‍

FUNCTION HEALTH: CONSUMER HEALTH DATA PRIVACY POLICY
Effective Date: June 25, 2024

This Consumer Health Data Privacy Policy (“Policy”)applies only to residents of the states of Connecticut, Nevada, and Washington.

This Policy providesinformation about how Function collects, stores, and uses your Consumer HealthData arising out of and/or relating to you and/or your use of our Services –which include your use of the Site and any other technologies, features, mobileapplications, and content we offer Withoutlimitation, this Policy applies to Connecticut, Nevada, or Washingtonresidents about whom we collect Consumer Health Data and is intended to providenotices in compliance with the Connecticut Data Privacy Act (“CTDPA”), NevadaSB 370, and Washington’s My Health, My Data Act (“MHMD”).

We encourage you to review our Privacy Policy to learn more about Function’s privacy practices and our commitments to you. This Policy is hereby incorporated by reference into our Privacy Policy by reference in its entirety, as though therein completed stated – and any capitalized terms therein appearing have the same meaning herein unless otherwise herein noted.

While Function is not a health care provider, and is not a covered entity under HIPAA, in some cases it may be a “business associate” to covered entities under HIPAA, and as such we may have certain federal, state and contractual restrictions on how we can use your health or medical information (collectively, your “Protected Health Information” or“PHI”). With respect to any PHI that we receive from covered entities, Function will comply with its obligations under HIPAA as a business associate. This Policy does not intend to include information about how we handle HIPAA-regulated personal health information (“PHI”) and we encourage you to review the privacy policies and notices of privacy practices of your health care provider or other covered entity with which we may partner.

This Policy does not apply to third-party websites, products, or services, even if they may link to our Sites or our Sites may link to them. We recommend you review the privacy practices of those third parties before connecting and/or accessing third party websites and sharing any PersonalInformation.

1. Consumer Health Data We Collect

For purposes of this Policy,“Personal Information” means information that identifies or is reasonably capable of being associated or linked, directly or indirectly, with an individual in Connecticut, Nevada, and Washington. Personal information does not include de-identified data or publicly available information. “Consumer Health Data” means PersonalInformation that is linked or reasonably linkable to an individual and that identifies the individual’s past, present, or future health status or mental health status, as may be applicable.

OurServices involve the collection of Lab Results and Self-Reported Information, as well as Consumer Health Data gathered via Cookies. Accordingly, we may collect, or have collected, the following categories of Consumer Health Data about you:

·       Individual health treatments, conditions, or diseases

·       Social, psychological, behavioral, or medical interventions

·       Health-related surgeries or procedures

·       Use or purchase of prescribed medication

·       Diagnosis or diagnostic testing, treatment, or medication

·       Gender affirming careinformation

·       Reproductive or sexual health information

·       Genetic data

·       Bodily functions

·       Vital signs, symptoms, or measurements of the above categories

·       Precise location information that could reasonably indicate your attempt to acquire or receive health services or supplies

·       Data that identifies you seeking health care services

·       Any information that we or our service providers process to associate or identify you with the above information that is derived from non-health information (such as inferred data).

We may create aggregated, de-identified, or anonymous information from Consumer Health Data by removing certain data components (such as your name, email address, or linkable tracking ID) that makes the data identifiable, or through aggregation, obfuscation or other means. For example, we may de-identify any information and data provided and/or generated in connection with your use of our Services (including without limitation your Lab Results and Self-Reported Information, as those terms are defined below), in compliance with applicable law. Subject to applicable law, our use of such aggregated, de-identified, or anonymized information is not Personal Information or subject to this Policy. 

2. Categories of Sources of Consumer Health Data

We may collect Consumer Health Data from the following categories of sources:

·       Directly from you through your interactions with us, such as when you use the Sites or Services, create an account with us, complete electronic forms, upload medical records to our Site or Services, link a wearable and/or Internet of Things device to our Sites orService, or otherwise contact us via chat, email, phone, or text (altogether “Self-ReportedInformation”).

·       From third party healthcare services providers, laboratory services providers, and other providers of medical and medical-adjacent services, (our “Lab and Provider Partners”), with your permission and in accordance with applicable law and the context in which you provided the data.

·       From other third parties, such as our business partners and affiliates.

**AlthoughFunction generally uses Cookies and analytics services for tracking activity on and gauging the effectiveness of our websites, as well as for third-party advertising purposes, our websites implement measures to help ensure that we do not use Cookies for individuals accessing our services from Connecticut, Nevada, or Washington.

3.How We Use Consumer Health Data

We use the Consumer Health Data we collect about you to provide customer service; provide and maintain our Services; market our products and Services; market the products and services of others; internal business purposes, including general business administration; and for any purpose consistent with your preferences.

4. To Whom We DiscloseConsumer Health Data

For residents of Connecticut, Nevada, and Washington, we will only disclose ConsumerHealth Data with your express affirmative consent. For example, at your request, we may share Consumer Health Data, such as your Lab Results, with your general practitioner, your specialist, or your provider’s health system. Our websites implement measures to help ensure that we do not share the Consumer Health Data on individuals accessing our services fromConnecticut, Nevada, or Washington with third-party platform providers who assist us in serving advertising.

Under certain circumstances, we may be required to disclose your Consumer Health Data if required to do so by law, in response to valid requests by public authorities, and/or in response to a threat of harm involving an individual’s health and/or safety.

Under no circumstances shall we disclose your Consumer Health Data for monetary value.

Notwithstanding anything herein to the contrary, we may transfer and assign all right, title, interest, and obligations in and or your Consumer Health Data in connection with a merger, acquisition, sale of all or substantially all of our assets with respect to our company or the business unit therein that primarily utilizes your Consumer Health Data, reincorporation, consolidation, reorganization, and/or any other change of control

5.Consumer Health Data Privacy Rights

a.    Your Rights as a Resident of Nevada, Washington, orConnecticut

Nevada and Washington residents have the following rights in relation to your ConsumerHealth Data, subject to certain exceptions:

·       Right to know. You have the right to know what Consumer Health Data we collect, share, or sell, as those terms are defined under applicable law. You also have the right to obtain alist of all third parties and affiliates with whom we have shared or sold your ConsumerHealth Data, and an active email address or other mechanism that you may use tocontact these third parties. If you are a Washington resident or otherwisesubject to Washington law, you also have the right to access your ConsumerHealth Data that we collect, share, or sell.

·      Right to withdraw consent. You have the right to withdrawconsent from the collection and sharing of your Consumer Health Data.

·      Right To delete. You have the right to request that we, as wellas our service providers and contractors, delete the Consumer Health Data thatwe collect about you.

·      Right to non-discrimination. You have the right notto receive discriminatory treatment for the exercise of the privacy rightsdescribed above.

Connecticut residents have the following rights in relation to your ConsumerHealth Data, subject to certain exceptions:

●     Right toknow and access. You have the right to know what Consumer Health Data we collect,use, disclose, and/or sell or share as those terms are defined under applicablelaw. You may ask us to provide you a portable copy of this information up totwo times in a rolling twelve-month period.

●     Right todelete and erase. You have the right to request under certain circumstances thatwe, as well as our service providers and contractors, delete the ConsumerHealth Data that we collect about you.

●     Right tocorrect inaccurate Consumer Health Data. You have the right to request thecorrection of inaccurate Consumer Health Data.

●     Right tonon-discrimination. You have the right not to receive discriminatory treatment forthe exercise of the privacy rights described above.

●     Right toopt out. You have the right to opt-out of targeted advertising, the sale ofyour personal data, and profiling decisions that could produce legal orsimilarly significant effects concerning the consumer.

●     Rightsconcerning sensitive personal data. If you are a Connecticut resident,we cannot process your Consumer Health Data, or use your Consumer Health Datafor certain purposes without your affirmative consent.

b.    Exercising Your Rights as a Resident of Nevada, Washington or Connecticut

Please use the following information to exercise your rights. Please note that any request you submit to us is subject to an identification and residency verification process as permitted under applicable law, as well as certain other procedural requirements that may be noted in the sections below.Additionally, all requests are subject to certain exceptions under applicable law, which may vary. If you are a visually-impaired customer, a customer who has another disability or a customer who seeks support in other language, you may access your privacy rights by emailing us at legal@functionhealth.com.

We do not charge a fee to process or respond to your verifiable consumer request unless its excessive, repetitive, manifestly unfounded, or in accordance with applicable law.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Depending on applicable law, you may be limited in how many verifiable or authenticated consumer requests you make within a twelve (12) month period. If we have inadvertently collected information on your minor child, you may exercise the above rights on behalf of your minor child. Additionally, in some jurisdictions, you may designate an authorized agent to submit a request on your behalf, and if so, we may require proof of the agent’s authorization by you and/or verification of the agent’s own identity. Generally, a rights request must include:

• Sufficient information that allows us to reasonably verify you are the person about whom we collected Consumer Health Data or an authorized representative, which must include, at a minimum, your first and last name and email address.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to the request.

We cannot respond to your request or provide you with Consumer Health Data if we cannot verify or authenticate your identity or authority to make the request and confirm that the Consumer Health Data relates to you. We will only use ConsumerHealth Data provided in a verifiable or authenticated consumer request to verify your (or your authorized agent’s as applicable) identity or authority to make the request.

You are not required to create an account with us to submit a verifiable orauthenticated consumer request. However, we do consider requests madethrough your password protected account sufficiently verified when the requestrelates to Consumer Health Data associated with that specific account. Ifyou have an account with us, we will deliver our written response to thataccount. If you do not have an accountwith us, we will deliver our written response by mail or electronically, atyour option.

We will confirm receipt ofyour request within ten (10) business days. If you do not receive confirmationwithin the 10-day timeframe, please contact legal@functionhealth.com. Except whereotherwise noted, we will respond to your request within forty-five (45) daysafter receipt and we reserve the right to extend the response time by anadditional forty-five (45) days when reasonably necessary and provided consumernotification of the extension is made within the first forty-five (45) days. As described below, in some jurisdictions, an authorized agent may submit a request to exercise your rights on your behalf.

How to submit a request.To exercise any of the rights described in this Privacy Policy, please send your request(s) using one of the following methods:

·       Emailing us at legal@functionhealth.com.

·      Visiting the contact page at our Site at https://www.functionhealth.com/contact.

·       Calling us at (737) 259-6190.

How to appeal decisions about your rights.

·       Connecticut. If you are a Connecticut resident and want to appeal our decision with regard to a request that you have made, please Contact Us. Within sixty (60) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Connecticut’s Office of the Attorney General by phone at (860) 808-5420 or by submitting a form here.

·       Nevada. If you are a Nevada resident or located in Nevada and want to appeal our decision with regard to a request that you have made, please Contact Us. Within forty-five (45) days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Nevada’s Office of the Attorney General by phone at (702)486-3132 or by submitting a form here.

·       Washington. If you are a Washington resident or located in Washington and want to appeal our decision with regard to a request that you have made, please Contact Us. Within forty-five (45)days of receipt of an appeal, we will inform you in writing of any action taken or not taken, including an explanation of our reasons in reaching the decision. If the appeal is denied, you may contact Washington’s Office of the AttorneyGeneral by phone at (800) 551-4636 or by submitting a form here.

7.Changes to This Policy

Wemay update our Policy from time to time. We will notify you of any changes byposting the new Policy on this page. We will also let you know via email and/ora prominent notice on our Site, prior to the change becoming effective andupdate “effective date” at the top of this Policy. We recommend reviewing Policyperiodically for any changes. Changes to this Policy are effective when theyare posted on this page.

8. Contact Us

Please contact legal@functionhealth.com if you have any questions about this Policy, or if anything in here does not make sense or seem right to you. We are always open to feedback around our privacy policies and practices. Because email communications are not always secure, please do not include any sensitive information in your email to us. You can also write to us at: 600 Congress Ave, Floor 14, Austin, TX 78701.