Table of Contents

Privacy Statement

Last Updated: October 2025

1. Introduction

Advita Ortho, LLC (“Advita,” “Advita Ortho,” “we,” “our,” or “us”) is dedicated to the protection of any personal data provided by users of this website, advita.com (the “Site”), and our affiliated regional websites (collectively, the “Advita Sites”). We strive to balance our legitimate business interests with your privacy expectations when collecting and utilizing personal data.

Please read this Privacy Policy carefully. By accessing or using our Site, you acknowledge that you have read, understood, and agree to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Site.

This Privacy Policy has been developed in accordance with applicable privacy laws, including the European Union General Data Protection Regulation (GDPR) (EU) 2016/679, the California Consumer Privacy Act (CCPA) as amended by the CPRA, and other relevant data protection regulations.

1A. Who is the Responsible Entity for Your Personal Information?

Depending on how you interact with Advita, the responsible entity (data controller) for your personal information will be the Advita entity that:

Manages the Advita website you visit
Is responsible for the sale or distribution of Advita products in your country or region
Has a direct business or other relationship with you
Collects your personal information for its own business purposes

For users of advita.com and most U.S.-based interactions, Advita Ortho (located at 2320 NW 66th Court, Gainesville, FL 32653, United States) serves as the primary data controller.

For interactions with regional Advita sites or subsidiaries, the local Advita entity will typically serve as the data controller. You can find information about Advita’s global entities on our websites linked in the country/language selector on the top right of the page.

If you have questions about which Advita entity is the data controller for your specific situation, please contact us using the information provided in Section 25.

2. Scope of This Policy

This Privacy Policy applies specifically to information collected through advita.com, which serves as our primary website for users in the United States. Advita also operates distinct regional websites for users in other parts of the world, accessible via the “Change Location” selector on our sites (collectively, the “Advita Sites”).

Each regional Advita Site may have its own privacy policy tailored to local laws and practices. If you are visiting a regional Advita Site, please refer to the privacy policy posted on that specific site, as it will govern your interaction with that regional site. This Privacy Policy provides general information about our privacy practices, with a primary focus on advita.com.

Important: This policy does not apply to information collected offline, through mobile applications, standalone software platforms, or through any other means not directly related to your use of this website. Advita’s mobile applications, surgical planning software, and other digital platforms have their own separate privacy notices that govern data collection and use within those specific applications.

3. Information We Collect

We collect information in the following ways:

3A. Information You Provide Directly

We collect personal information that you voluntarily provide to us when you:

Contact us through our website forms (e.g., “Contact Us,” “Request Information”).
Express interest in obtaining information about our products or services.
Sign up for newsletters, webinars, or marketing communications.
Communicate with our customer support or other representatives.
Apply for a job through our careers portal (which may be hosted by a third-party service provider with its own privacy policy).

The types of personal information you may provide include:

Contact Information: Name, email address, postal address, phone number.
Professional Information: Job title, company/organization, specialty (for healthcare professionals), professional licenses and credentials, areas of medical expertise.
Account Information: Account credentials, access history, and user preferences (where applicable).
Financial Information: Bank details, VAT numbers, payment information for reimbursements or transactions (where applicable).
National Identifiers: Driver’s license, passport, or other government-issued identification (when required for verification purposes).
Due Diligence Information: Information collected for business verification, conflict of interest checks, background verification, and compliance screening.
Travel and Event Information: Details related to participation in medical conferences, training events, travel arrangements, dietary restrictions, and accessibility needs.
Training and Education Information: Records of educational activities, continuing medical education (CME) credits, certification completions.
Audio-Visual Information: Photos, videos, and voice recordings from events, training sessions, or testimonials (with explicit consent).
Inquiry Details: Information you provide in your communications with us, including the nature of your inquiry or interest.
Marketing Preferences: Your preferences for receiving marketing communications.
Feedback and Survey Information: Responses to customer satisfaction surveys, product feedback, and research participation.
Publicly Available Information: Information from professional networking platforms (like LinkedIn), medical society directories, and public social media posts relevant to our business relationship.
Special Categories of Personal Data/Sensitive Personal Information: In limited circumstances and with appropriate safeguards, we may collect:
- Health information related to adverse event reports or product safety investigations
- Information about medical conditions when voluntarily provided in product inquiries
- Patient pre- and post-operative outcomes for research and statistical purposes (with proper consent and de-identification)
- Criminal background information for due diligence procedures (where legally required)
- Biometric identifiers for security purposes at facilities or events (where legally permitted and with consent)

Important Note About Sensitive Information: If you choose not to provide personal information we reasonably require, it may limit our ability to provide the information or services you have requested. We only collect sensitive personal information when necessary and with appropriate legal safeguards.

3B. Information We Collect Automatically

When you visit, use, or navigate the Site, we may collect certain information automatically from your device and usage. This information does not typically reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Site, and other technical information. This information is primarily needed to maintain the security and operation of our Site, and for our internal analytics and reporting purposes.

The technologies we use for this automatic data collection may include:

Cookies and Similar Technologies: As detailed in Section 9 (“Cookies and Similar Technologies”) and Section 11 (“List of Cookies We Use”).
Log Files: Our web servers automatically log standard access information such as browser type, access times/open mail, URL requested, and referral URL.
Web Beacons (or Pixel Tags): Pages of our Site and our e-mails may contain small electronic files known as web beacons that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (e.g., recording the popularity of certain website content and verifying system and server integrity).
Analytics Services: We use third-party analytics services (like Google Analytics, Microsoft Clarity) to help us understand how users engage with the Site. These services may use cookies and similar technologies to collect and analyze information about site usage and report on activities and trends.

Under the GDPR, this type of automatic data collection is generally considered processing based on our legitimate interests in improving our website and services, as outlined in Article 6(1)(f). Under the CCPA, this information falls under the categories of “identifiers,” “internet or other electronic network activity information,” and “geolocation data” as defined in Section 1798.140.

3C. How We Collect Your Personal Information

We collect personal information through various means:

Directly from you, such as when you:

Create an account on any Advita website, app, or system
Purchase or inquire about Advita products and services
Use Advita apps, systems, or online platforms
Contact us through website forms, phone, email, or in person
Sign up for marketing materials, newsletters, webinars, or other communications
Visit our websites or engage with online content
Engage with our sales representatives, customer support, or call centers
Respond to surveys, provide feedback, or give testimonials
Submit forms to request product samples or information
Report adverse events or submit product inquiries
Attend online or offline meetings, training sessions, or events
Use your company’s authentication services to access our systems
Share or use social media profiles to contact or engage with Advita
Undergo due diligence or background checks as part of our business relationship

From other sources, such as:

Your organization as part of our business relationship with them
Healthcare professionals when they order Advita products for patient treatment
Healthcare professionals who report adverse events related to our products
Third parties reporting concerns or providing information relevant to our business
Publicly available repositories, professional directories, or databases
Government agencies or regulatory bodies
Marketing service providers and event management companies
Travel agencies and accommodation providers for business events
Professional networking platforms (LinkedIn, medical society directories)
Consultants, law firms, or other representatives acting on your behalf
Entities facilitating business transactions, mergers, or acquisitions
Social media platforms where Advita products are mentioned or discussed

If you connect your social media account to our websites or apps, you may share certain personal information from your social media account with us, including your name, email address, profile information, and any other information you make accessible to us.

We may combine information about you from various sources, including information you provide directly and information collected during your relationship with us.

4. How We Use Your Information

We use the personal information we collect for various business purposes, including:

4A. To manage our relationship with you:

Conduct due diligence before establishing business relationships or as part of mergers and acquisitions
Provide our products and services and manage interactions with you and your organization
Manage your account and access to online services, webcasts, educational programs, and other resources
Identify you and authenticate your access rights to our websites, systems, and applications
Provide customer support and respond to inquiries about our products, services, or company
Provide you with information about our products and services when requested or when we believe they may be of interest
Invite you to provide feedback, participate in research, surveys, or attend events
Personalize content and recommendations, particularly for medical education and professional development
Perform analytics and market research to understand preferences and improve our communications
Report product issues, adverse events, and safety information to ensure product safety
Engage with you on professional initiatives, publications, and collaborations
Manage events you participate in and coordinate travel arrangements
Offer relevant training and educational opportunities
Verify professional credentials and eligibility for accessing certain products or services
Store your preferences for future interactions and communications
Create campaigns designed around your interests and optimize customer services
Enable participation in online communities, including social media channels
Test new products and services and keep you informed of developments
Resolve consumer and product/service issues efficiently
Manage contract and tender processes
Register visitors to facilities and organized events and conferences
Provide personalized messages, special offers, and advertisements relevant to your interests

4B. To manage and improve our business operations:

Manage network and information systems security
Process orders, payments, and reimbursements
Administer the supply and distribution of our products
Respond to adverse event reports and monitor product safety
Respond to customer requests and government agency requirements
Maintain records related to our business relationship with you
Perform data analysis, auditing, and research to improve our platforms, content, and services
Monitor and analyze trends, usage, and activities to make improvements
Prepare management reporting and analytics

4C. To achieve other legitimate purposes:

Comply with applicable laws and regulations
Communicate changes to our terms, conditions, and policies
Handle potential, threatened, or actual disputes and litigation
Investigate and address illegal or harmful behavior and policy violations
Protect vital interests of individuals and public safety
Support business transfers, mergers, or acquisitions
Fulfill recruitment and employment purposes

For each of these purposes, we rely on one or more legal bases depending on the nature of the processing and applicable law:

Consent: Where you have given clear consent for us to process your personal data for a specific purpose, such as marketing communications or certain cookies.
Contractual Necessity: Where processing is necessary to fulfill our contractual obligations to you or to take steps at your request before entering into a contract.
Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.
Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.

For more information about the specific legal basis we rely on for a particular processing activity, you may contact us using the details provided in Section 25.

5. Legal Bases for Processing Your Information

We process your personal information based on one or more of the following legal grounds:

Legal Basis	When We Use It	Examples
Consent	When you have given clear consent for specific purposes	Marketing communications, optional cookies, newsletter subscriptions
Contractual Necessity	When processing is necessary to perform a contract with you	Order processing, customer account management, service delivery
Legal Obligation	When we must process data to comply with legal requirements	FDA reporting, tax obligations, regulatory compliance, safety reporting
Vital Interests	When processing is necessary to protect life or prevent serious harm	Medical emergency situations, safety alerts
Legitimate Interests	When we have a legitimate business interest that doesn’t override your rights	Website analytics, fraud prevention, business communications, security monitoring
Public Task	When processing is necessary for tasks in the public interest	Public health and safety reporting, medical device surveillance
Substantial Public Interest	When processing special categories of data is necessary for substantial public interest	Medical device safety monitoring, public health protection, regulatory compliance
Scientific Research	When processing is necessary for scientific or historical research purposes	Clinical research studies, product development research (with appropriate safeguards)
Preventive Medicine	When processing is necessary for preventive or occupational medicine	Medical diagnosis, health assessments pursuant to contracts with healthcare professionals
Public Health	When processing is necessary for public health in the public interest	Ensuring high standards of quality and safety of healthcare and medical products
Legal Claims	When processing is necessary for establishment, exercise, or defense of legal claims	Court proceedings, regulatory investigations, dispute resolution

Legal Basis Details:

Consent: We only process your personal information based on consent when you have given clear, specific, informed, and freely given consent. You can withdraw consent at any time, though this will not affect the lawfulness of processing before withdrawal.

Legitimate Interests: When we rely on legitimate interests, we have conducted balancing tests to ensure our interests don’t override your fundamental rights and freedoms. Our legitimate interests include:

Operating and improving our business and services
Ensuring network and information security
Preventing fraud and ensuring legal compliance
Direct marketing to existing customers
Supporting research and development activities
Managing business relationships and communications

You have the right to object to processing based on legitimate interests.

6. Artificial Intelligence and Automated Processing

We may use artificial intelligence (AI) and machine learning technologies to improve our services, enhance user experience, and support our business operations. When we use AI services, we implement strict data minimization and privacy protection measures.

AI processing activities may include analyzing inquiries to provide better responses, website optimization, customer support enhancement, and content personalization. We only send the minimum necessary information to AI services and ensure that AI service providers do not retain data longer than necessary or use your data to train their models without appropriate safeguards.

Automated Decision-Making: We do not make solely automated decisions that would significantly affect you, including healthcare recommendations, medical advice, access to services, or employment decisions. Any automated processing we use is designed to assist human decision-makers, not replace them.

You have the right to object to AI processing of your personal data, request information about AI processing that affects you, and request human intervention in any automated processes.

7. Information Sharing and Disclosure

We may share your personal information in the following situations:

With Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include:
- Call center support and customer service providers
- Companies performing technological maintenance and IT support
- Email and postal mail processing services
- Cloud-based server hosting and data analysis services
- Marketing and advertising agencies
- Event management and travel booking services
- Professional advisors such as auditors, accountants, consultants, and lawyers

We contractually require our service providers to protect your personal information and only use it for the purposes for which it was disclosed.

With Affiliates: We may share your information with our affiliates (i.e., companies within the Advita group), in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
For Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.
As Required by Law or to Protect Rights: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements). We may also disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
With Your Consent: We may disclose your personal information for any other purpose with your consent.

Important: We do not share your personal information with unaffiliated third parties for their own direct marketing purposes without your consent.

8. Healthcare and Medical Device Specific Considerations

Why This Section Applies to You: As a medical device manufacturer, Advita operates under strict regulatory oversight that affects how we collect, process, and protect your information. These requirements exist to ensure patient safety and product quality. Even if you’re not a healthcare professional, this section explains additional protections and legal obligations that may apply to your interactions with us.

8A. Medical Device Manufacturer Obligations

As a medical device manufacturer regulated by the FDA and other international regulatory bodies, we have specific obligations regarding data collection and processing:

Regulatory Compliance: We collect and process certain information to comply with FDA medical device reporting requirements, post-market surveillance obligations, and other regulatory mandates.
Quality Management: Information related to product inquiries, complaints, or adverse events may be processed for quality management and regulatory reporting purposes.
Clinical Data: Any clinical or research data is handled with enhanced security measures and in compliance with Good Clinical Practice (GCP) guidelines.
Post-Market Surveillance: We may process information related to device performance, user feedback, and safety monitoring as required by regulatory authorities.

8B. Healthcare Professional Verification

When healthcare professionals interact with our services, we may:

Professional Credentials: Verify medical licenses, credentials, and professional standing through third-party verification services
Continuing Education: Track completion of educational activities as required for continuing medical education (CME) credit
Specialty Information: Maintain information about medical specialties and practice areas to provide relevant content and communications
Institutional Affiliations: Verify hospital or clinic affiliations for appropriate content and service access

8C. HIPAA and Protected Health Information

While this website does not typically process patient health information covered by HIPAA, we recognize our responsibility when such information might be encountered:

Limited PHI Processing: Any protected health information inadvertently received through inquiries or communications is handled with enhanced security measures
Business Associate Agreements: When we act as a business associate to covered entities, we maintain appropriate Business Associate Agreements (BAAs)
Incident Reporting: Any potential exposure of health information is reported in accordance with applicable breach notification requirements
Access Controls: Enhanced access controls and audit trails for any systems that might process health-related information

8D. Clinical Trial and Research Data

When processing data related to clinical trials or research activities:

Informed Consent: All clinical trial participants provide separate, specific informed consent for data processing
Pseudonymization: Clinical data is pseudonymized or anonymized where possible to protect participant identity
Regulatory Compliance: All clinical data processing complies with ICH-GCP guidelines, FDA regulations, and applicable international standards
Data Integrity: Measures to ensure data integrity, including audit trails and version control, are implemented
Long-term Retention: Clinical data may be retained for extended periods as required by regulatory authorities

8E. Adverse Event and Safety Reporting

As a medical device manufacturer, we have specific obligations regarding safety information:

Mandatory Reporting: Certain safety information must be reported to regulatory authorities within specified timeframes
Global Sharing: Safety data may be shared with regulatory authorities worldwide as required by law
Contact Information: We maintain contact information for individuals who report safety concerns for follow-up as required
Medical Information Requests: Healthcare professionals may request medical information about our products, which we track for regulatory purposes

8F. Healthcare Industry Communications

Our communications with healthcare professionals are subject to additional regulations:

Promotional Regulations: All promotional communications comply with FDA promotional regulations and industry codes
Fair Balance: Risk information is appropriately balanced with benefit information in all communications
Off-Label Restrictions: We do not promote off-label uses of our medical devices through website communications
Sunshine Act: Certain interactions with healthcare professionals may be subject to transparency reporting requirements

9. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the type of information and the purpose for which it was collected:

Retention Periods by Data Category:

Data Category	Retention Period	Legal/Business Justification
Contact Inquiries	3 years from last contact	Business relationship management, follow-up opportunities
Marketing Communications	Until consent withdrawn + 1 year	Consent management, suppression list maintenance
Website Analytics Data	26 months (Google Analytics default)	Website optimization, user experience improvement
Cookie Data	Varies by cookie type (see Section 11)	Functional requirements, analytics, marketing preferences
Job Applications	2 years from application date	Equal employment opportunity compliance, future opportunities
Medical Device Inquiries	7 years minimum	FDA regulatory requirements, product liability statute of limitations
Adverse Event Reports	15 years minimum	FDA regulatory requirements (21 CFR 820.180)
Customer Support Records	5 years from last interaction	Service quality, regulatory compliance, dispute resolution
Legal/Compliance Records	7 years or as required by law	Statute of limitations, regulatory requirements
Security Logs	1 year	Security monitoring, incident investigation

Retention Criteria

When specific retention periods are not listed above, we determine retention periods based on:

Legal Requirements: Applicable laws, regulations, and industry standards
Business Purpose: The ongoing business need for the information
Data Sensitivity: The nature and sensitivity of the personal information
Risk Assessment: Potential risks to individuals from continued retention
Technical Feasibility: Practical considerations for data deletion

General Principles:

In some jurisdictions, we are legally required to keep your personal information for specific periods
Otherwise, we only keep information for as long as necessary for the purpose for which it was collected
At the end of the retention period, your personal information will either be deleted completely or de-identified (for example, by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning)

Secure Deletion

When personal information reaches the end of its retention period, we securely delete or anonymize it using industry-standard methods. For certain regulated data, we maintain certificates of destruction as required by law.

10. Cookies and Similar Technologies

Our Site uses cookies and similar tracking technologies to collect and store certain information. These technologies help us analyze traffic, customize content, remember your preferences, and support our marketing efforts.

What Are Cookies?

Cookies are small text files that are stored on your device when you visit a website. They are widely used to make websites work more efficiently and provide information to the website owners. Cookies can be “persistent” (remaining on your device until you delete them) or “session” (deleted when you close your browser).

Types of Cookies We Use

We use the following types of cookies on our Site:

Strictly Necessary Cookies: These cookies are essential for the operation of our Site and enable core functionality such as security, network management, and account access. You cannot opt out of these cookies as the Site cannot function properly without them.
Analytics/Performance Cookies: These cookies help us understand how visitors interact with our Site by collecting and reporting information anonymously. They help us improve the way our Site works.
Functional Cookies: These cookies enable enhanced functionality and personalization, such as remembering your preferences or settings.
Targeting/Advertising Cookies: These cookies are used to deliver advertisements more relevant to you and your interests, limit the number of times you see an advertisement, and help measure the effectiveness of advertising campaigns.

Cookie Consent and Management

When you first visit our Site, you will be presented with a cookie banner powered by CookieYes that allows you to accept or decline non-essential cookies. This consent mechanism complies with regulations such as the GDPR (Article 7) and the ePrivacy Directive, which require clear, affirmative consent for non-essential cookies.

You can change your cookie preferences at any time by:

Clicking on the “Cookie Settings” or “Cookie Preferences” link in the footer of our Site
Clicking on the floating CookieYes icon (if enabled) on our website
Clearing your browser cookies and revisiting our site to see the banner again
Controlling cookies through your browser settings

Please note that disabling certain cookies may impact the functionality of our Site.

Third-Party Cookies

Some cookies are placed by third parties on our behalf. These third parties may collect information about your online activities over time and across different websites. We do not control these third parties or their use of cookies. For more information about these third-party cookies, please see Section 11 (“List of Cookies We Use”) or visit the third parties’ respective privacy policies.

Do Not Track Signals

Some browsers have a “Do Not Track” feature that signals to websites that you do not want to have your online activities tracked. Our Site currently does not respond to “Do Not Track” signals. However, you can usually choose how your browser handles cookies and similar technologies through your browser settings.

For more detailed information about the specific cookies we use, please see Section 11 (“List of Cookies We Use”).

11. List of Cookies We Use

The following table provides details about the specific cookies and similar technologies we use on our Site. This list is updated regularly, but if you notice any discrepancies, please contact us.

Cookie Name	Provider	Purpose	Category	Duration
_ga	Google Analytics	Distinguishes unique users and sessions	Analytics	2 years
ga[container-id]	Google Analytics 4	Stores session and campaign data for GA4	Analytics	2 years
_gid	Google Analytics	Distinguishes users for 24-hour period	Analytics	24 hours
gat_gtag[property-id]	Google Analytics	Throttles request rate to Google Analytics	Analytics	1 minute
_clck	Microsoft Clarity	Persists Clarity User ID and preferences	Analytics	1 year
_clsk	Microsoft Clarity	Connects multiple page views in a single session	Analytics	1 day
__hstc	HubSpot	Tracks visitors and sessions	Marketing	13 months
__hssc	HubSpot	Tracks sessions and determines new sessions	Marketing	30 minutes
__hssrc	HubSpot	Determines if visitor has restarted browser	Marketing	Session
hubspotutk	HubSpot	Tracks visitor identity for lead tracking	Marketing	13 months
__cf_bm	Cloudflare	Bot management and security	Strictly Necessary	30 minutes
cf_clearance	Cloudflare	Security challenge clearance	Strictly Necessary	1 year
wordpress_*	WordPress/WP Engine	Authentication and user preferences	Strictly Necessary	Session/2 weeks
wp-settings-*	WordPress/WP Engine	User interface customization	Functional	1 year
PHPSESSID	PHP/Web Server	Maintains user session state	Strictly Necessary	Session
cookieYes	Advita (CookieYes – Cookie Consent Tool)	Stores user cookie preferences	Strictly Necessary	1 year
_fbp	Facebook/Meta	Facebook Pixel for advertising and analytics	Marketing	3 months
_gcl_au	Google Ads	Google Ads conversion tracking	Marketing	3 months
li_sugr	LinkedIn	LinkedIn Insight Tag for advertising	Marketing	3 months
bcookie	LinkedIn	LinkedIn browser identification	Marketing	1 year

Managing Your Cookie Preferences

You can manage your cookie preferences through:

CookieYes Preference Center: Use our cookie preference center powered by CookieYes (accessible via the footer link or floating icon)
Browser Settings: Configure your browser to block or delete cookies
Opt-Out Tools: Use industry opt-out tools like NAI Opt-Out or DAA Opt-Out

12. Your Choices and Rights

Depending on your location and applicable law, you may have certain rights regarding your personal information. These rights may include:

Right to Access: You may have the right to request access to the personal information we hold about you.
Right to Rectification: You may have the right to request correction of inaccurate or incomplete personal information.
Right to Erasure (Right to be Forgotten): You may have the right to request deletion of your personal information under certain conditions.
Right to Restrict Processing: You may have the right to request that we restrict the processing of your personal information under certain conditions.
Right to Data Portability: You may have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller, under certain conditions.
Right to Object: You may have the right to object to the processing of your personal information under certain conditions, particularly for direct marketing purposes.
Right to Withdraw Consent: Where we rely on your consent to process your personal information, you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing before the withdrawal.
Right to Opt-Out of Sale or Sharing (for California Residents): If you are a California resident, you have the right to opt-out of the “sale” or “sharing” of your personal information. We do not “sell” personal information in the traditional sense of exchanging it for monetary payment. However, some uses of cookies for analytics or targeted advertising may be considered a “sale” or “sharing” under California law. You can exercise this right through our cookie consent management tool or by contacting us.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

Exercising Your Rights:

To exercise any of these rights, please contact us using the details provided in Section 25.

For EU/EEA residents, the GDPR provides specific timeframes for responding to requests – typically within one month, with possible extensions of up to two additional months for complex requests. For California residents, the CCPA requires responses within 45 days, with possible extensions of up to an additional 45 days.

If you are not satisfied with our response to your request, you may have the right to lodge a complaint with a supervisory authority. For EU/EEA residents, you can find your national data protection authority on the European Data Protection Board website.

Managing Cookie Preferences:

As described in Section 9, you can manage your cookie preferences through our cookie consent management tool, accessible via a link typically in the footer of our Site. You can also control cookies through your browser settings.

Opting Out of Marketing Communications:

You can opt-out of receiving promotional emails from us by clicking the “unsubscribe” link provided in such emails or by contacting us directly. Please note that even if you opt-out of marketing communications, we may still send you non-promotional messages, such as those related to your inquiries or administrative matters.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Your California Rights Include:

Right to Know: Request information about personal information collected, used, disclosed, or sold
Right to Delete: Request deletion of personal information we have collected
Right to Correct: Request correction of inaccurate personal information
Right to Opt-Out: Opt out of the “sale” or “sharing” of personal information
Right to Limit: Limit use and disclosure of sensitive personal information
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

California Categories of Personal Information

In the past 12 months, we may have collected the following categories of personal information from California residents:

Identifiers (name, email, IP address)
Commercial information (inquiries, preferences)
Internet activity (website usage, browsing history)
Professional information (job title, company, medical specialization)
Inferences (preferences, characteristics derived from other information)

Sensitive Personal Information

Under the CPRA, we may collect the following categories of “Sensitive Personal Information”:

Precise Geolocation: When you enable location services for our website
Health Information: If you voluntarily provide health-related information in inquiries about medical devices
Professional Credentials: Medical license numbers or professional certifications when verifying healthcare professional status

Use of Sensitive Personal Information: We use sensitive personal information only for the purposes disclosed in this policy and as permitted by CPRA, including:

Providing requested services and information
Ensuring security and integrity of our systems
Complying with legal obligations
Verifying professional credentials for healthcare-specific content access

You have the right to limit our use and disclosure of your sensitive personal information to these specified purposes. To exercise this right, contact us using the methods below.

Authorized Agents

You may designate an authorized agent to submit privacy rights requests on your behalf. To use an authorized agent:

Provide written authorization signed by you giving the agent permission to act on your behalf
The agent must verify their identity to us
We may require you to verify your identity directly with us
We may require you to confirm that you provided the agent permission to submit the request

How to Exercise Your Rights

To exercise your California privacy rights:

Email: privacy@advita.com with “California Privacy Request” in the subject line
Call: 1-833-4ADVITA (1-833-423-8482) (toll-free for California residents)
Mail: Advita Ortho, Attn: California Privacy Rights, 2320 NW 66th Court, Gainesville, FL 32653

13. Data Security

We make sure your personal information is treated with the utmost care and in accordance with our policies and procedures, and we take appropriate steps to protect it.

Our Security Measures Include:

Technical safeguards such as encryption, access controls, secure servers, and network security monitoring
Organizational measures including staff training, data handling procedures, and incident response protocols
Regular security assessments, vulnerability testing, and system monitoring
Careful vetting of service providers who work with us to ensure they have appropriate security measures
Compliance with industry standards and legal requirements, including Article 32 of the GDPR

Important Security Notice: We do not sell your personal information. However, please remember that no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. You should only access the Site within a secure environment.

Our Commitment: We regularly monitor our security measures for possible vulnerabilities and attacks, and we continuously work to improve our data protection practices to maintain the highest standards of security for your personal information.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by law, the affected individuals, in accordance with applicable data protection laws.

14. Data Breach Notification

We have implemented comprehensive security incident response procedures to protect your personal information. In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

Notify Authorities: Report the breach to relevant supervisory authorities within the timeframes required by law (typically within 72 hours under GDPR)
Notify Affected Individuals: Inform affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms
Provide Clear Information: Explain the nature of the breach, data involved, potential consequences, and steps being taken to address it
Offer Support: Provide assistance and resources to help affected individuals protect themselves

Our breach notifications will include recommended actions you can take to protect yourself and contact information for questions about the incident. We also conduct thorough post-incident analysis to prevent similar occurrences and improve our security measures.

If you believe you have been affected by a data breach or have security concerns, please contact us immediately using the information provided in Section 25.

15. International Data Transfers

As a global company, we may transfer your personal information to countries outside your residence, including the United States. We ensure appropriate safeguards are in place for all international transfers.

Transfer Mechanisms

We use the following legal mechanisms for international data transfers:

Adequacy Decisions: Transfers to countries deemed adequate by the European Commission (UK, Canada, Japan, etc.)
EU-US Data Privacy Framework: Advita Ortho, LLC intends to self-certify to the EU-US Data Privacy Framework (DPF), UK Extension, and Swiss-US DPF as set forth by the U.S. Department of Commerce. Until certification is complete, we rely on Standard Contractual Clauses and other lawful transfer mechanisms for international transfers.
Standard Contractual Clauses (SCCs): EU-approved contractual terms for transfers to countries without adequacy decisions
Binding Corporate Rules: Where available from multinational service providers

Safeguards for International Transfers: When we transfer personal information to countries outside your jurisdiction, we ensure appropriate safeguards are in place:

We obtain written assurances from any third party given access to your data to require them to adopt standards that ensure an equivalent level of protection
We implement standardized corporate safeguards and contractual measures based on European Commission Model Clauses for internal data transfers to Advita affiliates
Different standards may apply to how your data is used and protected in other countries, but we maintain consistent protection standards regardless of location

Data Privacy Framework Certification

Advita Ortho, LLC intends to self-certify to the EU-US Data Privacy Framework (DPF), UK Extension, and Swiss-US DPF. Until certification is complete, we rely on Standard Contractual Clauses and other lawful transfer mechanisms for international transfers for:

Customer and prospect contact information
Website visitor data and analytics
Marketing and communications data
Healthcare professional verification data
Product inquiry and support data

Under the DPF, we are subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Supplementary Protection Measures

For transfers to countries without adequacy decisions or DPF coverage, we implement additional safeguards:

Technical Measures: Encryption in transit and at rest, pseudonymization where feasible
Contractual Measures: Enhanced data protection clauses, transparency obligations
Organizational Measures: Staff training, access controls, audit procedures
Legal Assessment: Regular review of destination country laws and practices

16. Regional Websites and Navigating advita.com

As mentioned in Section 2, advita.com is our primary website for users in the United States. Advita maintains distinct websites tailored for users in other specific countries or regions. You can typically find a “Change Location” or similar selector on our websites to navigate to the Advita Site most relevant to your location.

We encourage you to visit the Advita Site specific to your region for the most relevant information, products, services, and the applicable privacy policy. The privacy policy posted on the specific regional Advita Site you are visiting will govern your interaction and data processing on that site.

If you are unsure which site is most appropriate for you, or if you are an international visitor to advita.com, please be aware that this Privacy Policy is primarily oriented towards our U.S. operations, though it incorporates principles of global data protection standards. For specific rights and information applicable to your region, please consult the privacy policy of your local Advita Site if available, or contact us.

17. Third-Party Data Processors

We work with trusted third-party service providers who process personal data on our behalf to help us operate our website and provide our services. These processors are contractually required to protect your personal information and only use it for the specific purposes we authorize.

Categories of Third-Party Processors:

Technology and Infrastructure Providers: Web hosting, cloud storage, content delivery networks, and IT support services
Analytics and Performance Services: Website analytics, user experience monitoring, and performance optimization tools
Marketing and Communication Services: Email marketing platforms, customer relationship management systems, and marketing analytics
Customer Support Services: Help desk software, chat services, and customer service platforms
Security Services: Cybersecurity monitoring, fraud detection, and security assessment tools
Professional Services: Legal, accounting, consulting, and other professional service providers

Processor Safeguards:

All third-party processors are required to:

Implement appropriate technical and organizational security measures
Process personal data only on our documented instructions
Maintain confidentiality of personal data
Assist with data subject rights requests when required
Delete or return personal data at the end of the service relationship
Comply with applicable data protection laws and regulations

We regularly review our third-party relationships and conduct due diligence to ensure ongoing compliance with our data protection standards. For international data transfers, we implement appropriate safeguards as described in Section 15.

18. Children’s Privacy

Children Under 16: Our Site is not intended for or directed at children under the age of 16 (or the relevant age of digital consent in your jurisdiction). We do not knowingly collect personal information from anyone we know to be under the age of 16 without prior, verifiable consent from their legal representative.

Parental Rights: If we do collect information from a child under 16 with parental consent, the legal representative has the right to:

Request to view the information provided by the child
Require that the information be deleted
Withdraw consent at any time

If you believe that we might have any information from or about a child under 16, please contact us immediately using the details provided in Section 25, and we will take steps to delete that information as soon as possible.

19. Other US State Privacy Rights

If you are a resident of certain other US states, you may have additional privacy rights under your state’s consumer data protection laws. As of 2025, the following states have enacted comprehensive consumer privacy legislation:

States with Enacted Privacy Laws:

Virginia: Virginia Consumer Data Protection Act (VCDPA) – Effective January 1, 2023
Colorado: Colorado Privacy Act (CPA) – Effective July 1, 2023
Connecticut: Connecticut Data Privacy Act (CTDPA) – Effective July 1, 2023
Utah: Utah Consumer Privacy Act (UCPA) – Effective December 31, 2023
Texas: Texas Data Privacy and Security Act (TDPSA) – Effective July 1, 2024
Oregon: Oregon Consumer Privacy Act (OCPA) – Effective July 1, 2024
Montana: Montana Consumer Data Privacy Act – Effective October 1, 2024
Florida: Florida Digital Bill of Rights – Effective July 1, 2024 (limited scope)
Iowa: Iowa Consumer Data Protection Act – Effective January 1, 2025
New Hampshire: New Hampshire Privacy Act – Effective January 1, 2025
Nebraska: Nebraska Data Privacy Act – Effective January 1, 2025
New Jersey: New Jersey Data Privacy Act – Effective January 15, 2025
Delaware: Delaware Personal Data Privacy Act – Effective January 1, 2025
Maryland: Maryland Online Data Privacy Act – Effective October 1, 2025
Minnesota: Minnesota Consumer Data Privacy Act – Effective July 31, 2025
Tennessee: Tennessee Information Protection Act – Effective July 1, 2025
Indiana: Indiana Consumer Data Protection Act – Effective January 1, 2026
Kentucky: Kentucky Consumer Data Act – Effective January 1, 2026
Rhode Island: Rhode Island Data Transparency and Privacy Protection Act – Effective January 1, 2026

Your Rights Under State Privacy Laws May Include:

Right to Know: Information about what personal data we collect and how we use it
Right to Access: Request a copy of your personal data
Right to Correct: Request correction of inaccurate personal data
Right to Delete: Request deletion of your personal data
Right to Data Portability: Receive your data in a portable format (where applicable)
Right to Opt-Out: Opt out of the sale or sharing of personal data for targeted advertising
Right to Non-Discrimination: Not receive discriminatory treatment for exercising your rights

Exercising Your State Privacy Rights:

To exercise any of these rights, please contact us using the methods provided in Section 25. We will respond to your request within the timeframes required by applicable state law (typically 45 days, with possible extensions).

Important Notes:

Not all rights are available under all state laws
Some state laws have different thresholds for applicability to businesses
Certain exemptions may apply depending on the type of data or business relationship
We may need to verify your identity before processing your request

20. Global Privacy Control and Browser Signals

We recognize and respond to certain privacy signals that your browser or device may send. This section explains how we handle these automated privacy preferences.

Global Privacy Control (GPC)

Global Privacy Control is a browser signal that allows you to opt out of the sale or sharing of your personal information across participating websites. We recognize and honor GPC signals as follows:

Automatic Recognition: Our systems automatically detect GPC signals from your browser or device
Immediate Effect: GPC signals are processed in real-time to opt you out of data sales/sharing
Scope: GPC applies to the sale or sharing of personal information for cross-context behavioral advertising
No Account Required: GPC works without requiring you to create an account or verify your identity
Persistent: Your GPC preference may be maintained across your visits to our site

How to Enable GPC

To send a GPC signal, you can:

Enable GPC in browsers that support it (such as DuckDuckGo, Brave, or Firefox with privacy extensions)
Install browser extensions that support GPC (such as Privacy Badger, DuckDuckGo Privacy Essentials)
Use privacy-focused mobile browsers that include GPC functionality
Configure certain VPN services that support GPC signaling

Do Not Track (DNT) Signals

We do not currently respond to Do Not Track (DNT) signals. We do honor Global Privacy Control (GPC) signals where legally required.

We respect your cookie preferences as set through our cookie consent management tool
You can opt out of targeted advertising through industry opt-out tools
Our cookie policy (Section 9) explains how to control tracking technologies

State Law Requirements for Privacy Signals

Certain US state laws require us to honor privacy signals:

California: CPRA requires recognition of opt-out preference signals for sales/sharing
Colorado: CPA allows consumers to use universal opt-out mechanisms
Connecticut: CTDPA includes provisions for universal opt-out mechanisms
Other States: We monitor developing requirements for privacy signal recognition

Technical Implementation

Our website’s technical implementation includes:

Signal Detection: Automatic detection of GPC headers and JavaScript APIs
Cookie Management Integration: Coordination with our CookieYes consent management platform
Third-Party Communication: Transmission of opt-out preferences to applicable third-party services
Persistent Preferences: Maintenance of your preferences across sessions

Limitations and Scope

Please note the following limitations:

Scope: Privacy signals primarily affect targeted advertising and data sales, not all data processing
Essential Functions: Signals do not affect strictly necessary cookies or core website functionality
Account Services: Signals may not affect data processing necessary to provide requested services
Legal Obligations: Signals do not prevent processing required by law

Verifying Signal Recognition

To verify that we have received and honored your privacy signal:

Check your browser’s developer tools for network requests showing signal transmission
Review the cookie consent banner behavior on our site
Contact our privacy team for confirmation (Section 25)
Use our privacy request form to verify your current opt-out status

21. Social Media Integrations and Third-Party Content

Our website may include social media features, embedded content, and sharing tools that can collect information about your interaction with our site.

Social Media Features:

Social Sharing Buttons: LinkedIn, Twitter/X, Facebook, and other platform sharing tools
Embedded Content: YouTube videos, LinkedIn posts, Twitter feeds
Social Login: Ability to log into certain services using social media accounts (where available)
Professional Networking: LinkedIn integration for professional verification and networking

Data Collection by Social Media Platforms:

When you interact with social media features on our site, the respective platforms may collect:

Your IP address and device information
Information about your visit to our website
Cookies and tracking pixels from the social media platform
Your interactions with the social media features (clicks, shares, likes)
Your social media profile information (if logged in)

Third-Party Privacy Policies:

Social media integrations are governed by the respective platforms’ privacy policies:

LinkedIn: LinkedIn Privacy Policy
YouTube/Google: Google Privacy Policy
Twitter/X: X Privacy Policy
Facebook/Meta: Meta Privacy Policy
Instagram: Instagram Privacy Policy

Managing Social Media Data Collection:

You can control social media data collection through:

Cookie Settings: Use our cookie preference center to block social media cookies
Browser Settings: Configure your browser to block third-party cookies
Social Media Settings: Adjust privacy settings on your social media accounts
Private Browsing: Use incognito/private browsing mode to limit tracking

22. Session Recording and User Experience Analysis

We may use session recording and user experience analysis tools to understand how visitors interact with our website and improve our user experience.

Session Recording Technologies:

Microsoft Clarity: Records user sessions to analyze website usage patterns
Heat Mapping: Visual representation of where users click, scroll, and spend time
User Journey Analysis: Tracking of user paths through our website
Form Analytics: Analysis of form completion and abandonment rates

Information Captured:

Mouse movements, clicks, and scrolling behavior
Page navigation and time spent on pages
Device screen size and browser window dimensions
General location information (country/region level)
Anonymized user interactions with website elements

Data Protection Measures:

Sensitive Data Masking: Automatic masking of form inputs and sensitive content
Exclusion Lists: Certain pages excluded from recording (e.g., privacy policy, contact forms)
IP Anonymization: IP addresses are anonymized or truncated
No Personal Identification: We take steps so that recordings are not intended to identify specific individuals.

Opting Out:

You can opt out of session recording through:

Our cookie preference center
Browser privacy settings to block analytics cookies
Do Not Track or Global Privacy Control signals

23. Identity Verification for Privacy Rights Requests

To protect your personal information and prevent unauthorized access, we implement identity verification procedures for certain privacy rights requests.

When Identity Verification is Required:

Requests to access personal information
Requests to delete personal information
Requests to correct/rectify personal information
Requests for data portability
High-value or sensitive data requests

Verification Methods:

We may use one or more of the following verification methods:

Email Verification: Confirmation via email address on file
Account Credentials: Login to existing account (if applicable)
Personal Information Matching: Verification of data points we have on file
Government-Issued ID: For high-sensitivity requests or when other methods are insufficient
Professional Credentials: For healthcare professionals requesting professional data

Information We May Request:

Full name as it appears in our records
Email address associated with your inquiry or account
Approximate date range of interactions with Advita
Nature of your relationship with Advita (patient, healthcare professional, etc.)
Additional information necessary to locate your records

Verification Standards:

Reasonable Verification: Verification methods match the sensitivity of the request
Proportionate Response: More sensitive requests require stronger verification
Alternative Methods: Multiple verification options when possible
Accessibility: Accommodations for individuals with disabilities

Authorized Agents:

If you are using an authorized agent to submit privacy requests on your behalf:

Agent must provide written authorization signed by you
Agent must verify their own identity
We may require direct verification from you
Power of attorney documents accepted for legal representatives

Protection of Verification Data:

Verification information is used solely for identity confirmation
Verification data is securely stored and deleted after processing
We do not use verification information for marketing or other purposes

24. Changes to This Privacy Policy

Policy Updates and Notifications: We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors.

How We Notify You of Changes:

We will update the “Last Updated” date at the top of this Privacy Policy
For material changes affecting how personal information is collected, used, disclosed, or otherwise processed, we will provide appropriate notice when and where required
Material changes will be effective at the time of posting the updated policy
Where required by law, we may seek your prior consent to any material changes

Your Responsibility: We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Continued use of our services after policy updates constitutes acceptance of the revised policy, unless additional consent is required by law.

25. Contact Us

If you have any questions, comments, or concerns about this Privacy Policy or our data practices, or if you wish to exercise your privacy rights, please contact us using the information below.

Data Protection Officer

Our Legal Department serves as the primary contact for all data protection matters and can be reached at the contact information below.

Multiple Ways to Contact Us

For your convenience, you can contact us through multiple channels:

Email: privacy@advita.com
Phone: 1-800-392-2832
Mail: Advita Ortho
Attn: Data Privacy Director
2320 NW 66th Court
Gainesville, FL 32653
United States

Response Timeframes

We are committed to responding to your privacy inquiries promptly and will use reasonable efforts to respond as soon as possible:

General Inquiries: We aim to respond within 5 business days
GDPR Rights Requests: Within 1 month (may be extended to 3 months for complex requests)
CCPA Rights Requests: Within 45 days (may be extended to 90 days for complex requests)
Urgent Security Matters: As promptly as reasonably possible.

If We Don’t Respond: If we fail to respond to you within a reasonable period after receiving your written request, or if you are dissatisfied with our response, you may lodge a complaint with the data protection authorities in your home country.

Supervisory Authority Rights

If you are in the European Economic Area (EEA) or the UK, you may also have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA data protection authorities can be found at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

For UK residents, you can contact the Information Commissioner’s Office (ICO) at https://ico.org.uk/.

26. References and Additional Resources

For more information about privacy laws and regulations referenced in this Privacy Policy, you may find the following resources helpful:

General Data Protection Regulation (GDPR): https://gdpr-info.eu/
California Consumer Privacy Act (CCPA): https://oag.ca.gov/privacy/ccpa
California Privacy Rights Act (CPRA): https://cppa.ca.gov/
UK Data Protection Act 2018: https://www.legislation.gov.uk/ukpga/2018/12/contents/enacted
Information Commissioner’s Office (UK): https://ico.org.uk/
European Data Protection Board: https://edpb.europa.eu/
Network Advertising Initiative (NAI): https://www.networkadvertising.org/
Digital Advertising Alliance (DAA): https://digitaladvertisingalliance.org/
Global Privacy Control: https://globalprivacycontrol.org/

These resources are provided for informational purposes only and do not constitute legal advice. For specific questions about your privacy rights or our data practices, please contact us directly.