Clear Aligner Products
Terms of Use

1. INTRODUCTION.  These Terms and Conditions (“Terms and Conditions” or “Agreement”) shall apply to any order, purchase, and/or use by any dental or medical professional, clinician, doctor or dentist (“Customer”) of any products and services, including the Clear Aligner and Retainer products and services and the product packages described in Exhibit A attached hereto (collectively, “Products”) which are offered, sold or provided to any Customer hereunder by any of Henry Schein, Inc. or any of its subsidiaries, affiliates, sub-distributors or subcontractors, which are specified as the Product provider in the order form or contract to which these Terms and Conditions are attached or relate (each individually an “HSI Entity” and collectively, as the context requires, “HSI”). The parties hereby acknowledge and agree that, except as otherwise expressly provided in this Agreement, each individual HSI Entity is acting severally under this Agreement and, as such, any and all obligations and liabilities with respect to each such individual HSI Entity shall be several, not joint with the other HSI Entities, and relate only to such individual HSI Entity and the specific products or services being provided or performed by such individual HSI Entity.

2. TERM. The term of this Agreement for each Product shall begin on the date a Customer Order is submitted in accordance with this Agreement and end on the latest expiration date of any applicable warranties on the Products contained in this Agreement. This Agreement may be terminated earlier by a party for a breach of this Agreement by the other party which breach isn’t cured within 30 days of the non-breaching party’s notice of such breach to the breaching party.

3.   CUSTOMER ORDERS. Orders are placed by Customer (“Customer Orders”) using the DDX Approver Portal (“DDX Portal”) (or by any other means designated by HSI from time to time) which can be accessed at www.ddxdental.com. Customer Orders may be rejected by HSI in its sole discretion and may be accepted by HSI by any means, including by HSI sending the Customer a confirmation or by shipment of the Products to Customer. Customer Orders are considered placed when and as follows: (a) if Treatment Setup (as defined in Exhibit A) is used, on the date the final Treatment Setup is approved by Customer, or (b) if no Treatment Setup is required, on the date of the submission of the order by Customer with all required patient records. Except as otherwise provided in this Agreement, once Customer has placed a Customer Order that is accepted by HSI, Customer cannot cancel or terminate the Customer Order unless HSI fails to provide the Products or Customer within a reasonable time frame.

4. HSI SYSTEMS SECURITY. Use by Customer of any applicable HSI software, website, platform or system, including the DDX Portal (collectively, “HSI Systems”), shall be subject to Customer’s registration for such use as directed by HSI, and Customer’s agreement with these Terms and Conditions and any end user license agreement and/or other policies, procedures, terms and conditions, including with respect to privacy of any data or information, communicated to Customer by HSI or included or contained in any HSI Systems (collectively, Privacy Policies”). Customer is responsible for maintaining the confidentiality of all login information for HSI Systems, including their DDX Portal login information, and is fully responsible for all activities that occur under that password or user name. Customer agrees to (a) immediately notify HSI of any unauthorized use of any password, login information or user name used by Customer to access any HSI Systems or any other breach of the security and/or any Privacy Policies of any HSI Systems, and (b) to ensure that Customer exit from their HSI Systems accounts at the end of each session.

5. Data Privacy Laws; USE OF PROTECTED INFORMATION.

1. 1. Customer will, as applicable, obtain from all of its patients for whom the Products are designed, ordered or used, all requisite written consents and agreements (including as required in order to treat the patient and design, order and utilize the Products, communicate treatment plans and other patient clinical information (or for any other purposes under this Agreement)) as required by applicable laws and regulations including the following:

• (i) For Customers located in the European Union, written consents and agreements to Customer’s and HSI’s use of “Personal Data” (as defined in the European Union General Data Protection Regulation (“GDPR”));
• (ii) For Customers located in the United States, written consents and agreements to Customer’s and HSI’s use of Protected Health Information (“PHI”) (as defined in Health Insurance Portability and Accountability Act (“HIPAA”);
• (iii) For Customers located in Canada, written consents and agreements to Customer’s and HSI’s use of any clinical or patient information or other protected health information or any other information (“Canadian Protected Information”) the use or disclosure of which is restricted under any applicable laws and regulations (including any applicable Canadian provincial or federal privacy legislation); and
• (iv) For Customers located outside of Canada, the EU and the United States, written consents and agreements to Customer’s and HSI’s use of any clinical patient information or other protected health information or any other information (“Other Protected Information”) the use of which is restricted under any applicable laws and regulations in the jurisdiction in which Customer is located (including any applicable privacy or secrecy laws and regulations), including, without limitation, the laws and regulations, if any, set forth in Exhibit E attached hereto.
  1. Customer acknowledges and understands the confidential nature, as applicable to the Customer depending on its location, of PHI in the United States, Personal Data in the European Union, Canadian Protected Information in Canada and any Other Protected Information in any other jurisdiction in which Customer is located (collectively, “Protected Information”) and agrees that (i) Customer will only communicate such Protected Information to HSI as required for HSI to provide the Products under this Agreement and (ii) Customer is solely responsible for maintaining any and all necessary measures to assure such confidentiality in accordance with all applicable laws and regulations. HSI (including each HSI Entity) shall not be liable for any claims arising from any disclosures or breaches of the security of any Protected Information or of any other information maintained by Customer, and Customer shall promptly notify HSI if it becomes aware of any such claim, disclosure or breach.
  2. Use of any information provided to HSI by Customer hereunder or in the course of Customer’s use of any of the HSI Systems, including any Protected Information, shall be subject to HSI’s applicable Privacy Policies (as defined below). Customer must use the security features (including any key, PIN or password) in order to keep Protected Information secure and shall keep such security features confidential without lending, sharing, transferring or otherwise misusing them. Customer acknowledges that HSI may change its security features from time to time.
  3. Customer acknowledges and agrees that HSI may transfer Protected Information for processing to one or more of its affiliates or third party sub-processors located anywhere in the world in the course of designing, manufacturing and providing the Products.
  4. Customer agrees that HSI may use Protected Information for promotional, educational and/or research purposes, publication in professional journals or use in professional collateral materials, provided that such Protected Information has first been anonymized in a way that neither Customer nor any patient is
  5. To the extent HSI must access Protected Information for purposes of this Agreement in Canada, the EU, the United States, or any other country or territory, as applicable, including with respect to the Treatment Setups:
• (i) For Customers located in the United States: PHI subject to HIPAA, HSI shall be deemed a business associate to the Customer (as defined by HIPAA) and both HSI and Customer shall be subject to the terms and conditions of the HIPAA Business Associate Agreement attached hereto as Exhibit C.
• (ii) For Customers located in the EU: For Personal Data subject to the GDPR, the HSI Entity which is the Product provider shall be a “processor” (as defined by the GDPR), each other HSI Entity involved in the applicable transaction are “sub-processors”, and the Customer shall be the “controller” (as defined by the GDPR), and both the Customer (as controller) and the Product provider (as processor) shall be subject to the terms and conditions of the GDPR Controller-Processor Agreement attached hereto as Exhibit D.
• (iii) For Customers located in Canada: For Canadian Protected Information subject to Canadian Privacy Legislation, the Customer shall be the “custodian” (or similar language as may be defined in Canadian Privacy Legislation) of the Canadian Protected Information, and both HSI and Customer shall be subject to the terms and conditions of any of the applicable provincial or territorial Information Management Agreements, as amended from time to time. The provincial or territorial Information Management Agreements, as applicable, are incorporated by reference herein.

(iv) For Customers located outside of Canada, the EU and the United States: For use of any Other Protected Information, HSI and Customer shall be subject to any applicable laws and regulations in the jurisdiction in which Customer is located (including any applicable privacy or secrecy legislation), including, without limitation, as set forth in Exhibit E attached hereto.

6. CUSTOMER REPRESENTATIONS AND OBLIGATIONS. As a condition of HSI’s sale of the Products to Customer, Customer agrees as follows:

a.     Customer is licensed or registered to practice medicine, dentistry and/or orthodontics, as applicable, without restriction in the jurisdiction to which the Products are to be shipped and where Customer will install the Products and otherwise provide treatment to such patient;

b.     Customer, (i) will not use the Products, and will promptly inform HSI, if any of their licenses or registrations to practice expires, is not valid, is revoked, suspended or otherwise jeopardized or restricted at any time during treatment of patients, and (ii) will allow HSI to take such actions as HSI considers appropriate in light of such circumstances;

c.     Customer (i) has the necessary expertise, experience and training to properly perform procedures associated or in conjunction with treatment using the Products, and (ii) will use the Products only in accordance with generally accepted dental standards as well as any HSI clinical protocols designated by HSI.

d.     The Products will not be used (i) by any other person other than the Customer who placed the order, (ii) on or for the benefit of any patient other than Customer’s patient for whom the Products were ordered and designed; or (iii) outside of the country where Customer and the applicable patient are located and to which such Products are shipped by HSI or its designee.

e.     Customer shall provide HSI with Customer’s accurate and complete ownership information as requested by HSI if required to fulfill any of HSI’s legal or regulatory obligations, including with respect to transparency reporting obligations, if any, in the applicable jurisdiction where Customer is located.

f.     Customer (i) shall be fully responsible, and directly and solely liable for the treatment of each patient, including the exercise of clinical judgment in the decision to use the Products and the design and implementation of each patient’s treatment plan, and for achieving the desired outcome for the Patient, (ii) will, upon request, provide feedback regarding the status of any patient’s treatment, experience and outcome with the Products; and (iii) promptly notify HSI of any event (with all available details) relating to the Products of which Customer or HSI is required to notify any governmental or regulatory authority.

6. CANCELLATIONS.

a. HSI may begin to manufacture the ordered Products upon Customer’s approval of the Treatment Setup or Customer’s placement of the Customer Order for the Products. Customer may not cancel any Aligner Products order after the final Treatment Setup has been approved by Customer. Customer may not cancel any Customer Order for Products or Replacement Aligners after the Customer Order has been placed. A Customer Order for Products may be cancelled by Customer only as provided in these Terms and Conditions. If any Treatment Setup has been posted to the DDX Portal for more than 60 days without Customer response or feedback, such Customer Order may be cancelled by HSI without notice to the applicable Customer.

b.     Cancellation Fees: Customer Orders cancelled by Customer before Treatment Setup approval by Customer will not incur cancellation fees. However, assessment of a cancellation fee per cancelled Customer Order and/or deactivation of a Customer’s HSI Systems account status may occur, if permitted under applicable laws in the jurisdiction in which Customer is located, if a Customer has an unreasonably high number of Customer Order cancellations. Full payment of all fees for a Customer Order for Products (including replacement Products orders) will be payable by Customer within 30 days of cancellation.

6.     PRICES AND PAYMENT.

a.      Current prices for Products and Services are available on the DDX Portal and are subject to change by HSI at any time without notice to Customer as of the date such pricing is updated in the DDX Portal pricing. Price changes will not affect orders which have already been placed. The price that applies to any Customer Order will be the price shown in the DDX Portal at the time Customer places the Customer Order in accordance with these Terms and Conditions.

b.     Prices are in either U.S. dollars or, if designated by HSI consistent with applicable laws, the local currency of the country where the Customer is located and are exclusive of any applicable taxes (including sales tax, VAT, GST, and consumption tax) and shipping and insurance charges which shall be billed to Customer separately. Additional shipping charges may apply to Customer Orders for Clear Aligners and retainers, including replacement Products.

c.     Customer will pay all HSI invoices as directed in the invoice in full and in cleared funds. Invoices are due for initial Aligner Products within 60 days of invoice and all other products and fees are due within 30 days of the date of invoice unless otherwise mutually agreed in writing by the parties or as otherwise stated in the invoice. Any invoice or other outstanding balance not paid by the invoice due date may be subject to the lesser of (i) 1.5% per month or (ii) the maximum monthly interest allowable by law.

6.     CLINICAL RISKS.

a.      Customer is wholly responsible for the use of the Products and the review and approval of the Treatment Setup, as well as the diagnosis and treatment of each patient.

b.     Customer is responsible for carefully reviewing a proposed Treatment Setup prior to approval and for determining the suitability of the treatment for the applicable patient.

c.      Customer acknowledges and understands that HSI is not providing and does not provide medical, dental or health care services or advice.

d.     The Customer is responsible for ensuring that (i) they are aware of the content of the Products’ Instructions for Use (the “Product Instructions”), including the contraindications and risk factors, (ii) the Products are prescribed only to patients who do not have contraindications and to whom the risks of treatment with the Products have been properly and fully explained, and (iii) patients are provided with the Product Instructions applicable to patient’s use of the Products and ensuring that they understand them.

10. COMPLIANCE WITH LAWS. Customer agrees that, in carrying out its duties and responsibilities under this Agreement, it will neither undertake nor cause or permit to be undertaken, any activity which is illegal under any applicable laws, decrees, rules, regulations, codes, orders or other requirements, including, without limitation and as applicable in the jurisdiction in which Customer is located, any anti-bribery and anti-kickback laws, any transparency laws (as hereinafter defined) and any data privacy laws (including with respect to any Protected Information), all as amended from time to time, including, without limitation, as set forth in Exhibit E attached hereto.

11. DISCOUNTS AND REBATES. Customer shall be obligated to report and provide information concerning any discounts, rebates or other price reductions provided under this Agreement. Customer must claim the benefit of these discounts in the fiscal year in which the discounts are earned, or the following year. By signing this Agreement, Customer acknowledges its legal obligations to fully and accurately report the discounts, rebates and/or other price reductions received under this program. Customer should retain this Agreement and any other documentation of discounts, rebates or other price reductions and make such information available to any applicable governmental authorities and programs and other applicable payers upon request.

12. SUNSHINE ACT. For Customers located in the United States only, the parties acknowledge that the Physician Payments Transparency Requirements enacted as section 6002 of the Patient Protection and Affordable Act of 2010 (codified at 42 U.S.C. §1320a-7h) and the regulations of the Centers for Medicare and Medicaid Services (CMS) promulgated thereunder (collectively, the “Sunshine Act”) require pharmaceutical, medical device, group purchasing organizations and other companies to annually report certain information about compensation, expenses and other payments or transfers of value provided directly or indirectly to U.S. physicians and teaching hospitals to CMS, which will in turn publicly post the information. If Customer is located in the United States, Customer agrees:  (a) not to contest any such reporting made by HSI in its reasonable judgment; (b) to provide HSI with any information requested to ensure its timely, accurate and complete reporting; and (c) to comply with its annual reporting obligations under the Sunshine Act, to the extent required, including filing appropriate ownership reports.

13. CONFIDENTIALITY OF INFORMATION. Customer will not use (except to undertake the activities contemplated by this Agreement), publish or otherwise disclose any confidential or proprietary information (including the terms of this Agreement) (“Confidential Information”) related to HSI or the Products that is disclosed by HSI or otherwise acquired by Customer in connection with the performance of this Agreement unless required by applicable law. This provision shall survive any expiration or termination of this Agreement.

14. PRODUCT WARRANTY.

• • HSI offers the Product warranty to its Customers as shown on Exhibit B attached hereto. HSI offers no other warranty with respect to the Products or any portion thereof.

1. DISCLAIMER OF ALL OTHER WARRANTIES. EXCEPT AS PROVIDED IN EXHIBIT B HERETO, TO THE EXTENT PERMITTED BY LAW, HSI (INCLUDING EACH HSI ENTITY) PROVIDES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE PRODUCTS OR SERVICES OR ANY PORTION THEREOF, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE OR NON-INFRINGEMENT.
2. This Section 14 shall survive any expiration or termination of this Agreement.

15. OTHER MATTERS.

a. LIMITATION OF LIABILITY. TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER (OR, IN THE CASE OF HSI AND EACH HSI ENTITY, TO CUSTOMER’S PATIENTS) FOR INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO, LOST PROFITS AND LOSS OF GOODWILL, ARISING FROM OR RELATING TO ANY BREACH OF THIS AGREEMENT (OR ANY DUTY OF COMMON LAW, AND WHETHER OR NOT OCCASIONED BY THE NEGLIGENCE OF A PARTY OR ITS AFFILIATES), REGARDLESS OF ANY NOTICE OF THE POSSIBILITY OF SUCH DAMAGES; PROVIDED THAT NOTHING IN THIS SECTION IS INTENDED TO, OR DOES, LIMIT THE CONFIDENTIALITY RIGHTS OR OBLIGATIONS OF EITHER PARTY SET FORTH HEREIN. IN NO EVENT WILL HSI’S (INCLUDING ALL OF THE HSI ENTITIES) AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE AMOUNT OF FEES PAID BY CUSTOMER TO HSI UNDER THIS AGREEMENT IN THE PRECEDING 12 MONTHS. This Section shall survive any expiration or termination of this Agreement.

b. Indemnity. Customer agrees to indemnify, keep indemnified, defend and hold harmless HSI, including each HSI Entity against and from any and all claims, causes of actions, damages, debts, liabilities, losses, obligations, payments, costs and expenses (including reasonable legal expenses), arising from or relating to: (i) Customer’s breach of any term of this Agreement or of any  agreement between Customer and their patient; (ii) any actions or omissions of Customer and including  any act or failure to act in respect of a patient; (iii) Customer’s provision of incorrect or incomplete information, records, documents or impressions to HSI or any failure to timely provide HSI with any such  information, records, documents or impressions; and (iv) any dealings with any applicable regulators, licensing or professional bodies in relation to Customer. This Section shall survive any expiration or termination of this Agreement.

c.      Intellectual Property Rights, Confidentiality and Trademarks.

• (i) All rights in intellectual property (including all patents, trademarks, trade names, service marks, logos, registered designs, utility models, design right, database rights, copyright (including copyright in software and computer algorithms), trade secrets and other confidential information, know-how, and all other intellectual and industrial property and rights of a similar or corresponding nature in any part of the world) in or relating to the Products, any materials or information, HSI Systems (including the DDX Portal), documents or items that HSI prepares or produces for Customer or any patent or makes available to Customer or any patient (collectively, “HSI Intellectual Property”), as between HSI and Customer, will belong to HSI absolutely and exclusively and Customer shall obtain no rights or licenses with respect to and shall not utilize any HSI Intellectual Property except as otherwise expressly provided in this Agreement. Customer agrees to promptly inform HSI if Customer becomes aware of any infringement of any of the HSI Intellectual Property by any person or entity. This Section shall survive any expiration or termination of this Agreement
• (ii) HSI grants to Customer the limited right to the use of the trademarks on the Products provided by HSI in connection with the use and sale of the Products as authorized under this Agreement during the term of this Agreement. Any changes to the marketing materials or other documentation related to the Products, including, without limitation, materials that include HSI Trademarks, must be approved in writing in advance by HSI.

1. Customer shall maintain during the Term of this Agreement (and if any policy is on a claims-made and reported form, for three years thereafter) a third party liability insurance with such coverage as customary for dentists in the country where the Customer has its seat. HSI shall be given at least 30 days’ notice of cancellation or expiration of such insurance.
2. Audits. Customer agrees to cooperate with any audit performed by HSI (or it’s duly appointed agents or representatives) undertaken to verify Customer’s compliance with this Agreement or required in order to comply with applicable laws.
3. Notices. Except as otherwise provided, all notices given under this Agreement shall be in writing and shall be deemed to have been duly given upon receipt if delivered by hand or electronic transmission with receipt confirmed, three days after mailing by certified or registered mail, and one day after sending by overnight courier, to the parties’ respective address indicated on the signature page of this Agreement or such other address as a Party specifies in writing to the other Party. Any notice to HSI shall include a copy to: Henry Schein, Inc., 135 Duryea Road, Melville, New York 11747; Attn: General Counsel; Fax: 631-843-5660.
4. Force Majeure. HSI will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under these Terms and Conditions that is caused by events outside our reasonable control (“Force Majeure Event”). Any failure by Customer to pay any sums due to HSI shall not be excused by reason of any Force Majeure Event. HSI’s obligations under these Terms and Conditions are suspended for the period that the Force Majeure Event continues, and HSI will extend the time to perform these obligations for the duration of that period but will make reasonable efforts to
5. Governing Law. This Agreement shall be governed by:

• (i) With respect to Customers located outside of the European Union, the laws of the State of New York, without reference to conflict of laws principles, and the parties irrevocably submit to the jurisdiction of the federal courts sitting in the Eastern and Southern Districts of New York for the purposes of any suit, action or proceeding arising under this Agreement; and
• (ii) With respect to Customers located in the European Union, the laws of the country where the Customer has its seat and the parties irrevocable submit to the jurisdiction of the courts having jurisdiction over the place where the Customer has its seat.

The parties hereby irrevocably waive the defense of an inconvenient forum to the maintenance of any such suit, action or proceeding.

1. Remedies. Due to the fact that the disclosing Party may not be adequately compensated by money damages in the event of the receiving Party’s breach of any of the confidentiality provisions of this Agreement, the disclosing Party shall be entitled, in addition to any other right or available remedy, to seek an injunction or other equitable relief restraining such breach or any threatened breach.
2. Amendments. This Agreement may not be amended, nor any obligation waived, except by a writing signed by both parties.
3. No Waiver. No failure or delay by any Party in exercising any right, power or privilege hereunder shall operate as a waiver thereof, nor shall any single or partial exercise thereof preclude any other or further exercise thereof or the exercise of any other right, power or privilege hereunder.
4. If any term of this Agreement is held by a court of competent jurisdiction to be invalid or unenforceable, then this Agreement, including all of the remaining unaffected terms, shall remain in full force and effect as if such invalid or unenforceable term had never been included.
5. No Publicity. Neither Party shall originate any publicity, press releases or other public announcement relating to any relationship between the parties, this Agreement or the performance hereof without the other Party’s prior written consent; provided, however, that either Party may, without such consent, make any press release or other public announcement as required by law.
6. Section Headings. The headings contained in this Agreement are for convenience of reference only and are not intended to have any substantive significance in interpreting this Agreement.
7. Entire Agreement. This Agreement, including these Terms and Conditions and exhibits attached hereto, each of which is incorporated herein by reference in its entirety, constitutes the entire agreement between Customer and HSI.  All prior or contemporaneous agreements, proposals, understandings and communications between or involving Customer and HSI, whether oral or written, are superseded by this Agreement.  The terms contained in this Agreement shall supersede any conflicting terms contained in any document used or submitted by either Party in connection with the purchase of Products covered by this Agreement.

Exhibit A

Product and Product Package Descriptions and Definitions

PACKAGE DESCRIPTIONS

Reveal Aligners Standard – Treatment package for moderate-to-severe cases with 21 or more steps. Includes Assurance Plan (as defined below) and one set of retainers.

Reveal Aligners Lite – This treatment option is for mild-to-moderate cases or single arch treatment with 11 to 20 steps or 21 to 40 individual aligners. Includes one refinement (if needed) and one set of retainers.

Reveal Aligners Express – This treatment option is for very mild cases with less than 10 steps or 20 or less individual aligners. Includes one refinement (if needed) and one set of retainers.

Reveal Plus Aligners Standard – Treatment package for moderate-to-severe cases with 21 or more steps. Includes Assurance Plan (as defined below) and one set of retainers.

Reveal Plus Aligners Lite – This treatment option is for mild-to-moderate cases or single arch treatment with 11 to 20 steps or 21 to 40 individual aligners. Includes one refinement (if needed) and one set of retainers.

Reveal Plus Aligners Express – This treatment option is for very mild cases with less than 10 steps or 20 or less individual aligners. Includes one refinement (if needed) and one set of retainers.

Reveal Plus Aligners Flex – This treatment option for large group practices is for cases with 20 or less steps or 40 individual aligners. Includes one refinement (if needed) and one set of retainers.

DEFINITIONS

Assurance Plan is guaranteed refinements for three years calculated by the aligner case invoice date.

Elastic Button Technique (EBT) is a technique for using buttons and rubber bands as auxiliaries to aligners in order to achieve extrusion. The Clinician will be notified if EBT is recommended on the Treatment Setup, but those recommendations are not required to be accepted by the Clinician and it is up to the Clinician to promptly inform HSI of any necessary changes. If the Clinician approves the Treatment Setup with EBT, directions on the location and timing for EBT will be provided once the aligners have been manufactured. The Clinician must follow directions provided by creating cutouts on aligners in-office and adhering separately purchased buttons to the surface of the teeth near the gingiva. The Clinician has complete choice of what buttons and elastics to use.  After aligners have been modified and buttons adhered, the Clinician must instruct patients on proper elastics wear.

Interproximal Reduction (IPR) is a procedure where the proximal surfaces of the teeth are reduced. This reshaping creates spaces between the teeth to allow them to move more easily during treatment.  The Clinician will be notified if IPR is recommended on the Treatment Setup, but those recommendations are not required to be accepted by the Clinician and it is up to the Clinician to promptly inform HSI of any necessary changes. The Clinician will need to notify HSI of any preferences on when to perform IPR when submitting the case or requesting modifications of the treatment plan. If the Clinician approves the Treatment Setup with IPR, directions on the location and timing for IPR will be provided once the aligners have been manufactured. The Clinician has complete choice of what instruments and methods to use for completion of planned IPR. HSI recommends always getting signed consent from the patient before performing IPR.

Refinement – An option if further tooth movement is needed in order to meet the original approved Treatment Setup. Refinements are not an opportunity to modify the original Treatment Setup. HSI will provide the recommended number of aligners to achieve your approved Treatment Setup once appropriate records have been provided. Refinements may only be requested after half the number of steps provided have been used and before the Treatment Expiration Date.

Retainers – One set of upper and lower, made of slightly thicker material for longevity. May be ordered as replacement retainers, based on the original submitted intraoral scan and approved Treatment Setup.

Replacement Aligners – To replace lost or damaged aligner trays, Replacement Aligners are made from the original submitted intraoral scan and approved Treatment Setup. Dual arch Replacement Aligners constitute two replacement trays.

Note on Replacement Aligners: Direct patients to keep their most recently used aligners and temporarily use the previous set while replacements are being made. Replacement Aligners for more than one step are available for purchase and will generally ship within 7 to 10 business days after placing the order.  If one set of aligners has been lost please instruct the patient to skip that step and increase the length of time the next step is worn until the teeth are fully seated.

Revision – An option if the treatment plan needs to be changed by the doctor to achieve new treatment goals. A new Treatment Setup will be provided for approval.

Treatment Expiration Date is calculated by the aligner delivery date plus 2 weeks per step, plus 120 days from completion of the final step.

Treatment Setup is a virtual three-dimensional representation of the patient’s expected tooth movement which is used for communicating the orthodontic treatment plan. Treatment Setups include the virtual model and the option for Interproximal Reduction (IPR), Attachments, Cutouts, Elastic Slits, and Elastic Button Technique (EBT) if needed. Prior to approving the final Treatment Setup, the Clinician is requested to thoroughly review the Treatment Setup and request changes or modifications in the DDX Portal. If the Clinician does not approve the Treatment Setup, he/she may cancel the case with no cancellation fees. The Clinician’s approval of the customized Treatment Setup is considered a prescription to HSI and HSI’s final authorization to manufacture the Henry Schein’s Aligners (when medically feasible for extraction cases, HSI recommends Treatment Setup approval prior to performing extractions). Results depicted in Treatment Setup are simulated; actual clinical results may vary and are not guaranteed.

New Treatment Setup – When new scans or impressions are required for Retainers or a new Treatment Setup is requested after one has already been approved by the customer.

Exhibit B

Product Warranty

This Warranty covers aligner Products (“Aligner Products”) and retainer Products (“Retainer Products”) (collectively, “Products”) sold to Customer hereunder. The warranty is exclusively for the benefit of eligible treating Customers (individually, a “Clinician”) and is not for the benefit of any other person or entity, including, but not limited to, any patients, practices, laboratories and/or other intermediate suppliers.

1.     The “Warranty Period” is as follows and will apply to (i)  Aligner Product packages until the “Treatment Expiration Date” (which is calculated by taking the date the applicable Aligner Product is delivered to Customer and adding two (2) weeks per step (per approved Treatment Setup), plus 90 days; and (ii) Retainer Products sold separately for up to six (6) months from the Treatment Expiration Date; provided that HSI only warrants the fit of the Retainer Products for up to 60 days from the date of shipment to Customer. (iii) Individual Aligner Products sold separately HSI only warrants the fit for up to 15 days from the date of shipment to Customer.

2. Scope of Warranty. Subject to the eligibility and other requirements set forth in this Warranty, if the Product fails due to a defect during the Warranty Period, HSI will replace the defective Product using the original approved Treatment Setup and originally provided patient records.

3. Eligibility. To be eligible for the Warranty, Clinician must provide notice to HSI prior to the expiration of the applicable Warranty period and no later than 30 days after the defect in the Product was discovered, with such notice including documentation demonstrating the facts and circumstances surrounding the failure of the Product.

4. Returns. Customer is responsible for Products returned to HSI, provided that in case the returned Product proves to be covered under this Warranty, reasonable and documented transportation costs for the return of such Product shall be borne by HSI. All returns should be completed via a reputable national courier which provides insurance for the full replacement value of the shipped Product. Returned Products must include a Return Material Authorization (RMA) number marked clearly on the outside of the package. The package must be addressed to the Returns Department. Please contact aligners@henryscheinortho.com for support. Customer shall be responsible for all transport costs and risks relating to any return of a Product where the Products or the reason for the return is not covered by the Warranty.

5. Exclusions. This Warranty shall not apply in the event of:
6. Any trauma, accident, or other damage to the Product by the patient or a third-party;
7. Any placement of the Product in a patient with accepted contra-indicated conditions that might interfere with successful integration;
8. Any normal wear and tear of the Products;
9. Any misuse or modification of the Product;
10. Any use of the Product in combination with any third party products, materials or services not expressly authorized in writing by HSI;
11. Any negligent treatment by the Clinician or treatment by any Clinician not properly licensed;
12. Any other damage, failure or defect not caused by HSI

6. NOTWITHSTANDING ANYTHING TO THE CONTRARY CONTAINED IN THIS WARRANTY OR ANY AGREEMENT BETWEEN HSI AND CUSTOMER, HSI’S AND EACH HSI APPLICBALE ENTITY’S SOLE AND EXCLUSIVE LIABILITY AND OBLIGATION UNDER THIS WARRANTY IS FOR REPLACEMENT OF THE APPLICABLE PRODUCTS COVERED BY THIS WARRANTY. NO WARRANTY IS MADE REGARDING THE OUTCOME OF ANY TREATMENT USING THE PRODUCTS OR ANY COMBINATION OF THE PRODUCTS WITH ANY THIRD PARTY PRODUCTS, WHETHER OR NOT IN CONJUNCTION WITH ANY HSI SERVICES. IN NO EVENT WILL HSI’S (INCLUDING ALL OF THE HSI ENTITIES’) AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE AMOUNT OF FEES PAID BY CUSTOMER TO HSI UNDER THIS AGREEMENT IN THE PRECEDING 12 MONTHS. This Section shall survive any expiration or termination of any agreement between Clinician and HSI.

7. No representative, employee or agent of HSI is authorized to give any other warranties on behalf of HSI or modify the limitations set forth in this Products Warranty or the Terms and Conditions to which this Product Warranty is attached or relates.

Exhibit C (For U.S. Customers Only)

HIPAA Business Associates Agreement

(PRIVACY AND SECURITY OF HEALTH INFORMATION)

This BUSINESS ASSOCIATE AGREEMENT (“Agreement”) is entered into between Henry Schein, Inc. and/or its affiliated companies (including, for clarity and to the extent applicable, Ortho Organizers, Inc.), as applicable (each a “Business Associate”, as applicable) and the Customer (as defined in the T&Cs) (“Provider”) together with the Clear Aligner Products Terms and Conditions (“T&Cs”). The parties hereby acknowledge and agree that each Business Associate is acting severally under this Agreement and as such, any and all obligations and liabilities with respect to each Business Associate shall be several, not joint, and relate only to the Business Associate and specific products or services being provided or performed by such individual Business Associate. Both parties agree as follows:

1. DEFINITIONS

Capitalized terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Standards for Privacy of Individually Identifiable Health Information, at 45 Code of Federal Regulations (“CFR”) part 160 and part 164 subpart E (the “Privacy Rule”), the Security Standards issued at 45 CFR part 160 and part 164 subpart C (the “Security Rule”), and the breach notification rules at 45 CFR Part 164, subpart D (“Breach Rules”)  as they may be amended from time to time.

The following capitalized terms shall have the following meaning when used in this Agreement:

164. “Breach” shall have the same meaning as the term “Breach” in 45 CFR 164.402.
165. “Designated Record Set” shall mean a group of records maintained for Provider that are the medical and/or billing records that refer to an individual Patient.
166. “Electronic PHI” shall mean the PHI that is transmitted or maintained by Business Associate on behalf of Provider in electronic media, including, but not limited to, hard drives, disks, on the internet, or on an intranet.
167. “HITECH Act” shall mean the “Health Information Technology for Economic and Clinical Health Act” set forth within P.L. 111-5, and all relevant regulations promulgated thereunder, as amended from time to time.
168. “Patient” shall mean the individual whose PHI is contained in a specific medical or billing record that Business Associate maintains on behalf of Provider, or that person’s duly appointed guardian or qualified personal representative.
169. “PHI” shall have the same meaning as the term “protected health information” in 45 CFR 160.103, limited to the information created or received by Business Associate from or on the behalf of Provider.
170. “Secretary” shall mean the Secretary of the U.S. Department of Health and Human Services or his designee.
171. “Unsecured PHI” shall have the same meaning as the term “Unsecured Protected Health Information” as defined in 45 CFR 164.402.

1. OBLIGATIONS AND ACTIVITIES OF BUSINESS ASSOCIATE
   164. Business Associate agrees to comply with those provisions of the Security Rule that are set forth at 45 C.F.R. §§ 164.308, 164.310, 164.312, and 164.316, as amended from time to time, with respect the security of PHI, in the same manner that such regulations apply to the Provider.
   165. Business Associate agrees to comply with the Privacy Rule at 45 C.F.R. § 164.504(e), as amended from time to time, with respect to its use and disclosure of PHI, in the same manner that such regulation applies to Provider. The additional requirements of the HITECH Act that relate to privacy and that are made applicable with respect to covered entities shall also be applicable to Business Associate and shall be and by this reference hereby are incorporated into the Business Associate Agreement.
   166. Business Associate agrees to not use or further disclose PHI other than as specifically permitted or required by this Agreement or as required by law.
   167. Business Associate agrees to use appropriate safeguards and comply, where applicable, with Subpart C of 45 CFR Part 164 with respect to Electronic PHI, to prevent use or disclosure of PHI other than as provided for by this Agreement.
   168. Business Associate agrees to mitigate, to the extent practicable, any harmful effect that is known to Business Associate of a use or disclosure of PHI by Business Associate in violation of the requirements of the Agreement.
   169. Business Associate agrees to report to Provider if it becomes aware of any use or disclosure of PHI not provided for by this Agreement, including any Breach of Unsecured PHI as required by 45 CFR 164.410, and any Security Incident of which it becomes aware. Notwithstanding anything herein to the contrary, the parties acknowledge and agree that this Agreement shall constitute notice to Provider that Business Associate may periodically experience broadcast attacks on its firewall, port scans, unsuccessful log-on attempts, denials of service and similar unsuccessful security incidents, and Business Associate need not further report such incidents to Provider so long as such incidents do not result in unauthorized access, use or disclosure of PHI.
   170. Business Associate agrees to ensure that any Subcontractors that create, receive, maintain, or transmit PHI on behalf of Business Associate on behalf of Provider agree to the same restrictions and conditions that apply to Business Associate with respect to such information, including, without limitation, implementation of appropriate safeguards to protect the security of Electronic PHI.
   171. Upon the written request of Provider, Business Associate agrees to provide access to Provider to PHI that Business Associate maintains in a Designated Record Set (if in fact its arrangements with Provider require Business Associate to maintain Designated Record Sets on behalf of Provider), in order for Provider to meet the Patient access and copying requirements under 45 CFR 164.524. If Business Associate maintains an electronic health record which contains the PHI, Business Associate shall provide such information produced in accordance with this section 2(h) in electronic format to enable Provider to fulfill its obligations under applicable regulations.
   172. Upon the written request of Provider, Business Associate agrees to make any amendment(s) to PHI that Business Associate maintains in a Designated Record Set (if in fact its arrangements with Provider require Business Associates to maintain Designated Record Sets on behalf of Provider), that the Provider directs or agrees to pursuant to 45 CFR 164.526.
   173. Business Associate agrees to make its internal practices, books and records relating to the use and disclosure of PHI available at the request of the Provider to the Secretary, for purposes of determining Provider’s compliance with the Privacy Rule, subject to attorney-client or other applicable legal privileges.
   174. Business Associate agrees to document such disclosures of PHI and information related to such disclosures as would be required for Provider to respond to a request by Patient for an accounting of disclosures of PHI in accordance with 45 CFR 164.528, as may be amended from time to time.
   175. Upon written request of Provider, Business Associate agrees to provide Provider with information collected in accordance with Section k of this Agreement to permit Provider to respond to a request by Patient for an accounting of disclosures of PHI in accordance with 45 CFR 164.528.
   176. Business Associate agrees that to the extent it is to carry out Provider’s obligation under the Privacy Rule that it will comply with the requirements of the Privacy Rule that apply to Provider in the performance of such obligation.
   177. Business Associate agrees to notify Provider without unreasonable delay, but in no event more than 60 days after Business Associate becomes aware of an unauthorized use or disclosure by or on behalf of Business Associate which constitutes a Breach of Unsecured PHI unless it receives a request to delay such notification from a law enforcement official pursuant to 45 CFR 164.412. Such notification shall include a list of impacted Patients, and describe the Breach in such reasonable detail to enable Provider to fulfill its obligations under applicable regulations.
   178. Upon written request of Provider, Business Associate will comply with a Patient request for restriction of certain disclosures to health plans in accordance with 45 CFR 164.522 and the HITECH Act, if the disclosure is to a health care plan for the purposes of carrying out payment or health care operations and the PHI pertains solely to a health care item or service for which Patient has paid for out of pocket in full. Except to the extent that Provider must agree to a Patient request for restriction under the HITECH Act, Business Associate shall not be required to comply with a Patient’s request to restrict the use or disclosure of PHI.

• PERMITTED USES AND DISCLOSURES BY BUSINESS ASSOCIATE
  1. Business Associate may use or disclose PHI to perform functions, activities or services for, or on behalf of, Provider, in accordance with the contractual or other arrangements between Provider and Business Associate.
  2. Except as otherwise specifically permitted by Section IV of this Agreement, Business Associate shall limit its use and disclosure of PHI to only the minimum necessary PHI required by Business Associate to furnish services on behalf of Provider.

1. SPECIFIC USE AND DISCLOSURE PROVISIONS
   1. Business Associate may use PHI for the proper management and administration of the Business Associate or to carry out the legal responsibilities of the Business Associate.
   2. Business Associate may disclose PHI for the proper management and administration of the Business Associate, provided that disclosures are required by law, or Business Associate obtains reasonable assurances from the person to whom PHI is disclosed that it will remain confidential and be used or further disclosed only as required by law or for the purpose for which it was disclosed to the person, and the person notifies the Business Associate of any instances of which it is aware in which the confidentiality of PHI has been breached.
   3. Business Associate may use PHI to provide data aggregation services as permitted by 45 CFR 164.504(e)(2)(i)(B) (i.e. the combining PHI received from Provider with PHI received by Business Associate in its capacity as the business associate of another practice for the purpose of conducting data analyses that relate to health care operations of various practices).
   4. Business Associate may use PHI to create de-identified health information to the extent permitted by the Privacy Rule. There will be no restrictions on Business Associate’s use or disclosure of the de-identified health information once it is so de-identified.

1. OBLIGATIONS OF PROVIDER
   1. Provider represents and warrants to Business Associate that its Notice of Privacy Practices permits Provider to disclose PHI to Business Associate, and that the Notice of Privacy Practices used by Provider incorporates the terms and statements required by the Privacy Rule. Provider agrees that Provider shall not modify such notice or its privacy procedures in any manner that may affect Business Associate’s authority to use or disclose PHI pursuant to this Agreement without the consent of Business Associate, except as may be required by applicable law.
   2. If applicable, Provider shall notify Business Associate of any changes in, or revocation of, permission by a Patient to use or disclose PHI, to the extent that such changes may affect the permitted uses or disclosures of such PHI by Business Associate.
   3. Provider shall not request that Business Associate use or disclose PHI in any manner that would not be permissible under the Privacy Rule, Security Rule or other applicable law or its Notice of Privacy Practices if done by Provider except the uses specifically permitted under Section IV above, where Business Associate may use or disclose PHI for data aggregation or management and administrative activities of Business Associate.
   4. Provider represents and warrants to Business Associate that Provider shall comply with all requirements of the Privacy Rule, Security Rule, and any similar federal or state requirements relating to privacy concerns.

1. MUTUAL OBLIGATIONS

The parties agree that they will neither directly nor indirectly receive remuneration in exchange for any PHI of a Patient, unless a valid authorization, pursuant to 45 CFR 164.508, is executed by that Patient. Notwithstanding the foregoing, the parties agree that they may receive remuneration in exchange for PHI of a patient in accordance with 42 USC § 17935(d)(2) and 45 CFR 164.502(a)(5)(ii)(B)(2).

• TERM AND TERMINATION
  1. The Term of this Agreement shall be effective as of the date set forth above, and shall remain effective so long as a relationship between the Provider and the Business Associate shall persist. This Agreement shall terminate when all of the PHI provided by Provider to Business Associate or created or received by Business Associate on behalf of Provider is destroyed or returned to Provider or, if it is infeasible to return or destroy PHI, protections are extended to such information in accordance with the termination provisions in Section a.i(ii) below.
  2. Upon Provider’s knowledge of a material breach of this Agreement by Business Associate, Provider shall provide written notice to Business Associate identifying the breach, and permit the Business Associate 30 days to cure the breach; if Business Associate does not cure the breach or end the violation within the time specified, or if cure is not possible, Provider may immediately terminate this Agreement, and/or report the event to the Secretary.
  3. Upon Business Associate’s knowledge of a material breach of this Agreement by the Provider, the Business Associate shall provide written notice to the Provider identifying the breach, and may permit the Provider the opportunity to cure the breach within 30 days; if Provider does not cure the breach or end the violation within the time specified, or if cure is not possible, Business Associate may immediately terminate this Agreement, and/or report the event to the Secretary.
  4. Effect of Termination.
     • (i) Except as provided in Section a.i(ii) below, upon termination of this Agreement, for any reason, Business Associate shall return or destroy all PHI received from Provider, or created or received by Business Associate on behalf of Provider. This provision shall apply to PHI that is in the possession of subcontractors or agents of Business Associate.  Business Associate shall retain no copies of the PHI.
     • (ii) In the event the Business Associate determines that the returning of or destroying of the PHI is infeasible, Business Associate shall provide to Provider notification of the conditions that make return or destruction infeasible, and thereafter, Business Associate shall extend the protections of this Agreement to such PHI and limit further uses and disclosures of such PHI to those purposes that make the return or destruction infeasible, for so long as Business Associate maintains such PHI.

• NOTICE

Any and all notices, requests, or reports, required or permitted to be given under any provision of this Agreement shall be in writing and shall be deemed given upon the mailing thereof by first class certified mail, return receipt requested, postage prepaid, or by overnight mail. If such notice is to the Business Associate, then it shall be sent to the attention of the HIPAA Compliance Officer at: Henry Schein, Inc., 135 Duryea Road, Melville, New York 11747, with a copy to the General Counsel; fax: 631-843-5660.  If such notice is to the Provider, then it shall be sent to the address that the Business Associate then has on file for the Provider.

1. MISCELLANEOUS
   1. This Agreement is between Provider and Business Associate and shall not be construed, interpreted, or deemed to confer any rights whatsoever to any third party, including Patients.
   2. The parties agree that any ambiguity in this Agreement shall be resolved in favor of a meaning that complies and is consistent with Health Insurance Portability and Accountability Act, the Transaction Standards, Security Standards, the Privacy Rules, and the HITECH Act.
   3. This Agreement shall be governed by and construed in accordance with the laws of the state of Delaware, without regard to the conflicts of law principles of such state.
   4. Provider and Business Associate agree to negotiate in good faith if, in either party’s reasonable judgment, modification of this Agreement becomes necessary due to legislative or regulatory amendments to the Privacy Rule, the Security Rule, or the HITECH Act.
   5. In the event that it is impossible to comply with both this Agreement and any underlying services agreements between the parties, the provisions of this Agreement shall control with respect to those provisions of each agreement that expressly conflict.
   6. This agreement replaces and supersedes any previous agreement with respect to the subject matter hereof.

EXHIBIT D (For EU Customers only)

GDPR CONTROLLER-PROCESSOR AGREEMENT

This GDPR Controller-Processor Agreement (“CPA”) is incorporated into and adds the following data privacy clauses to the Terms and Conditions to which this CPA is attached or relates (“T&Cs”), between the Customer (as defined in the T&Cs) (“Controller”) and the HSI Entity (as defined in the T&Cs) which is providing the Products (as defined in the T&Cs) (“Processor”)  to the Customer; each a “Party” and both jointly the “Parties”.

1. Scope and roles
   • This CPA is applicable to the processing of personal data which falls under European Union Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) and that is subject to the Controller´s use of the Processor´s services under the T&Cs. Unless specified otherwise, capitalized terms in this CPA shall have the same meaning as in the GDPR.
   • In particular, the Personal Data that is subject to this CPA is: data necessary for manufacture and sale of Aligner Products and services to Customer’s patients.
   • The Personal Data is processed by Processor on behalf of Controller for the purpose(s) of: manufacture and sale of Aligner Products to Customer’s patients.  This Personal Data shall be processed by Processor on behalf of Controller for the term of the T&Cs.
   • The Parties agree that Controller is responsible for compliance as a “controller” with respect to the services and Processor is responsible for compliance as a “processor” with all applicable data privacy laws (including without limitation the GDPR) and with the obligations established under this CPA.
   • Processor shall process Personal on behalf of Controller, as necessary to perform its obligations under the agreements between the Parties and strictly in accordance with documented instructions from Controller, including with regard to transfers of Personal Data to countries besides the intended recipient country and will not process such Personal Data in any other way or for any other purpose, except where otherwise required by any applicable European Union (“EU”) (or any EU member state) law. In no event shall Processor process the Personal Data for its own purposes or those of any third party (unless Processor is instructed to do so by Controller).
   • Controller´s instructions to Processor are to provide the services such as enshrined in the applicable service descriptions and the T&Cs. If Controller issues additional instructions, Controller will reimburse the Processor for any resulting costs on a time and material basis. Processor will inform Controller about such additional costs before commencing work, and will only commence work if Controller has approved the additional costs.

2. Transfers of Personal Data outside the EU or European Economic Area (“EEA”).
   • The following provisions shall apply to transfers of Personal Data to countries outside of the EU or EEA, except where the EU Commission has decided that the third country, a territory or one or more specified sectors within that third country ensures an adequate level of protection (Article 45 GDPR).
   • If the Processor is located outside of the countries or areas mentioned in section 1, the transfer of Personal Data shall be subject to Standard Contract Clauses for Controller-to-Processor transfers as determined in Commission Decision 2010/87/EU (“C2P SCCs“), which are hereby taken into reference and form part of this agreement. Any transfer from the Processor to a further processor (therefore a “Sub-Processor”) located outside the EU, EEA or a third country with an adequate level of data protection shall be treated as sub-processing according to the C2P SCC.
   • If the Processor is located within the countries or areas mentioned in section 1, but a Sub-Processor is located outside of such a country or area, the transfer of Personal Data to the Sub-Processor shall be subject to C2P SCCs, which shall be concluded between the Controller and the Sub-Processor. To that end, Controller instructs and authorizes Processor to enter into C2P SCCs with such Sub-Processors in the name and on behalf of Controller, and releases Processor from any prohibition of self-contracting, if applicable. Controller shall be data exporter and any Sub-Processor bound by the C2P SCC shall be data importer. Controller agrees to exercise any rights under the C2P SCC through the Processor, by instructing the Processor to use such rights as requested.
   • Section 3 shall apply mutatis mutandis in cases where Processor and Sub-Processor are located in countries or areas mentioned in section 2.1, but a Sub-Processor is located outside of such country or area. If so, the Sub-Processor shall have the same tasks, powers, rights and obligations as the Processor under section 2.3.
   • The Appendices of the C2P SCC are filled as follows:
     • Data exporter is the Controller.
     • Data importer is the Processor (in case of section 2 above) or the Sub-Processor (in case of section 2.3 above) or the Sub-Sub-Processor (in case of section 2.4 above).
     • Data subjects are the patients of Controller.
     • Categories of data shall be the same as specified in section 2 of this CPA.
     • Special categories of data shall be health data, as further specified in section 2 of this CPA.
     • Processing operations shall be those activities that are necessary for manufacture and sale of Aligner Products to Customer’s patients, as further specified in the Terms & Conditions and, in respect of Sub-Processors, in section 1of this CPA.
   • The law governing the C2P SCC shall be the law of the location of the data exporter.

3. Security of processing
   • Processor represents that Processor and each Sub-Processor and Sub-Sub-Processor has implemented and maintains appropriate technical and organizational measures to ensure a level of security appropriate to the risks for the rights and freedoms of persons, taking into account the nature, context, purposes and scope of processing, the costs of implementation and the information available to Processor. In particular, Processor will protect the Personal Data from: (i) accidental or unlawful destruction; and (ii) loss, alteration, unauthorised disclosure of or access to the Personal Data.

Such measures shall include, as appropriate:

• the pseudonymisation and encryption of Personal Data;
• the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
• the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
• a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;
• keeping the Data separate from the data and information of its other customers; as well as
• any other such security measures as notified in writing from time to time by the Controller.
  • Processor shall inform Controller without undue delay, and where feasible within 72 hours after having become aware, of any data breach concerning Personal Data (as defined by the GDPR) processed by Processor on behalf of Controller.
  • Processor undertakes a duty of confidentiality and professional secrecy and represents that Processor authorizes individuals to process the Personal Data on Processor’s behalf on a strict “need-to”-basis and that these authorized individuals have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4. Accountability
   • Where necessary, Processor shall promptly inform Controller if the processing of Personal Data by Processor is likely to result in a high risk to the data protection rights and freedoms of data subjects. Processor shall assist Controller with conducting Data Protection Impact Assessments (as defined by the GDPR) for the Processing of Personal Data by Processor on behalf of Controller.
   • Processor shall make available to Controller all information necessary to demonstrate compliance with the Regulation and shall allow for and contribute to audits conducted or mandated by Controller.

5. Rights of the individuals and cooperation. Processor shall assist Controller by implementing appropriate technical and organizational measures, for the fulfilment of Controller’s obligations to respond to, as applicable, requests for transparency, access, rectification, correction, erasure, restriction, objection, and portability of Personal Data required by the Regulation and any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of Personal Data.  In the event that any such request, correspondence, enquiry or complaint is made directly to Processor, Processor shall promptly inform Controller providing full details of the same.

When receiving a right of erasure request, Processor will restrict processing of Personal Data within five (5) days relating to such request and communicate the same obligation to any Sub-Processor engaged with processing on behalf of Processor hereunder.

6. Sub-Processors
   • Controller authorizes Processor to use the following Sub-Processors for the processing of Personal Data to perform the following services pursuant to the T&Cs on behalf of Controller:
     • ClearPath Orthodontics (PVT) Ltd., ClearPathOrthodontics, LLC and/or DentoCorrect Ltd. to manufacture the Aligner Products;
     • Ortho Organizers, Inc. (a Henry Schein, Inc. subsidiary) to review the product and case;
     • Henry Schein One, LLC for provision and maintenance of the DDX software used to enable the manufacture the Aligner Products;
     • MSG Minnesota, Inc., supporting lab scanning processes and information flow; and
     • Advanced Dental Laboratories Ltd., Ambridge Ceramics Limited and/or other third party labs to be subsequently identified hereunder for UK customers that do not use a 3Shape scanner to create and transmit the data from an impression to be used for manufacturing the Aligner Products, with these Sub-Processors instead transmitting the data from the impression to be used for manufacturing the Aligner Products.

Processor represents that the same data privacy obligations as set out in this CPA have been imposed on each of its sub-processors (“Sub-Processors”) by contract, in particular with regard to providing sufficient guarantees to implement appropriate technical and organizational measures and that Processor shall remain fully liable for any data breach caused by an act, error or omission of its Sub-Processors.

• Processor shall inform Controller of the identity and services provided by any Sub-Processors having access to Controller’s data falling under EU data protection laws before entering in a new subcontracting relationship, giving Controller the opportunity to object to such changes. This communication will be done either through an update of the information available to the Controller in the customer portal for the service, or in writing (e.g. email notification with acknowledge of receipt or other mechanism that ensures reception), and Controller should have ten (10) days to approve or reject the Sub-Processor. If the Controller remains silent, this is regarded as acceptance of the new Sub-Processor. If Controller does not approve the Sub-Processor, Processor is entitled to terminate the T&Cs (including this CPA) with immediate effect through written notice to Controller in its sole discretion.
• If a Sub-Processor is engaged by Processor to perform services pursuant to the T&Cs, Processor represents that the same data privacy obligations as set out in this CPA shall be imposed on the Sub-Processor by contract, in particular with regard to providing sufficient guarantees to implement appropriate technical and organizational measures.

7. End of Services. After the end of the provision of services in accordance with the T&Cs, Processor shall securely delete or return all Personal Data to Controller, at the choice of Controller, and securely delete all copies thereof unless the EU or an EU member state law requires ongoing storage of Personal Data.  Notwithstanding the foregoing, Processor may temporarily keep a copy of certain Personal Data when necessary to comply with a legal obligation, as long as such Personal Data is properly isolated from other data and securely stored with restricted access to the extent required by applicable law. Once such obligation has expired, Processor will securely delete all Personal Data.

Exhibit E

COUNTRY/TERRITORY SPECIFIC CLAUSES AND LAWS

THE FOLLOWING COUNTRY/TERRITORY SPECIFIC LAWS AND CLAUSES ONLY APPLY TO CUSTOMERS LOCATED IN THE APPLICABLE COUNTRY/TERRITORY DESIGNATED BELOW:

1. ITALY:

For Italy, Sections 16 and 17 of the Terms and Conditions shall read as follows:

6. PRODUCT WARRANTY.
   • HSI offers the Product warranty to its Customers as shown on Exhibit B attached hereto. HSI offers no other warranty with respect to the Products or any portion thereof.

1. DISCLAIMER OF ALL OTHER WARRANTIES. EXCEPT AS PROVIDED IN EXHIBIT B HERETO, TO THE EXTENT PERMITTED BY LAW, HSI (INCLUDING EACH HSI ENTITY) PROVIDES NO WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, REGARDING THE PRODUCTS OR SERVICES OR ANY PORTION THEREOF, INCLUDING WITHOUT LIMITATION ANY WARRANTY OF MERCHANTABILITY, FITNESS FOR PARTICULAR PURPOSE OR NON-INFRINGEMENT.
2. This Section shall survive any expiration or termination of this Agreement.

7. OTHER MATTERS.
   1. LIMITATION OF LIABILITY. TO THE EXTENT PERMITTED BY LAW, NEITHER PARTY SHALL BE LIABLE TO THE OTHER (OR, IN THE CASE OF HSI AND EACH HSI ENTITY, TO CUSTOMER’S PATIENTS) FOR INDIRECT, INCIDENTAL, PUNITIVE, SPECIAL OR CONSEQUENTIAL DAMAGES INCLUDING, BUT NOT LIMITED TO, LOST PROFITS AND LOSS OF GOODWILL, ARISING FROM OR RELATING TO ANY BREACH OF THIS AGREEMENT, AND WHETHER OR NOT OCCASIONED BY THE NEGLIGENCE OF A PARTY OR ITS AFFILIATES), REGARDLESS OF ANY NOTICE OF THE POSSIBILITY OF SUCH DAMAGES; PROVIDED THAT NOTHING IN THIS SECTION IS INTENDED TO, OR DOES, LIMIT THE CONFIDENTIALITY RIGHTS OR OBLIGATIONS OF EITHER PARTY SET FORTH HEREIN. IN NO EVENT WILL HSI’S (INCLUDING ALL OF THE HSI ENTITIES) AGGREGATE LIABILITY UNDER THIS AGREEMENT EXCEED THE AMOUNT OF FEES PAID BY CUSTOMER TO HSI UNDER THIS AGREEMENT IN THE PRECEDING 12 MONTHS.
   2. Indemnity. Customer agrees to indemnify, keep indemnified, defend and hold harmless HSI, including each HSI Entity against and from any and all claims, causes of actions, damages, debts, liabilities, losses, obligations, payments, costs and expenses (including reasonable legal expenses), arising from or relating to: (i) Customer’s breach of any term of this Agreement or of any  agreement between Customer and their patient; (ii) any actions or omissions of Customer and including  any act or failure to act in respect of a patient; (iii) Customer’s provision of incorrect or incomplete information, records, documents or impressions to HSI or any failure to timely provide HSI with any such  information, records, documents or impressions; and (iv) any dealings with any applicable regulators, licensing or professional bodies in relation to Customer. This Section shall survive any expiration or termination of this Agreement.
   3. Waiver. The Customer expressly waives to the right of recourse against HSI, pursuant to art. 131 Consumer Code (D. Lgs. n. 206/2005), with respect to sale to a consumer (i.e. to a natural person who buys for purposes not related to his business or profession or who makes the purchase without indicating a VAT number in the order form) of defective Products (whether due to production defects or otherwise) or which otherwise do not comply with this Agreement or in any other case, whether or not attributable directly to HSI.
   4. Survival. This Section shall survive any expiration or termination of this Agreement.

Agreed for the purposes of Art 1341 Italian Civil Code                …………………………………..

Signature Customer or other means of acceptance designated by HIS