‍

FUNCTION HEALTH: CONSUMER HEALTH DATA PRIVACY POLICY

Effective Date: November 20, 2024

‍

This Consumer Health Data Privacy Policy (“Policy”) applies only to residents of the states of Connecticut, Nevada, and Washington to the extent such states’ respective laws apply to Function Health, Inc. (“Function”, “we”, “our”, “us”) and the relevant consumer health data.

‍

This Policy provides information about how Function collects, stores, and uses your Consumer Health Data arising out of and/or relating to you and/or your use of our Services –which include your use of the Site and any other technologies, features, mobile applications, and content we offer Without Limitation, this Policy applies to Connecticut, Nevada, or Washington residents about whom we collect “consumer health data” (“Consumer Health Data”) as defined by applicable laws such as the Connecticut Data Privacy Act (“CTDPA”), Nevada SB 370, and Washington’s My Health, My Data Act (“MHMD”).

‍

We encourage you to review our Privacy Policy to learn more about Function’s privacy practices. This Policy supplements our Privacy Policy in its entirety, and any capitalized terms in our Privacy Policy have the same meaning herein unless otherwise noted.

‍

This Policy does not apply to third-party websites, applications, products, services, or other properties, even if they may link to our Sites or our Sites may link to them. We recommend you review the privacy practices of those third parties before connecting with and/or accessing third party offerings and sharing any Personal Information.

‍

1. Consumer Health Data We Collect

For purposes of this Policy, “Personal Information” means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with an individual in Connecticut, Nevada, and Washington. Personal information does not include de-identified data or publicly available information. “Consumer Health Data” means Personal Information that is linked or reasonably linkable to an individual and that identifies the individual’s past, present, or future health status or mental health status, as may be applicable.

‍

Our Services involve the collection of Lab Results and Self-Reported Health Information, as well as Consumer Health Data gathered via Cookies. Accordingly, we may collect, or have collected, the following categories of Consumer Health Data about you:

‍

• Name and contact information
• Demographic information
• Account profile information
• Individual health treatments, conditions, or diseases
• Social, psychological, behavioral, or medical interventions
• Health-related surgeries or procedures
• Use or purchase of prescribed medication
• Diagnosis or diagnostic testing, treatment, or medication
• Gender affirming care information
• Reproductive or sexual health information
• Genetic data
• Bodily functions
• Vital signs, symptoms, or measurements of the above categories
• Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies
• Data that identifies you seeking health care services
• Device information (such as IP address, device identifiers, mobile app identifiers, device operating system information)
• Any information that we or our service providers process to associate or identify you with the above information that is derived from non-health information (such as inferred data).

‍

We may create aggregated, de-identified, or anonymized information from Consumer Health Data by removing certain data components (such as your name, email address, or linkable tracking ID) that makes the data identifiable, or through aggregation, obfuscation or other means. For example, we may de-identify any information and data provided and/or generated in connection with your use of our Services (including without limitation your Lab Results and Self-Reported Health Information, as those terms are defined below), in compliance with applicable law. Subject to applicable law, our use of such aggregated, de-identified, or anonymized information is not Personal Information.

‍

2. Categories of Sources of Consumer Health Data

‍

We may collect Consumer Health Data from the following categories of sources:

• Directly from you through your interactions with us, such as when you use the Sites or Services, create an account with us, complete electronic forms, upload medical records to our Site or Services, link a wearable and/or Internet of Things device to our Sites or Service, or otherwise contact us via chat, email, phone, or text (altogether “Self-Reported Information”).
• From third party healthcare services providers, laboratory services providers, and other providers of medical and medical-adjacent services, (our “Lab and Provider Partners”), with your permission and in accordance with applicable law and the context in which you provided the data.
• Through linked wearable devices connected to our Services (which may include historical data related to your use of the wearable devices).
• From other third parties, such as our business partners and affiliates.
• From third parties that you choose (such as lab providers).
• From automatic tracking technologies.
• From our creation, inference or generation of Personal Information about you.

**Although Function generally uses third-party Cookies and analytics services for tracking activity on our websites, our websites implement measures designed not to deploy non strictly necessary Cookies for individuals accessing our services who are located in Connecticut, Nevada, or Washington.

‍

3. How We Use Consumer Health Data

‍

We use the Consumer Health Data we collect about you to provide customer service; provide and maintain our Services; product improvement, development and research; internal business purposes, including general business administration; marketing; and for any purpose consistent with your preferences.

‍

We limit our sharing of your test results with third parties. In order to deliver our product and services to you, it may be necessary for us to provide certain information to our Lab and Provider Partners. We do so when such recipients agree to limitations regarding the use of your personal information.

‍

4. To Whom We Disclose Consumer Health Data

We may “share” (as applicable law defines that term) Consumer Health Data with your consent or as we determine necessary to complete your transactions, provide the services you have requested or authorized, or as otherwise permitted or required by applicable law. For example, at your request, we may share Consumer Health Data, such as your Lab Results, with your general practitioner, your specialist, or your provider’s health system.

‍

Under certain circumstances, we may be required to disclose your Consumer Health Data if required to do so by law, in response to valid requests by public authorities, and/or in response to a threat of harm involving an individual’s health and/or safety.

‍

Notwithstanding anything herein to the contrary, we may transfer and assign all right, title, interest, and obligations in and or your Consumer Health Data in connection with an actual or potential merger, acquisition, sale of all or substantially all of our assets with respect to our company or the business unit therein that primarily utilizes your Consumer Health Data, reincorporation, consolidation, reorganization, and/or any other change of control or corporate transaction.

‍

5. Consumer Health Data Privacy Rights

a. Your Rights as a Resident of Nevada, Washington, or Connecticut

‍

Nevada and Washington residents have the following rights in relation to your Consumer Health Data, subject to certain exceptions:

‍

• Right to know. You have the right to know what Consumer Health Data we collect, share, or sell, as those terms are defined under applicable law. You also have the right to obtain a list of all third parties and affiliates with whom we have shared or sold your Consumer Health Data, and an active email address or other mechanism that you may use to contact these third parties. If you are a Washington resident or otherwise subject to Washington law, you also have the right to access your Consumer Health Data that we collect, share, or sell.

• Right to withdraw consent. You have the right to withdraw consent from the future collection or sharing of your Consumer Health Data to the extent we rely upon such consent.

• Right to delete. You have the right to request that we, as well as our service providers and contractors, delete the Consumer Health Data that we collect about you.

• Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.

‍

Connecticut residents have the following rights in relation to your Consumer Health Data, subject to certain exceptions:

‍

• Right to know and access. You have the right to know what Consumer Health Data we collect, use, disclose, and/or sell or share as those terms are defined under applicable law. You may ask us to provide you a portable copy of this information up to two times in a rolling twelve-month period.

• Right to delete and erase. You have the right to request under certain circumstances that we, as well as our service providers and contractors, delete the Consumer Health Data that we collect about you.

• Right to correct inaccurate Consumer Health Data. You have the right to request the correction of inaccurate Consumer Health Data.

• Right to non-discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.

• Right to opt out. You have the right to opt-out of targeted advertising, the sale of your personal data, and profiling decisions that could produce legal or similarly significant effects concerning the consumer.

• Rights concerning sensitive personal data. If you are a Connecticut resident, we cannot process your Consumer Health Data, or use your Consumer Health Data for certain purposes without your affirmative consent.

‍

‍b. Exercising Your Rights as a Resident of Nevada, Washington or Connecticut

‍

Please use the following information to exercise your rights. Please note that any request you submit to us is subject to an identification and residency verification process as permitted under applicable law, as well as certain other procedural requirements that may be noted in the sections below. Additionally, all requests are subject to certain exceptions under applicable law, which may vary. If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in other language, you may access your privacy rights by emailing us at legal@functionhealth.com.

‍

We do not charge a fee to process or respond to your verifiable consumer request unless its excessive, repetitive, manifestly unfounded, or in accordance with applicable law. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

‍

Depending on applicable law, you may be limited in how many verifiable or authenticated consumer requests you make within a twelve (12) month period. If we have inadvertently collected information on your minor child, you may exercise the above rights on behalf of your minor child. Additionally, in some jurisdictions, you may designate an authorized agent to submit a request on your behalf, and if so, we may require proof of the agent’s authorization by you and/or verification of the agent’s own identity. Generally, a rights request must include:

‍

Sufficient information that allows us to reasonably verify you are the person about whom we collected Consumer Health Data or an authorized representative, which must include, at a minimum, your first and last name and email address.

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request.

‍

We cannot respond to your request or provide you with Consumer Health Data if we cannot verify or authenticate your identity or authority to make the request and confirm that the Consumer Health Data relates to you. We will only use Consumer Health Data provided in a verifiable or authenticated consumer request to verify your (or your authorized agent’s as applicable) identity or authority to make the request.

‍

You are not required to create an account with us to submit a verifiable or authenticated consumer request. However, we do consider requests made through your password protected account sufficiently verified when the request relates to Consumer Health Data associated with that specific account. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.

‍

We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please contact legal@functionhealth.com. Except where otherwise noted, we will respond to your request within forty-five (45) days after receipt and we reserve the right to extend the response time by an additional forty-five (45) days when reasonably necessary and provided consumer notification of the extension is made within the first forty-five (45) days. As described below, in some jurisdictions, an authorized agent may submit a request to exercise your rights on your behalf.

‍

How to submit a request. To exercise any of the rights described in this Privacy Policy, please send your request(s) using one of the following methods:

• Emailing us at legal@functionhealth.com.

• Visiting the contact page at our Site at https://www.functionhealth.com/contact.

• Calling us at (512) 814-6593.

‍

How to appeal decisions about your rights.

‍

• Connecticut. If you are a Connecticut resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Connecticut’s Office of the Attorney General by phone at (860) 808-5420 or by submitting a form here.

• Nevada. If you are a Nevada resident or located in Nevada and want to appeal our decision with regard to a request that you have made, please Contact Us. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Nevada’s Office of the Attorney General by phone at (702)486-3132 or by submitting a form here.

• Washington. If you are a Washington resident or located in Washington and want to appeal our decision with regard to a request that you have made, please Contact Us. Within forty-five (45)days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Washington’s Office of the Attorney General by phone at (800) 551-4636 or by submitting a form here.

‍

6. Changes to This Policy

We may update our Policy from time to time. We will notify you of any changes by posting the new Policy on this page or other appropriate means. Any modifications to this Privacy Policy will be effective upon our posting the modified version (or as otherwise indicated at the time of posting). We recommend reviewing Policy periodically for any changes. Your use of the Service after the effective date of any modified Policy indicates your acknowledging that the modified Policy applies to your interactions with the Service and our business.

‍

7. Contact Us

Please contact legal@functionhealth.com if you have any questions about this Policy, or if anything in here does not make sense or seem right to you. We are always open to feedback around our privacy policies and practices. Because email communications are not always secure, please do not include any sensitive information in your email to us. You can also write to us at: 600 Congress Ave, 14th Floor, Austin, TX 78701.