Privacy Policy

Your privacy is critically important to us. Effective: February 6, 2023 INTRODUCTION Primary Diagnostics, Inc, (referred to as “Primary.Health,” “Primary,” “we” “us,” or “our”), owns and operates the website located at https://primary.health (the “Website”) and its accompanying mobile application (the “Mobile Application”) (collectively, the “Services”). The Services enable users (“you” or “User”) to receive access to several types of healthcare information. Primary understands that privacy of information is of great importance to our Users. APPLICABILITY OF THIS PRIVACY POLICY  This privacy policy (“Privacy Policy”) describes what information Primary collects, uses, and discloses information from Users of the Services. Our California Privacy Notice includes definitions and content consistent with California law. If we are providing the Services to you on behalf of a third-party partner (such as your employer, health care provider, or school) who has paid (in whole or in part) for you to use the Services, we will abide by the terms of our agreement with that third-party partner related to the use of the information we collect. If you have any questions about our third-party partner’s privacy practices, please contact us using the contact information below.  AGREEMENT TO THIS PRIVACY POLICY Your access and use of the Services is subject to your agreement with this Privacy Policy and our Terms of Service. By using the Services, you expressly agree to the terms of this Privacy Policy and consent to the collection and use of information as discussed in this Privacy Policy.> If you do not agree with this Privacy Policy, please do not use or access the Services for any purpose.   PRIVACY POLICY UPDATES We may need to update our Privacy Policy as we and our customers grow and evolve. If we make material changes, we will notify you by email (sent to the email address specified in your account) or by posting a notice on the Services, as well as inform you of any choices you may have with respect to these changes. By accessing or using the Services after such changes are posted, you agree to all such changes. COLLECTION, USE AND DISCLOSURE OF INFORMATION  What we collect: Information you give us. We collect and store information you provide through our Services. When you register to use the Services, we may collect the following information from you:

• Name
• Postal address
• Email address
• Phone number

In certain situations, we may also collect things like:

• Driver’s license number
• Social Security Number
• Location information
• Demographic and lifestyle information, for example to determine eligibility for health programs
• Medical and health insurance information
• Survey responses

Information collected automatically online. We collect information about your interactions with us including, for example:

• The type of device or browser you’re using
• Your IP address
• Your Operating System version
• Phone carrier and manufacturer
• Application installations
• Push notification tokens
• Your browsing behavior while on our Services.
• The URLs of the website you visited before visiting our Services (these are called “referring URLs”)
• Dates and times of user visits.

Primary.Health and our partners use technologies such as cookies or similar technologies to analyze trends, administer the Services, track Users’ movements around the Services, and gather demographic information about our user base as a whole.   Cookies are small text files containing a string of alphanumeric characters. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. We may use both session cookies and persistent cookies. A session cookie disappears after you close your browser. A persistent cookie remains after you close your browser and may be used by your browser on subsequent visits to our Services. Please review your web browser’s “Help” file to learn the proper way to modify your cookie settings. Please note that if you delete or choose not to accept cookies from the Service, you may not be able to utilize the features of the Service to their fullest potential. How we use the information we collect:

• To provide, maintain, improve, and enhance our Services;
• To personalize your experience on our Services such as by providing tailored content and recommendations;
• To understand and analyze how you use our Services and develop new products, services, features, and functionality;
• To communicate with you, provide you with updates and other information relating to our Services, provide information that you request, respond to comments and questions, and otherwise provide customer support;
• For marketing purposes, such as developing and providing promotional materials that may be relevant, valuable or otherwise of interest to you;
• To generate anonymized, aggregate data containing only de-identified, non-personal information that we may use to publish reports;
• To send you text messages and push notifications;
• To fulfill orders and requests for products, services, or other information;
• To process refunds, returns, and exchanges;
• To track and confirm online orders;
• To find and prevent fraud, and respond to trust and safety issues that may arise;  
• For compliance purposes, including enforcing our Terms of Service or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency; and
• For other purposes for which we provide specific notice at the time the information is collected.

How we share your information. We may combine or share information among current or future Primary.Health companies, including affiliates and subsidiaries. We may share any information we received with vendors and service providers retained in connection with the provision of our Services. We also may share personal information in connection with co-branded product or service offerings (including sharing personal information with business partners to validate offers).  We use analytics services such as Google Analytics to collect and process certain analytics data. These services may also collect information about your use of other websites, apps, and online resources. You can learn more about Google’s practices by visiting https://www.google.com/policies/privacy/partners/. Sometimes we may be required to share personal information for legal reasons, for example, if we are required to do so by a regulation, court order, subpoena or other legal process. We may also share information when we believe it is necessary to comply with the law or to respond to a government request, or when we believe disclosure is necessary or appropriate to protect Primary.Health, our customers, or others. We may share personal information in the event of a corporate sale, merger, acquisition, joint venture, reorganization, divestiture, dissolution, liquidation, or similar event. We may also disclose your information with your permission. How we protect your information. We use a variety of security measures designed, under a risk-based approach, to ensure the confidentiality of your information. However, as set forth in our terms of use, we cannot and do not guarantee the security of information transmitted to us. You also can do your part to help protect the information you provide to us, create a strong password, use that password only on our Services, and not share your password with anyone – especially anyone claiming to work with us. We would never contact you and ask for your password – ever. Your choices. You may at any time:

• Unsubscribe from our marketing or promotional emails, direct mail, phone, and mobile marketing communications. However, even if you opt out of receiving promotional messages from us, you will continue to receive administrative messages from us
• Update and correct your personal information
• Deactivate your account

To do any of these, let us know by one of these methods:

• To unsubscribe from marketing or promotional emails, follow the directions in a marketing email, direct mail, or mobile communication that you receive from us
• For other requests, provide your request and current contact information through one of the contact methods listed under “contact us” below

Protecting children’s privacy. We do not knowingly solicit or collect personal information from children under the age of 13 without parental consent. If you believe that a child under age 13 may have provided us with personal information without parental consent, please contact us as specified in the “How to contact us” section of this policy. Links to other Websites. Our Services may link to other websites, some of which may have their own privacy policies. We are not responsible for the privacy practices of these third parties. Please be aware that this Privacy Policy does not apply to your activities on these third-party services or any information you disclose to these third parties. Be sure to review the privacy policy on the website you are visiting. Text Message Alerts

1. If you agree to opt in to our message alert service, you will receive messages regarding your appointment and test results.
2. You can cancel the SMS service at any time. Just text “STOP” to the short code. After you send the SMS message “STOP” to us, we will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time and we will start sending SMS messages to you again.
3. If you are experiencing issues with the messaging program you can reply with the keyword HELP for more assistance, or you can get help directly at su*****@pr*****.health or (855) 970-0077.
4. Carriers are not liable for delayed or undelivered messages
5. As always, message and data rates may apply for any messages sent to you from us and to us from you. You will receive 5-6 messages per appointment. If you have any questions about your text plan or data plan, it is best to contact your wireless provider.

International Visitors Our Services are hosted in the United States and intended for Users located within the United States. If you choose to use the Services from the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your personal information outside of those regions to the United States for storage and processing. Also, we may transfer your data from the U.S. to other countries or regions in connection with storage and processing of data, fulfilling your requests, and operating the Services. By providing any information, including personal information, on or to the Services, you consent to such transfer, storage, and processing. California residents: If you are a California resident, please review our California Privacy Notice. Contact Us If you have questions regarding this policy, please email us at https://privacy.primary.health or contact us using the information below. Primary Diagnostics, Inc. 595 Pacific Ave Floor 4 San Francisco, CA 94133 1-855-970-3223 Primary Diagnostics © 2023. All rights reserved.   Submit a data request to https://privacy.primary.health. If you are a California resident, the information below applies to you in addition to our Privacy Policy. This privacy notice for California residents (“California Privacy Notice”) supplements the information contained in the Privacy Policy and applies to: California residents from whom we collect Personal Information as a business under the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 (California Civil Code §§ 1798.100 to 1798.199) and its implementing regulations, as amended or superseded from time to time (“CCPA”). Please be aware that this California Privacy Notice only applies to information covered by the CCPA. It may not apply to information that is covered by state and federal privacy laws, for example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Furthermore, if we are providing the Services to you on behalf of a third-party partner (such as your employer, health care provider, or school) who has paid (in whole or in part) for you to use the Services, we will abide by the terms of our agreement with that third-party partner related to the use of the personal information we collect. If you have any questions about our third-party partner’s privacy practices, please contact us using the contact information below. This Statement uses certain terms that have the meanings given to them by the California Consumer Privacy Act. For purposes of this section, “Personal Information” means information that identifies, or could reasonably be associated with, you, your device or household, or as otherwise defined by the CCPA. Personal Information does not include information that is:

• Publicly available, as defined by the CCPA.
• Deidentified or aggregated.
• Otherwise excluded from the scope of the CCPA.

a. Categories of Personal Information We Collect and Disclose to Third Parties We collect and disclose for a business purpose each of the categories of personal information described in the chart below.  

Categories of Personal Information Collected	Categories of Third Parties to Whom the Personal Information was Disclosed for a Business Purpose
Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as customer number, unique pseudonym, or user alias), email address, account name, Social Security number, driver’s license number, passport number, and other similar identifiers, physical characteristics or description, state identification card number, and signature, a device identifier; cookies, beacons, pixel tags, and similar technology; other forms of persistent or probabilistic identifiers, and Internet Protocol address	Service providers Government Entities, including law enforcement Lab partners Our affiliates
Other Medical and Health Information: financial information (which is only collected and processed by our third party payment/reimbursement processors), medical information, and health insurance information	Government Entities, including law enforcement Service providers Payment/ Reimbursement processors Lab partners
Information Related to Characteristics Protected Under California or Federal Law: characteristics of protected classifications under California or federal law, such as race, color, national origin, religion, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, genetic information, disability, citizenship status, and military and veteran status	Government Entities, including law enforcement Program Eligibility providers
Commercial Information: including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies	Government Entities, including law enforcement Our affiliates Joint marketing partners
Internet and Other Electronic Network Activity Information: including, but not limited to, browsing history, search history, and information regarding your interaction with Website, applications or advertisements	Government Entities, including law enforcement Our affiliates
Sensory Information: visual information	Government Entities, including law enforcement
Professional or Employment-Related Information	Government Entities, including law enforcement
Profile Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting our preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes	Government Entities, including law enforcement Our affiliates
Sensitive Personal Information: social security number, driver’s license, racial or ethnic origin, personal information collected and analyzed concerning a consumer’s health	Government Entities, including law enforcement Service Providers Our affiliates

Over the previous twelve months, we have collected each of the categories of personal information described above. Primary.Health discloses Personal Information to government entities, including law enforcement, only in the following circumstances: (1) when required to do so as a matter of law; (2) to assist in the investigation of a potential crime impacting Primary.Health, its employees, its customers, or the communities we serve; or (3) when required in response to legal process (e.g., subpoena, warrant). Primary.Health does not use or disclose sensitive personal information for purposes other than those set forth in the CCPA. b. We have collected, used, or disclosed personal information about you for the following business or commercial purposes:

• Performing services you have purchased from or contracted for with us, including maintaining or servicing accounts (e.g., your Primary.Health account), as well as providing customer service, processing or fulfilling orders and transactions, and verifying customer information,
• Providing advertising or marketing services, providing analytics services, or providing similar services
• Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance
• Short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction
• Detecting and responding to security incidents, protecting against and responding to malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity
• Debugging to identify and repair errors that impair existing intended functionality
• Undertaking internal research for technological development and demonstration
• Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us
• Customizing your experience on our Website or Mobile Applications
• Processing liability claims
• Complying with and enforcing applicable legal requirements, relevant industry standards and our policies

In the past twelve months, we have collected, used, and disclosed personal information about you for the above purposes. In addition, we disclosed information about visitors to our public website to advertising and ad measurement providers in order to show you ads for our services and measure the effectiveness of those ads. Under CCPA, these disclosures may constitute a “sale” or “sharing” of your personal information. We do not have actual knowledge of selling or sharing the personal information of consumers under the age of 16. We no longer disclose your information to such providers and therefore do not sell or share your personal information. c. We have collected personal information about you from the following sources:

• You
• Our affiliates
• Device(s) You Used
• Service Providers

d. California Consumer Privacy Rights. You have certain choices regarding our use and disclosure of your personal information, as described below.

• Access: You have the right to request, twice in a 12-month period, that we disclose to you the personal information related to you we have collected during the past 12 months. This may include:
  • The categories and specific pieces of personal information we have collected about you
  • The categories of sources from which we collected the personal information
  • The business or commercial purpose for which we collected or sold the personal information
  • The categories of third parties with whom we shared the personal information
  • The categories of personal information about you that we sold or disclosed for a business purpose, and the categories of third parties to whom we sold or disclosed that information for a business purpose
• Deletion: You have the right to request that we delete certain personal information we have collected from you, unless an exception applies. Such exceptions include, but are not limited to, when the personal information is necessary to complete a transaction or provide goods or services to you, detect security incidents, comply with the law, and for internal uses reasonably aligned with your expectations.
• Correction: You have the right to correct inaccurate Personal Information that we maintain about you.
• Opt-Out of Sale or Sharing: You have the right to opt-out of the sale or sharing of your personal information.
• Right to Non-Discrimination: If you choose to exercise any of your rights under the CCPA, as amended by the California’s Privacy Rights Act (“CPRA”), you have the right not to receive, and will not receive, discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. Employees and contractors are provided notice via different statements.

e. How to Submit a Request.

• Submit access, correction, and deletion requests by sending an email to pr*****@pr*****.health">pr*****@pr*****.health.

f. Verifying Requests. To help protect your privacy and maintain security, we will take steps to verify your identity before granting you access to your personal information or complying with your request. If you have an account with us, we may verify your identity by requiring you to sign into your account. If you request access to, correction or deletion of your personal information and do not sign into an account with us, we require you to provide the following information: name, email address, phone number, and postal address. In addition, if you do not have an account and you ask us to provide you with specific pieces of personal information, we reserve the option to require you to sign a declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request. If you designate an authorized agent to make an access, deletion or opt-out of sale request on your behalf (1) we may require you to provide the authorized agent written permission to do so, and for access, correction and deletion requests, we may require you to verify your own identity directly with us (as described above). g. How Your Information Is Retained We will retain your information for a time period specifically required or allowed by applicable regulations or laws and as needed to fulfill legitimate business purposes, including providing you products and services, complying with our legal obligations, resolving disputes, enforcing our agreements, or for other purposes described in this California Privacy Notice. Our retention of information is based on many factors such as your relationship with Primary Health or our customers, the nature of the information, compliance with our legal obligations, and defending or resolving actual or anticipated legal claims. h. Additional Information This Statement is available in alternative formats upon request. Please submit a request to pr*****@pr*****.health to request this Statement in an alternative format. Last Updated: February 6, 2023