2. How to Contact Us

If you have any questions or comments about this Privacy Policy or our privacy practices, please contact us:

Online: www.figmd.com/contact/

By Email: privacy@figmd.com

By Phone: +1 773-672-3155

By Mail: FIGmd, Inc. 6952 Rote Road, Suite 400, Rockford, IL 61107

3. Children and Privacy

Our Services are not directed at children and we do not knowingly collect personal information relating to children under the age of 16. If you are not 16 years or older, do not use our Services. Personal information related to a child who is less than 16 years of age shall not be processed, used or disclosed without the explicit written consent of a parent or legal guardian.

5. Children and Privacy

Information That You Give us:

In many cases, we collect personal information directly from you. We will ask you for personal information (including Contact Information and Relationship Information) when you interact with us. We may collect additional Relationship Information from third-party data suppliers who enhance our files and help us better understand our customers.

When you purchase products or services from FIGmd, we collect Transaction Information. We also collect Transaction Information when you visit our website, use our applications or contact us, such as for customer service purposes.

Information We Collect:

We use cookies and similar tools to automatically collect information about you when you use our website or applications.

When you use our website or applications, we collect technical information about your device such as electronic communication protocols, IP addresses, the hardware model of your device, operating system version, unique device identifiers, browser type and language preferences.

We may also collect information about your use of our website or applications, such as pages visited, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any contact details used to correspond with us by post, email or telephone.

We treat this information as personal information when it is associated with your Contact Information or any other personal information that identifies you. For more information about cookies and other technologies, please see the section on Cookies below.

Information Received From Health Providers:

We also receive personal information from our clients, including (without limitation) hospitals, health care providers and other Covered Entities (as defined by HIPAA) (“Health Providers”). FIGmd processes such personal information as a “Business Associate” (as defined by HIPAA), and as a “Data Processor” under European Law. We process such personal information to provide our Services to Health Providers, which includes generating performance reports and undertaking research.

When we receive personal information from Health Providers, we do not own the personal information and will only use it for providing our Services in compliance with this Privacy Policy and our contractual obligations to Health Providers.

6. How We Use Personal Information

When you provide personal information to us through our Services, we use it primarily to deliver our Services to you.

We also collect and use personal information for the following purposes:

• To fulfil your requests for products or services and for related activities, such as product and service delivery, customer service, account management, support and training and to provide other services related to your relationship with us

• o provide you with marketing communications and offers for products and services from FIGmd and, in some cases, our partners, including offers targeted based on your interests, business characteristics and location, provided you have given your consent if required by the applicable law

• To administer surveys

• To determine if you are eligible for certain products, services or offers

• To provide you with additional information that may be of interest, such as FIGmd news and announcements and technical service bulletins

• To manage our everyday business needs, such as payment processing and financial account management, product development, contract management, website administration, forum management, fulfilment, analytics, security and fraud prevention, corporate governance, reporting and legal compliance and business continuity

• To enforce our terms and conditions and other usage policies, and

• To protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others, and to allow us to pursue available remedies or limit any damages that we may sustain

If you are based in Europe, we will only process your personal information for a purpose described in this Privacy Policy if: (1) you have provided your consent (which can be withdrawn at any time); (2) the processing is necessary for the performance of a contract we are about to enter into or have entered into with you; (3) we are required by law to do so; or (4) the processing is necessary for the purposes of our legitimate commercial interests (except where such interests are overridden by your rights and interests).

Where we process personal information on behalf of Health Providers as a Business Associate (and/or a Data Processor), we do not own such personal information and will only use it to provide our Services, to generate performance reports and to undertake research in compliance with this Privacy Policy and our contractual obligations. We presume such information is accurate and do not explicitly validate its accuracy before, during or after processing.

7. How Long We Retain Personal Information

We store personal information, in a form that permits us to identify you, for no longer than is necessary for the purpose for which the personal information is processed. We store your personal information as necessary to comply with our legal obligations, resolve disputes and enforce our rights. For details of our data retention practices, please refer to our Document and Record Management Policy. A copy of the document and record Management policy can be requested by sending an email to privacy@figmd.com.

8. Disclosure of Personal Information

We may share your personal information with the parties set out below:

• Our affiliates, which may only use your personal information for the purposes set out in this Privacy Policy

• Our service providers, who are bound by law and contract to protect your personal information and only use your personal information in accordance with our instructions

• Our business partners, if you have purchased products or services from such partner, interacted with such partner, or otherwise indicated interest in that partner’s products or services. For example, if you are referred to FIGmd from a business partner website, we may provide that partner with your Contact Information and certain Transactional Information to validate the referral. We may also provide your Contact Information to companies that offer complementary products and services if you request information about these solutions

• We may also disclose personal information where needed to effect the sale or transfer of business assets, to enforce our rights, protect our property or protect the rights, or safety of FIGmd and others or to support external auditing, compliance and corporate governance functions

• We will disclose personal information when required to do so by law, such as in response to a subpoena or other request, including to law enforcement agencies and courts in the United States and other countries where we operate

Where we process personal information on behalf of Health Providers as a Business Associate (and/or a Data Processor), we use and disclose personal information, including electronic personal health information (or “ePHI”), for the purposes of providing our Services and for carrying out health information processing operations in accordance with the Business Associate agreements we hold with these Health Providers.

FIGmd strictly prohibits the selling of personal information and any other use or disclosure of the personal information outside our health information processing operations, except when mandated by our legal, regulatory or contractual obligations.

We will only transfer your personal information to trusted third parties who provide sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out and who can demonstrate a commitment to compliance with those measures.

FIGmd’s associates may use personal information received from Health Providers for their processing operations in compliance with this Privacy Policy.

We do not share personal information with our affiliates or third parties for their direct marketing use.

Please note that we may use and disclose information about you that is not personally identifiable. For example, we may publish reports that contain aggregated and statistical data about our clients. These reports do not contain any information that would enable the recipient to contact, locate or identify you. These reports do not contain any identifiable company information.

9. Cookies

Our Use of Cookies:

When you visit our website, use our mobile applications or correspond with us via email, we collect certain information, including personal information, by automated means, using technologies such as cookies, pixel tags, browser analysis tools, server logs and web beacons.

Cookies are small text files that websites send to your computer or other internet-connected device to uniquely identify your browser or to store information or settings in your browser. Cookies allow us to recognize you when you return. They also help us provide a customized experience and enable us to detect certain kinds of fraud.

Pixel tags and web beacons are tiny graphic images placed on website pages or in our emails that allow us to determine whether you have performed a specific action. When you access these pages or open or click an email, the pixel tags and web beacons generate a notice of that action. These tools allow us to measure response to our communications and improve our web pages and promotions.

You do not have to accept cookies and your consent can be withdrawn at any time (see How to Control Cookies, below).

In many cases, the information we collect using cookies and other tools is only used in a non-identifiable way, without any reference to personal information. For example, we use the information we collect about all website users to optimize our website and to understand website traffic patterns.

In some cases, we do associate the information we collect using cookies and other technology with your personal information. This Privacy Policy applies to the information we collect using cookies when we associate it with your personal information

Third-Party Cookies:

Cookies set by a website owner (in this case, FIGmd) are called “first party cookies”. Cookies set by parties other than the website owner are called “third-party cookies”. Third-party cookies enable us to provide third-party features or functionality through our website (i.e. advertising, social media functions and analytics).

FIGmd has relationships with third-party advertising companies to place advertisements on our website and to perform tracking and reporting functions for our website. These third-party advertising companies may place cookies on your device when you visit our website so they can display targeted advertisements to you. This Privacy Policy does not cover the collection methods or use of the information collected by these vendors.

A third-party vendor used by FIGmd is Google Analytics. For information on how Google Analytics uses data, please visit “How Google uses information from sites or apps that use our services”, located at: https://policies.google.com/technologies/partner-sites?hl=en.

How to Control Cookies:

In many cases, you can manage cookie preferences and opt-out of having cookies and other data collection technologies used by adjusting the settings on your browser.

Please follow the links below to access helpful information for the most popular browsers:

• Microsoft Internet Explorer: https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies

• Google Chrome:https://support.google.com/chrome/answer/95647?co=GENIE.Platform%3DDesktop&hl=en

• Mozilla Firefox:https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

• Apple Safari:https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac

We support “do not track” signals (“DNT”). If you have DNT enabled on your web browser, we will not receive browser-related information from our advertising partners for tailoring advertisements.

In some cases, we do associate the information we collect using cookies and other technology with your Personal Information. This Privacy Policy applies to the information when we associate it with your Personal Information.

In addition, you can opt-out of being targeted by many third-party advertising companies by visiting:

• http://optout.aboutads.info/?c=2&lang=EN

• http://optout.networkadvertising.org/?c=1

• http://www.youronlinechoices.com/

• http://preferences-mgr.truste.com/

10. California Privacy Rights

If you are a California resident, the California Civil Code permits you to request information relating to the sharing of certain categories of your personal information with third parties. If you reside in California and have provided your personal information to FIGmd, you may request information about our disclosures of certain categories of personal information to third parties for direct marketing purposes. Such requests can be submitted to us by email to privacy@figmd.com, or using the contact details provided above.

11. Our Mobile Applications

We offer mobile applications that allow you to access your account, interact with us online and receive other information via your mobile device. All personal information collected by FIGmd via our mobile applications is governed by the terms of this Privacy Policy.

12. Your Choices

Your marketing preferences:

We may send you marketing emails regarding our Services, upcoming promotions and other information that may be of interest to you, provided you have given your consent, if required by the applicable law. If you do not wish to receive such marketing emails from us, you may use the “unsubscribe” option at the bottom of our emails to opt-out.

Please note that even if you opt-out of promotional emails, we may still need to contact you with important transactional information about your account. For example, even if you opt-out of emails, we may still send you activity confirmations and account statements.

If you need any assistance with opting-out, please contact us using the contact details provided above.

Your rights:

In certain circumstances, you may have the right to request access to your personal information, to object to or restrict the use of your personal information and/or to request that incomplete, incorrect, unnecessary or outdated personal information is deleted or updated.

If you have an online account, you can log into your account at any time to update the personal information you have provided to us.

If you would like to exercise your rights or have any questions about your choices, please contact us using the contact details provided above. If you send us a letter, please provide your name, address, email address and detailed information about the personal information you would like to update, modify or delete or any other changes you would like to make.

We may request further information to verify your identity as part of this process.

We may deny a request for access to personal information if we believe that releasing such information may endanger the life or physical safety of an individual or may otherwise cause substantial harm. We will report all such requests to the appropriate law enforcement agencies.

Information we process on behalf of Health Providers:

We will not update, modify or delete any information that we process on behalf of Health Providers as a Business Associate (and/or a Data Processor). Such requests should be directed to the relevant Health Provider as Data Controller).

Any request to access personal information, including ePHI, processed by FIGmd on behalf of a Health Provider must be directed to the relevant Health Provider to whom you disclosed your personal information. Under no circumstances shall FIGmd share any personal information that it has received from a Health Provider for processing with anyone else unless required by applicable law.

13. European Privacy Rights

If you are a European resident, in certain circumstances you have rights under the GDPR in relation to personal information we hold about you—specifically the right to:

• Request access to your personal information

• Request correction of your personal information

• Request erasure of your personal information

• Object to the processing of your personal information

• Request restriction of processing your personal information and

• Request transfer of your personal information to a third party

To exercise your rights, please contact us using the contact details provided above. If you send us a letter, please provide your name, address, email address and detailed information about the personal information you would like to update, modify or delete or any other changes you would like to make, or right you would like to exercise.

We aim to respond to requests made by you within one month but may extend that period by two further months where necessary.

We will not charge a fee for you to exercise any of the rights listed above, but reserve our right to charge a reasonable fee, or to refuse to act on requests which are manifestly unfounded or excessive.

Where you believe that we have not complied with our obligation under this Privacy Policy or European data protection law, you have the right to make a complaint to an EU Data Protection Authority, such as the UK’s Information Commissioner’s Office.

14. Information Security

We have implemented an information security program that contains administrative, technical, network and physical controls that are designed to safeguard your personal information. For example, we use industry-standard encryption technology to secure sensitive personal information when it is being collected and transmitted over the internet as well as firewalls, site monitoring and intrusion detection software. Please note that you should also take steps to protect yourself, especially online.

15. Notice to Residents of Countries Outside the USA

FIGmd is headquartered in the United States of America. Your personal information will be accessed by or transferred to the United States or to our affiliates and data processors including our FedRAMP Certified cloud service provider within the United States. By providing your personal information, you consent to this transfer. We will protect the privacy and security of your personal information, regardless of where it is processed or stored.

16. Third-Party Links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.