Paradigm Health, Inc.
Privacy Notice

Paradigm Health, Inc. (“Paradigm Health”, “we”, us” or “our”) is committed to protecting the privacy and security of your personal information and/or personal data (“Personal Information”). This Paradigm Health Privacy Notice (“Privacy Notice”) describes the types of Personal Information and other information we collect from and about you when you interact with us or use our websites, web portals, or other services (collectively, the “Services”) and how we use and share your information.

This Privacy Notice is directed to:

• Visitors and users of Paradigm Health’s Services (excluding participants in a clinical trial or other research);
• Individuals who are our business partners, clients, consultants, contractors, service providers and vendors; and
• Any other persons who communicate with us, who provide us with Personal Information and/or whose Personal Information we receive.

As you read this Privacy Notice, please consider the following important information:

1. This Privacy Notice contains specific sections that may or may not be applicable to you because of where you are located or the type of Personal Information we collect and maintain about you.

2. This Privacy Notice may be complemented or supplanted by other privacy notices or privacy policies that tell you how your Personal Information is used and disclosed in certain other contexts. To the extent that those notices or policies are provided, posted and/or referenced, those different privacy notices or policies, and not this one, will apply to the processing of your Personal Information.

3. Our Services may contain links to third-party websites that we do not operate, control, or endorse. Once you leave our Services, we are not responsible for the protection and privacy of any information you provide. We recommend that you read the privacy notices or policies of these third-party websites, and if needed, contact the third parties directly for information about their privacy practices.

Information We Collect

The types of information that we may collect and receive from you while you use the Services are described in this section and include both information that you provide to us, information that we collect automatically when you use the Services, and information that we collect from third party sources.

Personal Information: Personal Information is information from which an individual may be identified directly or indirectly. Personal information may include information such as your name, postal address, telephone number, email address, date of birth, device and browsing information, such as your IP address, and health, financial and professional information.

We may collect Personal Information that you provide to us through our Services. For example, you may provide your Personal Information to us: by using Paradigm Health’s Services; through your completing forms or setting up accounts on one of our websites or web portals; through an enrollment form to register for one of our programs or services; through your requests to receive marketing materials and information about our products or services; by contacting Paradigm Health; by contracting with Paradigm Health; or by responding to Paradigm Health’s questionnaires or surveys.

Cookies and other similar technologies: When you use our Services, we may also collect information relating to your usage or visits to our websites and your devices. This information is generally collected using server log files, cookies, “pixel tags,” and tools, such as, Google Analytics.

Our websites automatically collect the following information through cookies and other data collection technologies:

• IP address
• device type
• browser type
• language
• browsing history, and
• information about your interaction with our websites and their services

This information is necessary for the proper functioning of our websites and their services, as well as our internal business analytics purposes, such as audience measurement.

Server Log Files: Your Internet Protocol (IP) address is an identifying number that is automatically assigned to your computer by your Internet Service Provider (ISP). This number is identified and logged automatically in our server log files whenever you visit our websites, along with the time(s) of your visit(s) and the page(s) that you visited. We use the IP addresses of all visitors to our websites to calculate our websites’ usage levels, to help diagnose problems with website servers, and to administer the websites. We may also use IP addresses to communicate with or block access by visitors who fail to comply with our terms and conditions for use of our Services. Collecting IP addresses is standard practice on the Internet and is carried out automatically by many websites. However, Paradigm Health does not combine traffic data with user accounts.

Cookies: Cookies are data that a web server transfers to an individual’s computer for record-keeping purposes. Cookies are an industry standard used by most websites and help facilitate users’ ongoing access to and use of a particular website. Cookies do not cause damage to your computer systems or files, and only the website that transferred a particular cookie to you can read, modify, or delete such cookie. If you do not want information collected using cookies, there are simple procedures in most browsers that allow you to delete existing cookies, to automatically decline cookies, or to be given the choice of declining or accepting the transfer of cookies to your computer. You can set your browser to refuse cookies, but some portions of our websites may not work properly if you refuse cookies. A session cookie is one that exists for the time-period that your browser is open. A persistent cookie is one that is saved on your device/computer even after the browser is closed. Like many websites, we may use both session cookies and persistent cookies. To find out how to see what cookies have been set and how to reject and delete cookies, please visit https://www.aboutcookies.org.

We may use the following types of cookies on our websites:

• Necessary Cookies - enable the proper functioning of the websites (security, facilitate browsing, display of the webpage). You may disable Necessary Cookies by changing your browser settings as described below. If you do so, you will still be able to navigate the websites, but some of the websites’ functions may be affected;
• Analytics Cookies - are used to collect information about how visitors use our websites and to improve the websites by collecting information on how you interact with the websites;
  • The cookies collect information in a way that does not directly identify anyone, rather they collect information in an aggregated or generalized statistical form, including the number of visitors to the website and where visitors have come to the website from and the pages they visited.
  • One of the analytic cookies we use is Google Analytics. Google's overview of privacy practices and data safeguards is available at: https://support.google.com/analytics/answer/6004245. To opt out of being tracked by Google Analytics across all websites, visit https://tools.google.com/dlpage/gaoptout.
• Social Media Cookies - enable you to interact with social plugins on the websites and share content on social networks; and
• Advertising Cookies - enable the placement of advertisements, to measure their effectiveness and to adapt their content to your browsing and your profile.

Pixel Tags: Our websites may use so-called “pixel tags”, “web beacons”, “clear GIFs” or similar means (collectively, “pixel tags”) to compile aggregate statistics about website usage and response rates. Pixel tags allow us to count users who have visited certain pages on our websites, to deliver branded services, and to help determine the effectiveness of promotional or advertising campaigns. When used in HTML-formatted email messages, Pixel Tags can tell the sender whether and when the email has been opened.

Hubspot Analytics: We may use the web traffic analytics tool, a web analysis service provided by Hubspot, to better understand website usage. Hubspot’s web traffic analytic tool collects information such as how often users visit websites, what pages they visit and what other websites they used prior to visiting. Hubspot uses the data collected to track and examine the use of the websites, to share such data with other Hubspot services, or to personalize the ads of its own advertising network. Hubspot’s ability to use and share information collected by their web traffic analytic tool is restricted by the Hubspot Terms of Service (https://legal.hubspot.com/terms-of-service) and the Hubspot Privacy Policy (https://legal.hubspot.com/privacy-policy).

Most web browsers allow some control of most cookies through the browser settings. For example, there are simple procedures in most browsers that allow you to delete existing cookies. If you want to set your computer or mobile web browser to reject all cookies by default, please visit the home page for your browser for instructions. If you reject all cookies, you may still use our websites; however, this may affect the functionality of some areas of our websites.

We do not track our website users over time or across third-party websites to provide targeted advertising. At this time, we do not respond to “Do Not Track” signals from your web browser due to the lack of an established industry standard. For more information about “Do Not Track” signals, please visit https://allaboutdnt.com/.

Our Uses of Personal Information

The Personal Information that is collected in connection with our Services may be used in any of the following ways:

• To respond to your requests for information about our products or services;
• To provide you with marketing communications whether about a particular Paradigm Health product or concerning general information about our products and services;
• To determine if you are eligible for certain products, services, or programs;
• To manage or develop our business relationship with you (e.g., to respond to questions, to contract with Paradigm Health, invite you to events, comply with compliance and/or regulatory obligations, or determine eligibility for Paradigm Health programs);
• To recruit and/or consider you for employment;
• For our research, development, and collaboration efforts;
• For regulatory reporting; and
• For other everyday business purposes, such as payment processing and financial account management, product development, contract management, fulfillment, analytics, fraud prevention, corporate governance, reporting, and legal compliance.

The information that we collect from your devices is used to better design our websites. We analyze the information we collect to enhance our websites’ security and to track the popularity of certain pages on the websites, the success of our email notifications, traffic levels on the websites, and other usage data, all of which helps us to provide content tailored to your interests and improve our websites and related Services.

We do not make any decisions about you based solely on automated processing of your information, including profiling, unless we inform you, as required by applicable laws.

How We Share Personal Information

We may share your Personal Information with third parties with whom we have contracted, as well as affiliates and business partners. We will require these recipients to use your Personal Information only for appropriate purposes and take appropriate measures to protect your Personal Information.

In the event that we sell or transfer all or a portion of our business or assets to a third-party, such as in the event of a corporate sale, merger, reorganization, dissolution or similar event, we may transfer information that we have collected to such third-party. We will require such a third-party to continue to comply with this Privacy Notice.

We may disclose information if we believe it is necessary: (a) to comply with any law applicable to us, a request from law enforcement, a regulatory agency, or other legal process; (ii) to protect the legitimate rights, privacy, property, interests, or safety of Paradigm Health, our patients and providers, business partners, personnel, or the general public; (iii) to pursue available remedies or limit damages; (iv) to enforce our terms and conditions on our products or services; or (v) to respond to an emergency. We reserve the right to disclose Personal Information when we believe in good faith that such action is necessary to comply with a legal obligation.

In addition to the disclosures described in this Privacy Notice, we may share information about you with third parties when you consent to or request such sharing.

Third Party Advertising

Paradigm Health has relationships with third-party advertising companies to place advertisements on this website and other websites, and to perform tracking and reporting functions for this website and other websites. These third-party advertising companies may place cookies on your computer when you visit our websites or other websites so that they can display targeted advertisements to you. These third-party advertising companies do not collect Personal Data in this process, and we do not give any Personal Data to them as part of this process. However, this Privacy Notice does not cover the collection methods or use of the data collected by these vendors. For more information about third-party advertising, please visit the Network Advertising Initiative (NAI) at www.networkadvertising.org.

Links to Other Websites

Our websites may contain links to third-party websites, which are not operated or controlled by Paradigm Health and for which Paradigm Health is not responsible. The links from the websites do not imply that Paradigm Health endorses or has reviewed the third-party websites. Once you leave one of our websites, we are not responsible for the protection and privacy of any information you provide. We suggest contacting those third parties directly for information on their privacy practices.

Global Access and Data Transfers

Paradigm Health operates in many countries around the world and your Personal Information may be accessible to or shared with any of our affiliates, business partners, consultants, contractors, service providers, and vendors in various countries for the purposes specified in this Privacy Notice.

The laws in certain countries may not provide the same level of protection as the laws in your country or region. When that is the case, and as required by applicable laws, we take steps to protect your information, such as by entering into contracts with recipients of your information or by implementing additional data protection safeguards.

By using our websites or Services or you are otherwise providing information to us, you hereby expressly consent to the transfer of your Personal Information outside your country or region.

Children’s Privacy Protection

Protecting the privacy of children is especially important to us. We take seriously our obligations under applicable laws concerning the collection of Personal Information from children. Our Services are not directed to children and we do not knowingly allow children to communicate with us or use any of our websites or Services. We request that children do not provide any Personal Information through our websites or in connection with the Services. If you are a parent and become aware that your child has provided us with Personal Information, please contact us at privacy@paradigm.inc.

Your Choices and Rights

If you would like your Personal Information removed from our systems, changed, or updated, you can contact us at: privacy@paradigm.inc. If requested, we will promptly verify and delete your account and you will no longer receive emails or other communications from Paradigm Health. Your removal from the mailing list or our systems will not remove records of past transactions or delete information stored in our data backups and archives where we are required to keep your data for legitimate business or legal requirements. Data on past transactions and data stored in backups and archives will be deleted in the normal course of our business.

Under certain laws, such as the European Union’s General Data Protection Regulation (GDPR), the UK Data Protection Act (UK-GDPR), the Swiss Federal Act on Data Protection, the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), or Washington’s My Health My Data Act, you may have the following rights with respect to your Personal Information:

• Your right of access. You may have the right to ask us to provide clear, transparent and understandable information on how we process your Personal Information, as well as for copies of your Personal Information. There are some exemptions, which means you may not always receive all the information we process.

• Your right to rectification. You may have the right to ask us to rectify information you think is obsolete or inaccurate and the right to ask us to complete information you think is incomplete.

• Your right to deletion of your personal information. You may have the right to ask us to delete your Personal Information in certain circumstances.

• Your right to restriction of processing. You may have the right to ask us to restrict the processing of your Personal Information, during a limited period of time, in certain circumstances.

• Your right to object to processing. You may have the right to object to processing, in which case, Paradigm Health will no longer process your Personal Information unless Paradigm Health demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, such as compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

• Your right to data portability. You may have the right to ask that we transfer the information you gave us from one organization to another or give it to you. • Your right to withdraw your consent. If we process your Personal Information based on your consent, you have the right to withdraw your consent, without this withdrawal affecting the lawfulness of the processing operations previously carried out.

• Your right to close your account. If you receive our services through online accounts, you have the right to close your accounts. We will then delete or anonymize your Personal Information associated with your accounts, unless otherwise permitted under applicable laws.

Depending on your country of residence and the country where the Paradigm Health entity processing your Personal Information is established, you may have additional local rights with respect to our processing of your Personal Information. Please note that some of the Personal Information that we collect, use and disclose may be exempt from the rights outlined above.

You can submit your request by sending us an email at privacy@paradigm.inc.

We will respond to your requests within the time period prescribed by applicable laws. Under certain circumstances, Paradigm Health may ask you for specific information to confirm your identity and ensure the exercise of your rights. This is a security measure to safeguard Personal Information. We will notify you when your request is completed, if we deny your request to exercise your rights (because, for example, an exception applies), or if there is a fee associated with processing your request.

You may designate an authorized agent to exercise your rights on your behalf. In such case, we will also need to verify your agent’s identity and obtain proof of your authorization. We may need to deny a request from an agent whose identity or authorization we cannot verify.

If you believe that Paradigm Health has processed information in a manner that is unlawful or breaches your rights, or has infringed applicable laws, you may have the right to complain directly to your local data protection authority. Without limiting any rights to complain directly to an authority, we are committed to protecting Personal Information, and complaints may be made directly to us.

We will not discriminate against you for exercising any data subject right you have under applicable law.

Data Security

Paradigm Health stores Personal Information and other data using reasonable physical, technical and administrative safeguards to secure information and data against foreseeable risks, such as unauthorized use, access, disclosure, destruction or modification. Please note, however, that while Paradigm Health has endeavored to create secure and reliable websites for our users, the confidentiality of any communication or material transmitted to or from one of our websites or via e-mail cannot be guaranteed. You should take special care in deciding what information you transmit, upload, send, or otherwise submit to Paradigm Health.

In case of a Personal Information security incident, as required by applicable laws, we will inform you in a timely manner and report the incident to the relevant regulatory authorities.

Data Retention

We retain your information for as long as it is necessary for the purposes set out in this Privacy Notice, unless required by law to retain it for a longer period of time. To determine the appropriate retention period for information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, whether we can achieve those purposes through other means, and all applicable global legal, regulatory, and compliance requirements.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time. At a minimum, we will post an updated version on our websites. Paradigm Health encourages you to review this Privacy Notice regularly for any changes. Any changes will be effective immediately upon posting of the revised Privacy Notice, and your continued use of our websites or our Services will be subject to the then-current Privacy Notice.

Contact Us

If you have any questions about this Privacy Notice or about our handling of your Personal Information, please contact us at: privacy@paradigm.inc.

We endeavor to respond to your request as soon as reasonably possible in compliance with all applicable laws.

Additional Information for Individuals in the European Union/European Economic Area (EEA), United Kingdom, or Switzerland

We are required to comply with the European Union’s and the United Kingdom’s General Data Protection Regulations (“GDPR”), Switzerland’s Federal Act on Data Protection (FADP) and similar applicable local laws with regards to certain Personal Information we collect. The data controllers of your Personal Information are the Paradigm Health entities referenced when we collect your Personal Information. Please contact us if you have any questions about the controller or controllers of your Personal Information.

Sensitive Personal Data. We may process special categories of information (e.g., sensitive personal data that reveals racial or ethnic origin or genetic, biometric and health information etc.) only where you give us your explicit consent, or when our processing is for scientific research purposes, necessary to meet a legal or regulatory obligation, in connection with the establishment, exercise or defense of legal claims, or is otherwise expressly permitted by law. If we need to collect your Personal Information by law or under the terms of a contract we have with you and you do not provide the requested information, we may not be able to perform the contract we have, or are trying to enter into, with you.

The servers where your Personal Information are stored may be located in the United States or other countries that have not been deemed by the European Commission to provide an adequate level of protection for Personal Information. In addition, we may share Personal Information with our external business partners, clients, service providers, vendors or any other third parties located outside of the EEA. When we transfer Personal Information out of the EEA to other countries that have not been deemed adequate, we will implement one or more of the safeguards deemed to provide appropriate safeguards by the European Commission, which may include EU Standard Contractual Clauses, transfers to organizations that protect Personal Data under binding corporate rules, or transfers to organizations that operate under an approved code of conduct or certification mechanism.