INFORMATION WE COLLECT AND HOW WE USE THAT INFORMATION

We may collect the following types of information about you:

• Contact and demographic Information , such as your name, address, telephone number, and e-mail address, age and gender (“Personal Identifiable Information” or “PII”).

• Technical Information, such as information about your device, equipment performance and Conifer Connect Platform usage. We may also automatically collect certain technical information relating to you, which your web browser automatically sends whenever you visit a website on the Internet, or which is collected when you use a mobile application (see “Online Activity Tracking” below for more information). For example, we use Google Analytics, a web analytics service provided by Google, Inc. (“Google”) to collect information relating to your use of the Conifer Connect Platform. Google Analytics uses “cookies”, which are text files placed on your device, to help us analyze how you use the Conifer Connect Platform. You can find out more about how Google uses data by visiting “How Google uses information from sites or apps that use our services”, located at https://policies.google.com/technologies/partner-sites.

• Health, insurance and financial Information ,such as information about your medical condition, medications you are taking, and health insurance information (“Protected Health Information” or “PHI”).

We collect information in three primary ways:

• You give it to us either directly or through a digital platform that you utilize;

• We collect it automatically when you visit the Conifer Connect Platform;

• We obtain it from other sources, such as your health plan, employer, doctor, or the digital health platforms on which we participate.

We may use the information we collect in a variety of ways, including to:

• Provide you with a better customer experience when you use the Conifer Connect Platform;

• Provide services to you, and to respond to your questions or concerns;

• Communicate with you regarding service updates, and offers related to the service options provided by us;

• Deliver customized content that may be of interest to you;

• Maintain the security of our products, services and systems;

• Protect our rights, property, and safety or the rights, property, and safety of others;

• Improve our level of service or develop new products or services;

• Provide notifications on the latest site features; and

• Comply with our legal obligations.

ONLINE ACTIVITY TRACKING
We collect information about your activity on the Conifer Connect Platform for a number of purposes using technologies such as cookies, flash cookies, web beacons, widgets and server log files. To limit the use of flash cookies from our Conifer Connect Platform, simply right-click on our website and adjust the Adobe Flash Player settings bar under “Local Storage” to your desired setting. Since cookies are now used as industry standard, most Web browsers automatically accept cookies, but you can usually change your browser to decline them. If you prefer not to enable cookies, you may choose to disable them; however, please note that certain features of our products and services will not be available to you once cookies are disabled. Some web browsers have a “Do Not Track” feature. This feature allows you to tell websites you visit that you do not want to have your online activity tracked over time and across websites. These features are not yet uniform across browsers. Our Conifer Connect Platform does not respond to web browser “Do No Track” signals.

We may use your internet protocol (IP) address and information about the site pages you visit to gather broad demographic information, as well as information about your interests and behaviors, to gain a better understanding of our customers and Users. For example, information may be used to analyze and improve our site design and functionality.

HOW WE SHARE INFORMATION

We do not sell your personal information to anyone for direct marketing purposes without your consent.

We may share your information with or receive your information from third parties for purposes such as:

• To provide services to you or us, such as maintenance services, database management, fulfillment, web analytics, and improvement of the features or functionality; or to assist us in analyzing how our products and services are being used. We share only the information necessary for service providers to perform their services, and we require them to protect any personal information they may receive from us;

• If you register for an account, we may be provided with 30 days of prior historical user PII and PHI such as blood glucose level, diet, and exercise history from third parties and may share that information back with those same third parties.

• To provide or facilitate the provision of services to you in collaboration with digital health platforms or providers;

• To comply with law, such as responding to court orders, requests by government agencies and law enforcement officials and other legal process;

• To protect our legal rights, such as to defend against legal claims, enforce our Terms of Use or other agreements, or to obtain payment for products or services;

• With your health plan or employer, or suppliers performing services on behalf of your health plan or employer, if our services are part of a program or benefit that they offer to you, or to your health care provider(s) as part of our products or services;

• To state and federal regulatory agencies, auditors, lawyers, or other professional advisors.

• To implement a transfer of business assets, such as in connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy.

Please note that if you use any bulletin board, chat room, comment posting feature, or other public communication service, forum, or feature offered through the Conifer Connect Platform, or post any information available for viewing by other Users, any of the information that you share will be visible to other Users. The information that you make available can be read, used, and collected by other Users to send you unsolicited messages outside of the Conifer Connect Platform. We are not responsible for the manner in which the information that you decide to share will be used by other Users.

ANONYMOUS & AGGREGATE INFORMATION
By accepting this privacy policy, you acknowledge that we may collect some information on an anonymous basis. We also may anonymize or de-identify the information we collect about you so that it can no longer be linked to you, and we may combine or aggregate this data, or engage service providers to do so on our behalf. We may use and share this data with third parties to perform data analytics and research, including to improve our products or services or develop new products or services

OUR ONLINE PRIVACY POLICY FOR CHILDREN
Our products and services are not designed to attract children under the age of 13. We do not knowingly collect personally identifying information from anyone under the age of 13. Any information about a child under the age of 13 must be provided by that child’s parent or legal guardian. If you are the parent or legal guardian of a child under the age of 13 and become aware that the child has provided personal information through the Conifer Connect Platform without your consent, please notify us promptly. If we become aware that a child under age 13 has provided us with personal information without parental/guardian consent, we will take steps to remove it.

SAFEGUARDING YOUR INFORMATION: OUR POLICY ON DATA PROTECTION AND SECURITY
We take reasonable steps to protect your personal information, which is any information that identifies you or could reasonably be linked to you. For example, a password is required to access your account and help to protect your account information. Please keep this password confidential. We also use encryption technology, called Secure Sockets Layer (SSL), to help protect personal information in certain areas of the Conifer Connect Platform during transport across the Internet. The presence of SSL encryption may be indicated by ‘https’ in the browser URL or the image of a closed lock or solid key in the browser window. These indications may not be present in mobile services that use SSL. Unfortunately, there is always some risk that an unauthorized third party may find a way around our security measures. We cannot guarantee that the Internet or any other technical system will be 100% secure or error-free. We are not responsible for the security of information you transmit over networks that we do not control, including the Internet and wireless networks. It is your responsibility to protect the security of your login information.

We maintain information about you in our business records while you are a customer or User, or until it is no longer needed for business, tax, or legal purposes. We have implemented encryption or other appropriate security controls to protect personal information when stored or transmitted by us. Your information may be collected and maintained on computers and servers located outside of your state, province, country, or other governmental jurisdiction, based upon your upload location, where the privacy laws may not be as protective as those in your jurisdiction. If you are located outside the United States and choose to provide information to us, we transfer personal information to the United States and process it there.

USE OF GOOGLE APIs
Where the Conifer Connect Platform uses and/or transfers information received from Google APIs to any other app, it will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

YOUR CHOICES
We believe that choice in how and when you are contacted is key to customer satisfaction, so we offer several ways for you to update your contact information, change your preferences, or opt out of receiving certain communications. If you are a current User, you may log in to your account to view your profile and access your account information. You may have the option to request changes to, or deletion of, certain account information. Below are some choices you may have:

• Users may opt-out of receiving certain types of emails by going to “My Preferences” in their account.

• You may unsubscribe to certain types of emails by following the unsubscribe instructions in the body of the e-mail message.

• You may unsubscribe to any text messages by following the unsubscribe instructions in any text message.

• You may call our Customer Care Team to update your contact information or to get assistance in unsubscribing from certain communications.

• You may write to us directly to: (a) update your contact information; or (b) request that we stop sending you certain communications via mail, text, or e-mail. Written requests should be sent to our Privacy Officer at: Welldoc, Inc. Attn: Privacy Officer, 10221 Wincopin Circle, Suite 150, Columbia, Maryland 21044.

We will try to implement your opt-out requests promptly, but you may still receive promotional information from us by email for up to 10 days and by mail for up to 60 days due to printing and mailing schedules. Please note that if you use the Conifer Connect Platform there are certain messages you may not opt out of receiving, such as non-promotional email messages about programs or services you have registered for or certain administrative, technical, or safety notices about the Conifer Connect Platform or our products or services.

EMAIL AND TEXT COMMUNICATIONS
We may communicate, electronically or via telephone, including by SMS (text) with you about our programs, products, services, offers or general health information. We may communicate with you via unencrypted methods, such as by text or unencrypted email. You acknowledge and accept that communications by text or email involve some risk of unauthorized disclosure or interception of the contents of these communications. As explained above in “Your Choices,” you may customize your preferences for some communications, including delivery options, and update your contact information, including telephone number and email address. It is your responsibility to provide us with true, accurate, and complete contact information, and to make any changes to that information promptly. You understand that failing to update your contact information may delay or prevent us providing you with communications that rely on that contact information.

THIRD PARTIES AND LINKS
In the event that you provide your information to any third party via the Conifer Connect Platform or any offer made available to you by us, you understand that we are not responsible for such third parties’ use or misuse of your information. You should review the privacy and information sharing practices of such third parties. Additionally, we may offer links to or from the Conifer Connect Platform to other sites, so that you can conveniently visit our vendors and advertisers or locate other content likely to be of interest. We are not responsible for the content, practices or policies of sites operated by third parties and urge you to inquire about them before providing any personally identifiable information.

CHANGES TO OUR PRIVACY POLICY
We may make changes to our Privacy Policy from time to time. When we do so, we will post the revised Privacy Policy on our Conifer Connect Platform and change the “Effective Date”. Please check the Effective Date at the bottom of this page to determine if the policy has been modified since you last reviewed it. Your continued use of the Conifer Connect Platform after that date means you agree to this Privacy Policy and any changes to it.

INFORMATION FOR CALIFORNIA RESIDENTS

Scope. This section applies only to California residents. It describes how we collect, use, and share Personal Information of California residents in our capacity as a “business” under the California Consumer Privacy Act (“CCPA”) and their rights with respect to that Personal Information. For purposes of this section, the term “Personal Information” has the meaning given in the CCPA but does not include information exempted from the scope of the CCPA, such as information subject to HIPAA or California’s Confidentiality of Medical Information Act.

Your California privacy rights. As a California resident, you have the rights listed below. However, these rights are not absolute, and in certain cases we may decline your request as permitted by law.

We do not sell your personal information as defined by the CCPA.

Right to information, access, and deletion. You may submit requests to exercise your right to information, access, or deletion by calling us toll free at 1-888-611-4794, or via email to privacy@welldocinc.com

We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it.

We will need to verify your identity to process your information, access and deletion requests and reserve the right to confirm your California residency. To verify your identity, we may require government identification, a declaration under penalty of perjury or other information. Your authorized agent may make a request on your behalf upon our verification of the agent’s identity and our receipt of a copy of a valid power of attorney given to your authorized agent pursuant to California Probate Code Sections 4000-4465. If you have not provided your agent with such a power of attorney, you must provide your agent with written and signed permission to exercise your CCPA rights on your behalf, provide the information we request to verify your identity, and provide us with confirmation that you have given the authorized agent permission to submit the request.

Personal information that we collect, use, and disclose. The chart below summarizes the Personal Information we collect by reference to the categories of Personal Information specified in the CCPA and describes our practices currently and during the 12 months preceding the effective date of this Privacy Policy. Information you voluntarily provide to us, such as in discussions with our Customer Care team, may contain other categories of personal information not described below.