CHOOSE HEALTH

PRIVACY AND COOKIE POLICY

Last Updated: February 25, 2019


At Choose Health we take our responsibility for protecting your privacy seriously. This policy describes what information we collect and use when you use our website, ChooseHealth.io (our “Website”), Mobile Application, and Choose Health Products and Services (collectively, “Choose Health Services”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Also, please note, Section 9 of this Policy contains our Notice of Privacy Practices made under HIPAA/HITECH laws and regulations. It describes how Choose Health may use and disclose the medical information that you provide to us and how you can get access to this information. Please review it carefully. Click here for Choose Health’s Notice of Privacy Practices



1. Information We Collect

The information we collect depends on what features of our Website, Mobile Application, or Choose Health Services you use and how you use them. We collect some information from you when you provide it to us directly or to our Accredited Laboratories and other service providers, including personal information—that is, information that can be used to uniquely identify or contact you, such as your name, address, phone number, e-mail address, response to specific questions, and certain health information.

We only offer our Choose Health Services to users who are 18 years of age or older. We do not collect or maintain information from people we actually know are under 18 years old. If we obtain actual knowledge that a user is under 18 years old, we will use our best efforts to remove that person’s information from our database. If you are not 18 years of age or older, you must not access or use our Website, Mobile Application or Choose Health Services. We do not knowingly disclose personal information about children under 18 years of age to independent third parties even with consent.

A. Information You Give Us Directly

We collect information you provide us, including:

Email address, shipping address, and telephone number; Registration information, including account name and password; Security questions and answers;Details you provide in response to surveys about our Choose Health Services;Information you provide when seeking help from us such as your name, telephone number and records of the issues you experience;Billing information, such as your name, payment card number and payment account details; andCertain health information, defined as “Protected Health Information” under HIPAA/HITECH laws and regulations (See Section 9, Notice of Privacy Practices).

In addition, we may offer community features on our Website or Mobile Application. For example, you may have the opportunity to review our Services or share your experiences with other community member in our blogs or similar forums. If you participate in these or similar features, the information that you disclose may become publicly available and can be read, copied, collected or used by other users.



B. Other Information We Collect When You Use Our Website

We collect other information automatically when you use our Website or Mobile Application, including:

IP address;Mobile and other hardware or device identifiers;Browser information, including your browser type and the language you prefer;Referring and exit pages, including landing pages and pages viewed;Details about what Choose Health Services you browse and purchase as well as details about what Website features you utilize;



C. Cookies and Similar Technologies

We also may collect and store information locally on your device, using mechanisms like cookies and similar technologies.

Cookies are small text files stored on your Internet browser. We use cookies and similar technologies to help us understand things like what web pages, features or ads you view and what Choose Health Services you order. This information helps us keep track of your orders, measure the effectiveness of our advertising, make sure you don't see the same ad repeatedly and otherwise help enhance your user experience.

You can disable cookies, limit the types of cookies you allow, or set your browser to alert you when cookies are being sent. Please refer to guidance provided by your individual web browser if you'd like help in managing your cookie preferences.



D. Information Provided To Us By Third Parties

When you use third party services in connection with our Website or Mobile Application, like social platforms, we may receive information from these third parties.

We also may receive information from third parties to supplement the information we receive from you. We use information from these companies primarily to help us deliver relevant advertising to you. We also may use information from third parties, for instance, to help us understand your approximate geolocation via your IP address for tax purposes, or to customize certain services to your location, and for fraud and/or abuse prevention purposes.

We may also receive information about you when other Choose Health consumers choose to refer a friend or contact with us.



2. How We Use Your Information

We use your personal and non-personal information, both individually and combined together, in the following ways:

To operate our business and to enhance and personalize your experience including to:

Operate, protect, improve, personalize, customize, and develop our Choose Health Services, Website, and Mobile Application;Provide you with the information and Choose Health Services that you request from us;Maintain your account, payment information, your secure health portal, and to provide notices about your account and portal, including expiration and renewal notices;Bill you for the Choose Health Services you purchase from us;Enable you to refer Choose Health Services;Facilitate communication and sharing on our Website and Mobile Application;Serve and measure the effectiveness of advertising;Set up and maintain the contact and shipping information you provide us;Set up loyalty, discount and rebate programs;Identify, fix, and troubleshoot bugs and service errors;Adhere to your preferences and to deliver dynamic content;Resolve disputes, investigate and help curb fraud, spam, abuse, security incidents, illegal behavior, and other harmful activity; andComply with the law, and to enforce our agreements and policies, including our Terms of Service and this Privacy and Cookie Policy.

To provide you support, including to:

Help identify and troubleshoot problems with your order or use of our Website or Mobile Application;Survey your opinions through surveys or questionnaires;Communicate with you and respond to your specific requests or questions; andManage and send you confirmations and important information about your account, portal, orders, purchases, returns or cancellations, rewards, and Choose Health Services.

To personalize our communications with you, including to:

Present offers and/or information relating to Choose Health Services you might like;Make recommendations to you; andPersonalize advertising for you and deliver targeted marketing, service updates and promotional offers.



3. Legal Basis for Processing

We rely on a number of legal grounds to process information about you. For example, we will process information about you where we have your consent, where we have a legitimate interest to do so, where the processing is necessary for the performance of a contract with you, and where we have a legal obligation to process your information. For example, we rely on our legitimate interests to serve targeted marketing and on contractual necessity to process information when you order an Choose Health Service on our Website or Mobile Application. To learn more about the legal grounds on which we rely to process your information for any particular purpose, please contact us via the options in Section 12 below.



4. Information We Share with Third Parties

With your Consent: For starters, we never sell your personal information or protected health information. Where you have instructed us and have provided consent, we share your information, including personal information, as described at the time of consent, such as when you authorize a third party application or website to access your order information or when you participate in promotional activities conducted by Choose Health or its partners.

Service Providers: We employ third parties, such as payment processors, Accredited Labs, and physician networks, located in and outside of your country of residence (including outside of the European Economic Area (EEA) to collect or process personal information on our behalf for various reasons, such as providing our services, operating our Website and Mobile Application, conducting market surveys, facilitating credit card processing, or sending emails. When our third party agents or service providers collect or receive personal information, we require that they use the data only on our behalf and for purposes consistent with this policy.

Compliance, Preventing Harm, and Protecting Our Rights: We do not share personal information that directly identifies you (such as your name, e-mail or postal address) with third parties for their own use without your consent, unless it is either required by law or we determine that disclosure is reasonably necessary to enforce our rights, comply with our legal obligations, or to protect our consumers or third parties.

Merger or Acquisition: In the event of a reorganization, divestiture, merger, sale or bankruptcy, we may transfer all information we collect to the relevant third party and will obtain your consent to do so if required by law.

Third Party Integration: When third party technologies or social tools are integrated into our Choose Health Services, those third parties may collect information when you use our Services. In addition, we may pass aggregate information on the usage of our Site to third parties, but this will not include information that can be used to identify you.

Aggregate Data: We may also share anonymous or aggregated information (information about our users that we combine together so that it no longer identifies or references an individual user) and other anonymized information for regulatory compliance, industry and market analysis, demographic profiling, marketing and advertising, and other business purposes.



5. Operating Globally

Personal information we collect may be stored and processed for the purposes set out in this Privacy and Cookie Policy in the United States or any other country in which Choose Health, its subsidiaries, or third party agents operate. In all cases, we will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this privacy policy by imposing on any such supplier obligations of security and confidentiality. By using our Website, Mobile Application, or Choose Health Service you agree to this transfer, storing or processing.



6. Security

The security of your information is a priority at Choose Health, and we take a range of measures to help protect it, including encryption of sensitive financial information and health information. Choose Health keeps all personal data and information on secure cloud servers and only a small group of our employees or agents, like our Accredited Labs, can access information that can be used to identify you. These are people who need that information to complete the testing, analysis, and reporting. We will not include any information in any publications that would make it possible to identify you. All Choose Health employees, agents, and others who might have access to your private information must sign confidentiality agreements that mandate them to keep that information private. Even so, no security measure is 100% perfect. This means we cannot guarantee the security of your information and do not assume any responsibility for the unauthorized use or access to your information under our control.



7. Your Choices and Controls

We give you meaningful choices when it comes to important uses and collection of information. For example, you can update your order information and preferences, choose to opt in or out of Choose Health marketing emails and choose whether to share your information with select Choose Health partners.

If you would like to opt out at any time after providing your consent, contact [email protected]

Note that Choose Health may retain information needed to complete our contractual obligations to you, resolve disputes, enforce our user agreements, protect our legal rights, and comply with technical and legal requirements and constraints related to the security, integrity and operation of our Website, Mobile Application or Choose Health Services. Otherwise, we will retain your personal information for as long as reasonably necessary to provide you services, create and improve our Choose Health Services, comply with the law, and to run our business.

You can access the personal information we hold about you. To request access, please contact [email protected] Before we process any request, we may ask you for certain personal information in order to verify your identity and protect your privacy.

You may have additional rights under Section 9 of this policy related to Protected Health Information, please review it carefully. In addition, you may have certain rights under local law, including the right to request erasure or portability of personal information and the right to object to or restrict processing of information. Where applicable, you can exercise these rights by contacting [email protected]

You also may adjust your browser settings to block certain online tracking, such as cookies, as further described in Section 1.



8. Third Party Services

Our Website may include advertising or third party services. If you click on those links, including an advertisement, you will leave the Choose Health Website and go to the site you selected. If you visit a third party website or use a third party service, you should consult that site's or service's privacy policy.

We do not control information sent from your browser to third parties, such as advertising networks and analytics companies that receive information in the normal course of your Internet activity.



9. Choose Health Notice of Privacy Practices related to Protected Health Information

This Notice of Privacy Practices describes how Choose Health may use and disclose your medical information and how you can get access to this information. Please review it carefully. Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), Choose Health is required by law to maintain the privacy of health information that identifies you, called protected health information (“health information”), and to provide you with notice of our legal duties and privacy practices regarding your information. Choose Health is committed to the protection of your health information and will make best efforts to ensure the confidentiality of your health information, as required by statute and regulation. We take this commitment seriously and will work with you to comply with your right to receive certain health information under HIPAA.

Your Rights

When it comes to your health information, you have the right to:

Get an electronic or paper copy of your medical recordYou can ask to see or get an electronic or paper copy of the health information we have about you. Ask Customer Support how to do this.Ask us to correct your medical recordYou can ask us to correct health information about you that you think is incorrect or incomplete. Ask Customer Support how to do this.We will investigate any queries and refer back to our Accredited Lab partners and give a response within 60 days.Request confidential communicationsYou can ask us to contact you in a specific way (for example, home or office phone) or to send to a different address.We will say “yes” to all reasonable requests.Ask us to limit what we use or shareYou can ask us not to use or share certain health information that we use to provide you the Choose Health Services. We are not required to agree to your request, and we may say “no” if it would affect your care.Get a list of those with whom we’ve shared informationYou can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.We will include all the disclosures except for those about payment, operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.Get a copy of this privacy notice

This privacy notice is available to be viewed and printed from our Website. However, you can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly. Choose someone to act for you If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we share your health information.

File a complaint if you feel your rights are violatedYou can complain if you feel we have violated your rights by contacting Customer Support by email at [email protected] can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/.We will not retaliate against you for filing a complaint.

Your Choices

You have both the right and choice to tell us to share health information with your family, health care providers, or others involved in your care.

Our Uses and Disclosures

For starters, we never sell your health information nor do we share it for marketing purposes. We typically use or share your health information in the following ways:

Provide our Services

We can use or disclose your health information for providing our Choose Health Services. These uses and disclosures are necessary, for example, to obtain your laboratory test results, evaluate the quality of our laboratory testing partners, accuracy of results, accreditation functions and for Choose Health’s operation and management purposes. To do so, Choose Health will disclose your health information to its service providers. For example, Choose Health partners with specific labs to run the laboratory tests you request and obtain the results of those laboratory tests. All such service providers are required to maintain the privacy and confidentiality of your health information. Upon your request, Choose Health may disclose your health information to your health care providers or health insurance providers. For example, Choose Health may provide your health information to coordinate health care or health care benefits.

How else can we use or share your health information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. Here are ways we may be required to share your information:

Help with public health and safety issues

We can share health information about you for certain situations such as:Disclosures to public health authority to report, prevent or control diseaseHelping with product recallsDetecting and reporting adverse events or problems with a testPreventing or reducing a serious threat to anyone’s health or safety

De-identified Information and Limited Data Sets

We may use and disclose health information that has been “de-identified” by removing certain identifiers, making it unlikely that you could be identified. Choose Health may also disclose limited health (“limited data set”). The limited data set does not contain any information that can directly identify you. For example, a limited data set may include your city, county and zip code, but not your name or street address.

Address government requests

We may disclose your health information to government agencies, as authorized by applicable laws, to comply with governmental requests authorized by law

Respond to lawsuits and legal actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Comply with special laws

There are special laws that protect some types of health information, such as treatment for substance use disorders, STDs, and HIV/AIDS testing and treatment. We will obey these laws when they are stricter than this notice.

Our Responsibilities

We are required by law to maintain the privacy and security of your protected health information.We will let you know without unreasonable delay (and no later than 60 days after discovery) if a breach occurs that may have compromised the privacy or security of your information. Such notification will include information about what happened and what can be done to mitigate any harm.We must follow the duties and privacy practices described in this notice and give you a copy of it.We will not use or share your information other than as described here unless you provide us consent or tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.



11. Changes to our Policy

We may update this policy from time to time, so please review it frequently. We'll notify you of material changes via a notice on our home page (www.ChooseHealth.io) thirty days before they go into effect. If we are required by applicable data protection laws to give you enhanced notice or seek your consent to any such changes, we will do so. You can see when this policy was last updated by checking the "last updated" date displayed at the top of this policy.

12. Contacting Us

If you have a complaint or question about this policy, please send an email to [email protected] The controller of the personal information processed under this policy is Choose Health, LLC., [email protected]

13. Right to Contact a Data Protection Authority

If you have a concern about how we collect and use information, please contact us. You also have the right to contact your local Data Protection Authority if you prefer. Contact details for Data Protection Authorities in the EU are available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.