Privacy Policy

Ribbon Health, Inc. (“Ribbon Health,” “we,” or “us”) respects the privacy of our users. This Ribbon Health Privacy Policy (“Policy”) describes how we collect, use, and disclose information in connection with our website, any of our mobile applications, and the online services provided through us (collectively, the “Services”). By visiting our Services and/or using the features made available to you on the Services, you are agreeing to the terms of this Policy.

Personal and Other Information We Collect

We collect both Personal Information and Other Information about users in connection with the Services. For purposes of this Policy, “Personal Information” is information that we can directly associate with a specific person without additional information, such as a name or email address. “Other Information” is any information that is not Personal Information. We may combine Personal Information with Other Information, in which case we will treat the combined information as Personal Information.

We may collect and process the following types of Personal Information from or about you in connection with the Services, including: your name and email address in order to register for the Services. You may also provide us with a username and password, your home and work mailing addresses, phone number and demographic information including birthdate, gender, height, weight, ethnicity, nutrition and fitness, any medical history you would like stored in your Profile, and information about symptoms and conditions of interest to you or for which you search.

With your permission, we will also collect health claims data from your insurer.

When we receive individually identifiable health information from insurers, our handling of that information may be subject to the Notice of Privacy Practices provided by your health insurance plan, which may further restrict how we collect, use and share individually identifiable health information.

We may also collect Other Information automatically through the Services. This may include information such as your IP address and domain name, your Internet service provider, the date and time of your visit, your use of the Services during your current session and over time (including the pages you view and the files you download), the URLs from the websites you visit before and after navigating to the Services, your computer’s operating system and browser type, your software and hardware attributes (including device IDs), and your general geographic location (e.g., your city, state, or metropolitan region).

We also may combine Personal Information or Other Information that we have about you with additional information that we or third parties collect in other contexts—such as our communications with you via email or phone, or your customer service records. In those circumstances, we will treat the combined information in accordance with this Policy.

Cookies and Similar Technologies

We may collect information using the following technologies:

Server Logs

When you use the Services, we automatically receive and record certain information from your computer (or other device) and your browser. To obtain such information, we may use server logs or applications that recognize your computer or other devices and gather information about its online activity.

Cookies

We use cookies to provide the Services. Cookies are small files that are stored on your computer by your web browser. A cookie allows the Services to recognize whether you have visited before and may store user preferences and Other Information. If you do not want cookies on your computer or device, you can set your browser to refuse all cookies or to indicate when a cookie is being set, allowing you to decide whether to accept it. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to refuse some or all cookies, or to delete existing cookies from your computer or device. Please note that, if you choose to block or delete cookies, certain features of the Services may not operate correctly.

Web Beacons

The Services or the emails that you receive from us may use an application known as a “web beacon” (also known as a “clear gif” or “pixel tag”). A web beacon is an electronic file that usually consists of a single-pixel image. It can be embedded in a web page or in an email to transmit information, which could include Personal Information. For example, it allows an email sender to determine whether a user has opened a particular email.

We may partner with certain third parties to collect, analyze, and use some of the Personal and Other Information described above. For example, we may allow third parties to set cookies or use pixel tags on the Services or in email communications from Ribbon Health. This information may be used for a variety of purposes, including analytics and targeted advertising, as described below under “How We Share Your Information With Third Parties.”

How We Use The Information We Collect

We may use Personal and Other Information we collect for a variety of purposes. If we have personal information about you, we may use it, for example: to respond to your questions or requests concerning the Services offered by us or our partners; to assist you in locating a doctor or other healthcare provider; to fulfill your requests for our services or otherwise complete a transaction or search that you initiate; to send you information about our services and other topics that are likely to be of interest to you, including newsletters, updates, or other communications; to deliver confirmations, account information, notifications, and similar operational communications; to improve your user experience and the quality of our Services; to comply with legal and/or regulatory requirements; and to manage our business.

We may use the Other Information that we collect for such purposes as: counting and recognizing visitors to the website; analyzing how visitors use the Services and various features of the Services; improving the Services and enhancing users’ experiences with the Services; creating new products and services or improving our existing products and services; enabling additional website analytics and research concerning the Services; and managing our business. Ribbon Health may link Other Information gathered using cookies and web beacons with Personal Information; we will treat the combined information as Personal Information.

We may use your contact information to contact you about the Services or, if you opt-in, other things we think may interest you. You can opt-out of receiving direct marketing communications by following the steps described in the “Your Choices” section below.

How We Share Your Information With Third Parties

Ribbon Health may share Personal and Other Information with third parties for a variety of purposes, as described below.

Third-party Service Providers and Business Partners

We hire other companies to perform certain business-related functions discussed above in the section entitled “How We Use the Information We Collect.” Examples include mailing information, maintaining databases, and fulfilling your requests. When we employ another company to perform a function of this nature, we may need to provide them with access to certain Personal Information or Other Information. These third-party service providers may use information received in the course of providing services to us only for the specific purposes for which such information was disclosed.

Legal Purposes

We may use or share your Personal or Other Information with third parties when we believe, in our sole discretion, that doing so is necessary:

• to comply with applicable law or a court order, subpoena, request from government or law enforcement, or other legal process;

• to investigate, prevent, or take action regarding illegal activities, suspected fraud, violations of our terms of service, or situations involving threats to our property or the property or physical safety of any person or third party;

• to establish, protect, or exercise our legal rights or defend against legal claims; or

• to facilitate the financing, securitization, insuring, merger, acquisition, sale, assignment, bankruptcy, or other disposal of all or part of our business or assets.

De-identified or Aggregated Information

Ribbon Health also may share de-identified and aggregated information about users with third parties.

Third-Party Analytics and Targeted Advertising

Analytics. We may partner with certain third parties to collect the Other Information discussed above and to engage in analytics, auditing, research, and reporting. These third parties may use web logs or pixel tags, and they may set and access cookies on your computer or other device. In particular, the Services use Google Analytics to help collect and analyze certain information for the purposes discussed above. You may opt out of the use of cookies by Google Analytics here.

Targeted Advertising. The Services also may enable third-party tracking mechanisms to collect Other Information over time and across unaffiliated websites for use in online behavioral advertising. For example, third parties may use the fact that you visited the Services to target online ads for Ribbon Health Services to you on non-Ribbon Health websites. In addition, our third-party advertising partners might use information about your use of the Services to help target non-Ribbon Health advertisements based on your online behavior in general. For information about behavioral advertising practices, including privacy and confidentiality, visit the Network Advertising Initiative website or the Digital Advertising Alliance website.

The use of online tracking mechanisms by third parties is subject to those third parties’ own privacy policies, and not this Policy. If you prefer to prevent third parties from setting and accessing cookies on your computer or device, you may set your browser to block cookies. Additionally, you may remove yourself from the targeted advertising of companies within the Network Advertising Initiative by opting out here , or of companies participating in the Digital Advertising Alliance program by opting out here. Please note that the opt-out will apply only to the specific browser or device from which you opt out, and therefore you will need to opt out separately on all of your browsers and devices. If you delete or reset your cookies or mobile identifiers, change browsers, or use a different device, any opt-out cookie or tool may no longer work and you will have to opt out again.

Like many other online services, the Services do not respond to “do not track” browser headers.

Your Choices

If you no longer wish to receive marketing communications from Ribbon Health, please email us at privacy@ribbonhealth.com or follow the “unsubscribe” instructions that are included at the bottom of each message. We may still send you certain communications relating to the Services you use, such as service announcements and administrative messages.

Reviewing, Updating, and Deleting Your Personal Information

You have the right and ability to edit your Ribbon Health account information on our Services at any time by logging into your account and accessing your Profile. You may access, amend, and/or request deletion of certain information to the extent permitted under applicable law. To make such requests and/or inquire about such rights, please send us an email at privacy@ribbonhealth.com. For your protection, we may only implement requests with respect to the information associated with the particular email address you use to send us your request, and we may need to verify your identity before implementing your request. We will attempt to comply with any reasonable requests for accessing, amending, or deleting your information.

Security

Ribbon Health uses commercially reasonable physical, electronic, and procedural safeguards to protect your information against loss or unauthorized access, use, modification, or deletion. However, no security program is 100% secure, and thus we cannot guarantee the absolute security of your Personal or Other Information.

Third Party Sites

The Services may contain links to and from the websites or apps of other third parties. If you follow a link to any of these websites or apps, please note that these websites and apps, and any services that may be accessible through them, have their own privacy policies. A link to any third party site does not imply that we endorse or accept any responsibility for the content or use of such site. We encourage our users to be aware when they leave the Services and to read the privacy policies applicable to such third-party websites and apps. This Privacy Policy applies solely to information collected in connection with the Services.

Children’s Privacy

Our Services are not designed or intended for use by children under the age of 13, and Ribbon Health does not knowingly collect Personal or Other Information from any individual who is under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to us, please contact us at privacy@ribbonhealth.com, and we will endeavor to delete that information from our databases.

Information for Users Outside the United States

The Personal and Other information that we collect about you is controlled by Ribbon Health, Inc., which is headquartered in the United States at Ribbon Health, Inc., 188 Grand Street, New York, NY 10013. The Personal and Other Information that we collect through or in connection with the Services is transferred to and processed in the United States for the purposes described above. Ribbon Health also may subcontract the processing of your data to, or otherwise share your data with, affiliates or third parties in the United States or countries other than your country of residence. The data-protection laws in these countries may be different from, and less stringent than, those in your country of residence. By accepting this Policy, using the Services, or providing information to us, you expressly consent to such transfer and processing.

Changes to this Policy

Ribbon Health may change the Services in the future and as a consequence will need to revise this Policy to reflect those changes. We will post any revised Privacy Policy on our website with an “effective date” indicating when the changes will take effect. If we make a material change to the Policy, you will be provided with appropriate notice. If we maintain your email address, we also may email you a copy of the revised Policy at your most recently provided email address. It is important that you update your email address if it changes.

Questions or Comments

If you have any questions or comments regarding our privacy practices or this Privacy Policy, please send us an email at privacy@ribbonhealth.com or contact us by mail at: Ribbon Health, Inc., 188 Grand Street, New York, NY 10013

Effective: January 30, 2017