated by Skillwork UK, Microsoft Azure, and System Two. One executive representative from each organization, Microsoft, Skillwork and S2 has access to the Azure environment. All servers are fully HIPAA compliant. We operate with a BAA with Microsoft. All security measures are in line with HIPAA guidance. 

1. Your rights

You have the right to ask us not to process your personal data for marketing purposes.  We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes.  You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.  You can exercise your right to have your personal data deleted. You can also exercise the right at any time by contacting us at support.  If personal information you have provided us in the past is no longer correct, we have a process for working with you to update that information.  See “CONTACT US” below.

1. Access to information

You have the right to access information held about you.  

1. Changes to our Privacy Notice

Any changes we make to our Privacy Notice in the future will be posted on this page and, where appropriate, notified to you by e-mail.  Please check back frequently to see any updates or changes to our Privacy Notice.

1. Contact

Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to support. 

1. Protecting Personal Information

To prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of the information we collect, we deploy a wide range of technical, physical, and administrative safeguards, including: Transport Layer Security (TLS), firewalls, system alerts, and other information system security technologies; housing health data in secure facilities that restrict physical and network access; and regular evaluation and enhancement of our information technology systems, facilities, and information collection, storage, and processing practices.  We use reasonable and appropriate administrative, physical, technical, and data security procedures and controls to safeguard your personal and protected health information against unauthorized access, disclosure, loss, misuse, and alteration.  We apply reasonable and appropriate measures to safeguard the confidentiality, integrity and availability of your personal information.  You should note that the Platform is not subject to the requirements of the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act (collectively referred to herein as HIPAA), as S2 is not a Covered Entity under HIPAA and does not intend to receive Personal Health Information (as defined by HIPAA) from a Covered Entity. 

No system can guarantee complete security.  As such, we cannot and do not guarantee the security of information stored on or transmitted to or from our Platform.  We cannot assume responsibility or liability for unauthorized access to our or our third-party servers and systems.  When disclosing any personal information, you are on notice that it is potentially accessible to the public and, consequently, can be collected and used by others without your consent.  Accordingly, you should carefully consider if you want to submit personal information that you would not want disclosed to the public and should recognize that your use of the internet and our platforms and services is solely at your risk.  You are ultimately responsible for maintaining the secrecy for all your personal information.  To the fullest extent permitted by law and our other contractual obligations, S2 disclaims all responsibility or liability to you for the security of your personal information transmitted via the Platform.  

1. Use and Disclosure of Your Personal Information

Our Platform may collect, disclose, use, and store your personal information as described in this Privacy Notice.  

We may subcontract some of our services.  In doing so, we require our subcontractors to comply with the terms and conditions to protect your personal information that apply to us under this Privacy Notice in substantially the same way, except where we have advised you to refer to our subcontractor’s privacy policy.

Before we use or disclose any personal health information that is restricted by HIPAA, S2 will de-identify such information in accordance with the criteria prescribed by HIPAA.  We may use and disclose any such de-identified information in the same manner as personal information under this Privacy Notice.

This section does not provide you with any right under this Privacy Notice, HIPAA, or any other law or regulation.

1. CHILDREN'S PRIVACY

THE PLATFORM IS NOT INTENDED FOR CHILDREN UNDER THE AGE OF 16 AND WE DO NOT KNOWINGLY COLLECT PERSONAL INFORMATION FROM CHILDREN UNDER THE AGE OF 16. IF WE BECOME AWARE THAT WE HAVE INADVERTENTLY RECEIVED PERSONAL INFORMATION FROM A CHILD UNDER THE AGE OF 16, WE WILL DELETE SUCH INFORMATION FROM OUR RECORDS.

1. ADDITIONAL CALIFORNIA CONSUMER RIGHTS

If you are a resident of California, you have additional rights to access and control your personal information, including a right to request that we disclose the personal information we collect, use, disclose, and sell, under the California Consumer Privacy Act (CCPA).

1. Right to Know

You have the right to request twice per 12-month period that we provide you (i) the categories or specific pieces of personal information we collected about you; (ii) the categories of sources from which your personal information was collected; (iii) the business or commercial purpose for which we collected your personal information; (iv) the categories of third parties with whom we shared your personal information; and (v) the categories of third parties to whom we sold your personal information. We are not permitted to provide access to specific pieces of personal information if the personal information is sensitive or creates a high risk of potential harm from disclosure to an unauthorized person such as financial information, social security numbers, and driver's license numbers. To protect your personal information, you must provide required information and/or documentation to verify your identity. We will process verified requests within 45 days, subject to any applicable exceptions and extensions permitted by law.

1. Right to Deletion

You have the right to request that we delete any personal information we have collected about you. Please understand that we are not required to honor a deletion request if a legal exemption applies such as if we need the information to complete a requested or reasonably anticipated transaction, prevent security incidents or fraud, enable internal uses that are reasonably aligned with your expectations, or comply with legal obligations. To prevent unauthorized individuals from making deletion requests, you must provide required information and/or documentation to verify your identity.

1. Right to Opt-Out from the Sale of Personal Information

As a California resident, you have the right to direct us not to sell your personal information to third parties. We will process verified requests within 15 days, subject to any applicable exceptions and extensions permitted by law.

The DAA also allows you to use its CCPA opt-out tool to request for your browser to opt-out of the sale of Personal Information by some or all participants of its CCPA opt-out program.

1. Non-Discrimination Notice

We will not discriminate against any consumer for exercising their privacy rights under law or this Privacy Notice.

1. California “Do Not Track” Disclosure

Do Not Track is a web browser privacy preference that causes the web browser to broadcast a signal to websites requesting that a user's activity not be tracked. Currently, our Platform does not respond to do not track signals. You may, however, opt-out of interest-based advertising using the DAA website linked above or make a browser-specific CCPA opt-out request using the CCPA opt-out tool linked here.

1. Submitting a Request

If you are a California resident and would like to exercise your rights, you may submit a request though calling us at 862-343-9238 or emailing us at help@alligator.com.

1. Authorized Agent

If you are an authorized agent submitting a request for another California resident, you must provide a copy of a lawful power of attorney or written authorization from the Consumer (along with proof of your identity). You may provide this documentation via email at help@alligator.com after submitting the request. We may contact you or the Consumer on whose behalf you claim to act to verify your authorization.

1. Your Acknowledgement and Consent to the Terms of this Privacy Notice. 

At S2 We are committed to protecting your privacy and we take the utmost great care with the personal information that we gather when you participate in the Platform.  BY PARTICIPATING IN THE PLATFORM IN ANY MANNER, YOU ACKNOWLEDGE THAT YOU ACCEPT THE PRACTICES AND POLICIES OUTLINED IN THIS PRIVACY NOTICE, AND YOU HEREBY CONSENT THAT WE WILL COLLECT, USE, AND SHARE YOUR INFORMATION.  IF YOU DO NOT AGREE WITH THIS PRIVACY NOTICE, YOU MAY NOT PARTICIPATE IN THE PLATFORM.  YOUR PARTICIPATION IN THE PLATFORM IS AT ALL TIMES SUBJECT TO THE AGREEMENT (AS THE TERM “AGREEMENT” IS DEFINED IN OUR TERMS OF USE, WHICH INCORPORATES THIS PRIVACY NOTICE).

1. CONTACT US

If you have any questions about our Platform or this Privacy Notice, please email us at help@alligator.com, call us at 862-343-9238 or send us a letter to the following address:

387 Park Ave S, New York, NY 10016