Your privacy is important to us. This Notice explains how SmartHealth Diagnostics Company™, and its affiliates (“SmartHealth Diagnostics Company”, “we”, “our”) (1) collect information from or about you (“you” or “your”) when you visit the websites or use any applications, social media networks, interactive features, and other services that we link to this Notice (the “Platforms”), and (2) how we use, maintain, protect and disclose that information.

If you are using our Platforms in connection with our Health Insurance Portability and Accountability Act, as amended, (“HIPAA”) covered services, please refer to our Notice of Privacy Practices, which describes how we use and disclose your protected health information (“PHI”), our legal duties with respect to your PHI, and your rights with respect to your PHI and how you may exercise them. In connection with HIPAA covered services, in the event of conflict between this Notice and our HIPAA Notice of Privacy Practices, our HIPAA Notice of Privacy Practices shall govern.

Information We Collect

We may collect information about you, including non-personally identifiable information and/or “Personal Information,” which is information that may identify, relate to, describe, or be capable of being associated with or reasonably linked, directly or indirectly, with a particular identified or identifiable person or household.

Personal Information we might collect includes data such as the following:

We do not consider Personal Information to include information that can no longer be used to identify a specific natural person, whether in combination with other information or otherwise. For example, de-identified or aggregated consumer information.

Additionally, the following types of information are not considered Personal Information:

• Publicly available information from government records; or
• information excluded from the applicable data privacy law’s scope, including but not limited to PHI covered by HIPAA, information derived from PHI that is de-identified in accordance with HIPAA, and personal information we handle in our capacity as a service provider to a business.
• If we combine non-personally identifiable information with Personal Information, we will treat such information appropriately, but not all rights may apply to the non-personally identifiable information portion.

How We Use Personal Information That We Collect for Business or Commercial Purposes

We may use your Personal Information:

• To fulfill the purposes for which the information was provided (e.g., to provide a service or perform on a contract); to identify you in order to respond to requests, provide services or products, personalize information we provide to you, or otherwise as described below;
• to communicate with you about your account or our relationship, such as making announcements about the Platforms or our privacy policies and terms;
• to design, improve and administer our Platforms;
• to improve our products and services;
• to recruit and evaluate job applicants and candidates for employment and to conduct background checks;
• to engage in the ordinary course of employment (e.g., facilitate onboarding processes, manage compensation, provide benefits, review performance, etc.) and for other internal human resources purposes;
• to audit and measure user interaction with our Platforms, so we can improve the relevancy or effectiveness of our content and messaging;
• to develop and carry out marketing, advertising and analytics;
• to provide texts or emails containing information about our products or services, or events or news, that may be of interest to recipients, as permitted by law;
• to deliver content and products or services relevant to your interests, including targeted ads on third party sites;
• to detect security incidents or monitor for fraudulent or illegal activity;
• to enable security measures (such as, to protect our Platforms, customers, employees and business partners);
• debugging to identify and repair errors;
• to protect our rights and to protect your safety or the safety of others;
• to investigate fraud or respond to government inquiries;
• to complete corporate transactions (from time to time, we sell, buy, merge or otherwise reorganize our businesses, and these corporate restructurings may involve disclosure of Personal Information to prospective or actual purchasers, or the receipt of it from sellers);
• to comply with laws, regulations or other legal process; or
• otherwise use your Personal Information with your consent.

We may also use your Personal Information to:

• Provide you with the services and products you request or that have been ordered and/or requested by your healthcare provider;
• process or collect payments for our services; or
• otherwise provide support you request.

We may use Precise Location Data from your device in accordance with the device’s consent process on some of our Platforms to help us improve your user experience and provide information that is relevant to you, such as to our office or service locations.

How Long We Retain Your Personal Information

Smart Health Diagnostics Company retains your Personal Information only for as long as is necessary for our legitimate business purposes. We will retain and use your Personal Information to the extent necessary to comply with our legal, accounting, or reporting obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. Additionally, we may continue to store your Personal Information contained in our standard back-ups. This applies to all categories of Personal Information in use by us.

Selling Personal Information or Disclosing of Personal Information for Targeted Advertising

We do not sell Personal Information. We may disclose the following categories of Personal Information to the categories of third parties listed below for the purpose of targeted or cross-context advertising (under California law, this is called “Sharing”):

Keeping Your Information Secure

Smart Health Diagnostics Company, has adopted physical, technical, and administrative measures that are designed to prevent unauthorized access or disclosure, maintain data accuracy, and ensure appropriate use of Personal Information. We cannot, however, ensure, guaranty, or warrant the security of information. No security measures are infallible, and new threats are constantly developing and emerging.

How can you help protect your information?

If you are using a Smart Health Diagnostics Company Platform for which you registered and chose a password, you should not divulge your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, remember to sign out of the Smart Health Diagnostics Company. Platform and close your browser window when you have finished your work.

Please note that unencrypted email is not a secure method of transmission, as information in such emails may be accessed and viewed by others while in transit to us. For this reason, we prefer that you not communicate confidential or sensitive information to us via regular unencrypted email. We will, however, honor patient requests for communications through unencrypted email.

Links to Other Sites

Our Platforms may be accessed from or contain links to other websites that we do not own or operate. If you access those links, you will leave our Platforms. Smart Health Diagnostics Company, does not control those third-party websites or their privacy practices, which may differ from ours. We do not endorse or make any representations about third-party sites, including about the content or security of those sites. The information you choose to provide to or that is collected by these third parties is not covered by this Notice.

Children’s Privacy

We do not knowingly collect information from children (as defined by COPPA) and we do not target our Platforms to children. If we learn that we have collected any information from children, we will delete it. For more information about the Children’s Online Privacy Protection Act (“COPPA”), which applies to websites that direct their services to children under the age of thirteen (13), please visit the Federal Trade Commission’s website: https://www.ftc.gov/business-guidance/resources/complying-coppa-frequently-asked-questions

Additional Rights of Individuals in Certain Jurisdictions

Depending on where you live, you may have certain rights with respect to Personal Information that we have collected and used under certain circumstances, which may include the following:

1. The Right to Know about Personal Information collected, disclosed, or sold.

Residents of certain U.S. states have the right to request that Smart Health Diagnostics Company disclose what Personal Information it collects, uses, discloses, and sells. This is called the “Right to Know”. Under the Right to Know, you can request  a listing of the categories of Personal Information we have collected about you, the categories of sources from which that information is collected, how we use the information (e.g., our business or commercial purposes for collecting Personal Information), categories of other individuals and business with whom we share Personal Information, and the specific pieces of Personal Information that we have collected about you. For further details about this information, please visit the Information “We Collect” section above.

If you are a resident of a state that confers this right and would like to request to access your information, you may visit your state’s section below.

When you make a request under your Right to Know, you can expect the following:

• We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, so that we can verify that you are who you say you are. Which information may depend on the type and sensitivity of information requested.
• We will confirm receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
• We will respond to your request within 45 days. If necessary, we may need additional time to respond, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
• In certain cases, a Request to Know may be denied. For example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.

2. The Right to Access and Receive your Specific Personal Information.

Residents of certain U.S. states have the right to request that Smart Health Diagnostics Company provide a portable copy of the Personal Information it collects, uses, discloses, and sells. You can request a listing of the types of Personal Information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share Personal Information, and the specific pieces of Personal Information that we have collected about you. For further details about this information, please visit the Information “We Collect” section above.

If you are a resident of a state that confers this right and would like to request a portable copy of your information, you may visit your state’s section below.

When you request a portable copy of your information, you can expect the following:

• We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, so that we can verify that you are who you say you are. Which information may depend on the type and sensitivity of information requested.
• We will confirm receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
• We will respond to your request within 45 days. If necessary, we may need additional time to respond, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
• In certain cases, a Request to Access may be denied. For example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.

3. The Right to Correct Personal Information.

Residents of certain U.S. states have the right to request that Smart Health Diagnostics Company correct the Personal Information it collects, uses, discloses, and sells. This is called the “Right to Correct”. Under the Right to Correct, you can request a correction of any inaccurate Personal Information, and Smart Health Diagnostics Company will use commercially reasonable efforts to correct this information.

If you are a resident of a state that confers this right and would like to request to correct your information, you may visit your state’s section below.

When you make a request under your Right to Correct, you can expect the following:

• We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, so that we can verify that you are who you say you are. Which information may depend on the type and sensitivity of information requested.
• We will confirm receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
• We will respond to your request within 45 days. If necessary, we may need additional time to respond, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
• In certain cases, a Request to Correct may be denied. For example, if we cannot verify your identity or if providing you the information could create an unreasonable risk to someone’s security (for example, we do not want very sensitive information disclosed inappropriately). If we deny your request, we will explain why we denied it. If we deny a request, we will still try to provide you as much of the information as we can, but we will withhold the information subject to denial.

4. The Right to Request Deletion of Personal Information about You.

Residents of certain U.S. states have a right to request the deletion of their Personal Information collected or maintained by Smart Health Diagnostics Company. If you are a resident of a state that confers this right and would like to request to delete your information, you may visit your state’s section below.

When you make a request for deletion, you can expect the following:

• We will verify your identity. You will need to provide us with certain information such as your name, email address, physical address, or other information, as relevant, in order for us to verify that you are who you say you are. Which information may depend on the type and sensitivity of information that you would like to have deleted.
• We will confirm receipt of your request within 10 days. If you have not received a response within a few days after that, please let us know by contacting us at the webpage or phone number listed below.
• We will respond to your request within 45 days. If necessary, we may need an additional period of time, up to another 45 days, but we will reply either way within the first 45-day period and, if we need an extension, we will explain why.
• In certain cases, a request for deletion may be denied, for example, if we cannot verify your identity; the law requires that we maintain the information (e.g., to comply with federal and state medical record retention requirements); or, if we need the information for internal purposes such as to continue to provide you services. If we deny your request, we will explain why we denied it, and delete any other information that is not protected from deletion.

5. The Right to Opt-Out of the Sale or Cross-Context Behavioral Advertising of Personal Information

This Section of the Notice also serves as a Notice to residents of the State of California and the Commonwealth of Virginia of their right to opt-out of the sale of Personal Information and of the use of Personal Information for certain types of advertising.

Residents of California have a right to direct businesses not to sell or share their Personal Information if the businesses otherwise would. Virginia residents have the right to direct businesses not to process their personal data for purposes of (i) targeted advertising, (ii) sale, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Under California and Virginia, this is known as the “right to opt out.” We do not sell your Personal Information. However, when you visit our websites, we may share information about your use of our website with our advertising and analytics partners. You can opt out of sharing or using your Personal Information for the purposes of targeted advertising, by interacting with the cookie banner that may appear at the bottom of Smart Health Diagnostics Company websites the first time you come to the website. You can also opt back into these cookies through the same link.

For more information about your right to opt-out, please see your state’s section below.

6. The Right to Limit the Use or Disclosure of Sensitive Personal Information

Residents of certain U.S. states have a right to limit the use or disclosure of sensitive Personal Information, including one’s precise geolocation and health-related information, by Smart Health Diagnostics Company. For more information about your right to limit the use or disclosure of sensitive Personal Information, please see your state’s section below.

7. The Right to Appeal a Business or Controller’s Refusal to Take Action

Residents of certain US states have a right to appeal if the consumer’s privacy rights-related request is denied in whole or in part. For more information about your right to appeal, please see your state’s section below.

8. The Right to Non-Discrimination for the Exercise of a Consumer’s Privacy Rights

You have a right not to receive discriminatory treatment by Smart Health Diagnostics Company for exercising any of your privacy rights conferred by your state’s consumer privacy laws. Smart Health Diagnostics Company will not discriminate against any consumer because such person exercised any of the consumer’s rights under these privacy laws, including, but not limited to:

• Denying goods or services;
• charging different prices or rates for goods and services, including through the use of discounts or other benefits or imposing penalties;
• providing a different level or quality of goods or services; or
• suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
• Smart Health Diagnostics Company may, however, charge a different price or rate, or provide a different level or quality of goods or services, if that difference is related to the value provided to you by your data.

9. Authorized Agents

Certain state residents may designate an authorized agent to make a request on your behalf. We will deny requests from agents that do not submit proof of authorization from you. To verify that an authorized agent has authority to act for you, we may require a copy of a power of attorney or require that you provide the authorized agent with written permission and verify your own identity with us.

ADDITIONAL STATE SPECIFIC POLICIES

California Resident’s Privacy Rights

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

The California Consumer Privacy Act (CCPA), which has been amended by the California Privacy Rights Act (CPRA), is a law intended to enhance privacy rights and consumer protection for residents of the state of California. The CCPA and CPRA apply to certain business entities that do business in California. For further details on the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you, please visit the Information “We Collect” section above.

The following rights apply to all California residents (but not including legal entities, such as companies):

If you are a California resident, you have certain rights regarding your personal information that is covered under the CCPA. Please review each of the rights below, and the section that follows for more information applicable to these rights.

• The right to know.
• The right to receive (“access”) a copy of your personal information.
• The right to correct.
• The right to request deletion of your personal information.
• The right to opt out of certain disclosures (“sharing”) of your personal information (for more information about your right to opt-out, please see our Right to Opt-Out Section above).
• The right to limit the use or disclosure of your sensitive personal information. We collect sensitive personal information either (i) when we collect your IP address when you visit a website related to your health information or (ii) if you are an employee or contractor of Smart Health Diagnostics Company. You can limit the use of disclosure of your sensitive personal information as set forth in subsection (i) by interacting with the cookie banner that may appear at the bottom of Smart Health Diagnostics Company websites the first time you come to the website. You can also opt back into these cookies through the same link. With regard to subsection (ii), we do not use your sensitive personal information for any purpose that is subject to limitation. In addition, we may collect sensitive personal information as part of protected health information. Please note that such sensitive personal information is subject to our HIPAA Notice of Privacy Practices and not subject to the CPRA. For more information on how we use and disclose your protected health information, please visit our Notice of Privacy Practices.

These rights will not apply, however, if Smart Health Diagnostics Company does not collect any personal information about you or if all of the information we collect is exempt from the statute (for example, the CCPA and CPRA do not protect information that is already protected by certain other privacy laws such as HIPAA and do not protect information that is already publicly available).

Request under CPRA

To make a request under the CPRA visit https://www.calbar.ca.gov/portals/0/documents/communications/2016_PRAform.pdf. You may also call us at (866) 299-8998.

“Shine the Light” Law

Under California Civil Code Section 1798.83, California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, information about the Personal Information we shared, if any, with other businesses for their own direct marketing uses during the prior year.

Virginia Resident’s Privacy Rights

Virginia Consumer Data Protection Act (VCDPA)

The Virginia Consumer Data Protection Act (VCDPA) is a law intended to enhance privacy rights and consumer protection for residents of the state of Virginia. The VCDPA applies to certain business entities that do business in Virginia. For further details on the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you, please visit the Information “We Collect” section.

The following rights apply to all Virginia residents (but not including legal entities, such as companies):

• The right to know.
• The right to receive (“access”) a copy of your personalinformation.
• The right to correct.
• The right to request deletion of your personal information.
• The right to opt out of certain disclosures of your personal information (for more information about your right to opt-out, please see our Right to Opt-Out Section above)
• The right to appeal a Controller’s refusal to take action regarding a privacy rights request.
• These rights will not apply, however, if Smart Health Diagnostics Company does not collect any personal information about you or if all of the information we collect is exempt from the statute (for example, the VCDPA does not protect information that is already protected by certain other privacy laws such as HIPAA and does not protect information that is already publicly available).

Requests under VCDPA

To make a request under the VCDPA you may visit our online request form.
You may also call us at (866) 299-8998. To exercise your right to appeal, you may email us at info@smarthealthdx.com and include the Request ID from your previous request.

Colorado Resident’s Privacy Rights

Colorado Privacy Act (CPA)

The Colorado Privacy Act (CPA) is a law intended to enhance privacy rights and consumer protection for residents of the state of Colorado. For further details on the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you, please visit the Information “We Collect” section.

The following rights apply to all Colorado residents (but not including legal entities, such as companies):

• The right to know.
• The right to receive (“access”) a copy of your personal information.
• The right to correct.
• The right to request deletion of your personal information.
• The right to opt out of sales or certain disclosures of your personal information
  (for more information about your right to opt-out, please see our Right to Opt-Out Section above).
• The right to appeal a Controller’s refusal to take action regarding a privacy rights request.
• These rights will not apply, however, if Smart Health Diagnostics Company does not collect any personal information about you or if all of the information we collect is exempt from the statute (for example, the CPA does not protect information that is already protected by certain other privacy laws such as HIPAA and does not protect information that is already publicly available).

Requests under CPA

To make a request under the CPA you may visit our online request form.
You may also call us at (866) 299-8998. To exercise your right to appeal, you may email us at info@smarthealthdx.com and include the Request ID from your previous request.

Connecticut Resident’s Privacy Rights

Connecticut Data Privacy Act (CTDPA)

The Connecticut Data Privacy Act (CTDPA) is a law intended to enhance privacy rights and consumer protection for residents of the state of Connecticut. The CTDPA applies to certain business entities that do business in Connecticut. For further details on the types of personal information we have collected about you, the sources of that information, how we use the information (e.g., our business or commercial purposes for collecting or selling personal information), other individuals and business with whom we share personal information, and the specific pieces of personal information that we have collected about you, please visit the Information “We Collect”.

The following rights apply to all Connecticut residents (but not including legal entities, such as companies):

• The right to know.
• The right to receive (“access”) a copy of your personal information.
• The right to correct.
• The right to request deletion of your personal information.
• The right to opt out of sales or certain disclosures of your personal information
  (for more information about your right to opt-out, please see our Right to Opt-Out Section above).
• The right to appeal a Controller’s refusal to take action regarding a privacy
  rights request.

These rights will not apply, however, if Smart Health Diagnostics Company does not collect any personal information about you or if all of the information we collect is exempt from the statute (for example, the CTDPA does not protect information that is already protected by certain other privacy laws such as HIPAA and does not protect information that is already publicly available).

Requests under CTDPA

To make a request under the CTDPA you may visit our online request form. You may also call us at (866) 299-8998. To exercise your right to appeal, you may email us at info@smarthealthdx.com and include the Request ID from your previous request.

ADDITIONAL DISCLOSURES

Do Not Track

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers.  Please note that we do not respond to or honor DNT signals transmitted by web browsers.

Worldwide Transfer of Your Personal Information

Your personal information may be transferred to, stored, and processed in a country other than the one in which it was provided, including transfers to the US (i.e., a ‘Recipient’ country). Smart Health Diagnostics Company will use mechanisms for any such transfer as required under applicable law. If You have Smart Health Diagnostics Company questions concerning the transfer of your personal information, please contact us using the contact details set out below.

Non-Discrimination Notice and Language Assistance Services

Please refer to our Non-Discrimination Notice which includes language assistance services.

Updates To This Privacy Notice

From time to time, we may change this Privacy Notice. If we make changes, we will revise the “Last Updated” date at the bottom of this Notice. We encourage you to review this Notice periodically to be sure you are aware of these changes. Changes will become effective as of the “Last Updated” date.

Contact Us

Should you have any Smart Health Diagnostics Company questions about this Notice or our privacy practices more generally, please email us at info@smarthealthdx.com or write to us at: