LAST UPDATED: December 2, 2020

Healthy.io (US), Inc. (together with its affiliates, “Healthy.io”) is a medical technology company that leverages smartphones and cloud services to help healthcare professionals improve patient care.

This Privacy Policy describes how Healthy.io collects, uses, or discloses personal information we receive through our website portal, mobile app and any related online services for the wound assessment and monitoring tool and services that we provide (as used herein, the “Services”). This policy also describes your choices about the collection and use of your information.

This Privacy Policy does not apply to other Healthy.io websites or services.

Please read the Privacy Policy carefully before you start to use our Services. By using the Services, you agree to be bound and abide by our posted Terms of Use (“Terms”) and this Privacy Policy. If you do not agree to both our Terms and Privacy Policy, or if you violate them in any way, your right to access or use the Services is terminated.

Please see Sections 9-11 of our Terms regarding your legal rights in any dispute involving our Services.

NOTE TO HEALTHCARE PROFESSIONALS:

IF YOU ARE USING THE SERVICES ON BEHALF OF AN ORGANIZATION THAT HAS ENTERED INTO A CONTRACTUAL RELATIONSHIP WITH US FOR THESE SERVICES, THOSE CONTRACTUAL TERMS WILL GOVERN YOUR USE OF THE SERVICES AND SUPERSEDE THE TERMS AND THIS PRIVACY POLICY IN THE EVENT OF ANY CONFLICT.

NOTE TO PATIENTS:

IF THE SERVICES ARE PROVIDED TO YOU THROUGH A HEALTHCARE PROFESSIONAL ON YOUR BEHALF OR AN ORGANIZATION THAT HAS ENTERED INTO A CONTRACTUAL RELATIONSHIP WITH US FOR THESE SERVICES, THOSE CONTRACTUAL TERMS WILL GOVERN THE SERVICES AND SUPERSEDE THESE TERMS IN THE EVENT OF ANY CONFLICT. THEREFORE, NOTWITHSTANDING ANY OF THE PRIVACY PRACTICES DESCRIBED BELOW (E.G., HOW WE USE OR DISCLOSE INFORMATION), OUR CONTRACTUAL TERMS WITH YOUR HEALTHCARE PROFESSIONAL WILL GENERALLY REQUIRE US TO HANDLE PATIENTS’ PERSONAL INFORMATION PURSUANT TO MORE RESTRICTIVE HEALTHCARE-SPECIFIC LAWS, SUCH AS THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (“HIPAA”), AS APPLICABLE. PLEASE CONTACT YOUR HEALTHCARE PROFESSIONAL IF YOU HAVE ANY QUESTIONS OR CONCERNS.

THE SERVICES ARE INTENDED FOR USE BY QUALIFIED HEALTHCARE PROFESSIONALS AND INFORMATION RECEIVED BY THE PROFESSIONALS IN CONNECTION WITH THE SERVICES MAY ONLY BE USED AS NECESSARY FOR THE PROFESSIONALS’ TREATMENT, PAYMENT, OR HEALTH CARE PURPOSES OR AS OTHERWISE REQUIRED BY LAW, TO THE EXTENT PERMITTED BY APPLICABLE LAWS AND OTHER AGREEMENTS APPLICABLE TO THE INFORMATION. THE SERVICES DO NOT CONSTITUTE MEDICAL ADVICE OR DIAGNOSIS, AND THEY DO NOT SERVE AS A SUBSTITUTE FOR THE PROFESSIONAL ADVICE OF A QUALIFIED HEALTHCARE PROFESSIONAL.

1. How We Collect Information

We may collect information about you by various means, including: o Directly from you (or your organization), both online and offline o Through our Services o By combining information from different sources

2. Types of Information We Collect

In order to better provide you with our Services, we may collect the following categories of information: o Contact information, such as your name, mailing address, e-mail address, phone number, professional title and organization (particularly for healthcare practitioners), interest in our products, and preferences such as when to receive our communications o User submitted content, such as photos and information your affirmatively submit through the Services (e.g., patient ID, name, wound observations, wound images, and other relevant background or health information) o Survey information in response to questions we may send you through the Services, such as for research or feedback purposes o Communications between you and us, such as via e-mail, mail, phone or other channels o Offline activity you engage in with us o Online User Activity described in the next section

If you provide us with information regarding another individual, you represent that you have that person’s authorization and consent to give us his or her information and to permit us to use the information in accordance with this policy.

3. Online User Activity, Cookies and Information Collected by Other Automated Means

Cookies are a commonly-used web technology that allow websites to store and retrieve certain information on a user’s system, and track users’ online activities. We and our service providers may collect information about your use of our Services by such automated means, including but not limited to cookies, pixels, SDKs and other similar technologies.

Cookies and similar technologies can help us automatically identify you when you return to our website or app. Cookies help us review website traffic patterns and improve the website, determine what Services are popular. We can also use such information to deliver customized content and advertising to users of the Services whose behavior indicates that they are interested in a particular subject area.

When you use the Services, the information we may collect by automated means includes, for example:· Access or attempt to access any of our systems, programs or data that are not made available for public use, or attempt to bypass any registration processes on the Service or any of the Service's security and traffic management devices

o Usage Details about your interaction with our Services (such as the date, time, and length of visits, and specific pages or content accessed during the visits, search terms, frequency of the visits, referring website addresses) o Device Information including the IP address and other details of a device that you use to connect with our Services (such as country, network type, device type and model, operating system information, browser type, battery level and screen size) o Location information where you choose to provide the website or app with access to real-time information about your device’s location

If a user does not want information collected through the use of cookies, most browsers allow the visitor to reject cookies, but if you choose to decline cookies, you may not be able to fully experience the interactive features our Services provide. We may share non-personal information obtained via cookies with our advertisers and affiliates. Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time, but we do not collect information about users’ online activities across third-party websites.

4. How We Use Information We Collect

We may use the information we obtain about you for purposes allowed by applicable laws, including:

o Provide our Services to you (or your organization, as applicable), including to establish and maintain any account you create for our Services o Operate, evaluate and improve the products and services we offer and to diagnose or fix technology problems o Monitor the performance of our Services including metrics such as total number of visitors, traffic, and demographic patterns o Comply with and enforce as needed applicable legal requirements, industry standards, our policies and our contractual rights o Inform you about changes to this Privacy Policy and our Terms of Use and other policies (which will apply to all information we hold at that time) o Respond to your requests, questions and comments and provide customer support

We may also use or share information in an anonymized or aggregate manner for many purposes such as research, analysis, modeling, marketing, and advertising, as well as improvement of our Services.

5. How We Share Your Information

We will not disclose your personal information to third parties without your consent, except in the following circumstances:

o We may share your information as permitted by law, including, for example, with service providers that we believe need the information to perform a technology, business, or other professional function for us (examples include IT services, maintenance and hosting of our Services and other vendors). We only provide such vendors with information so they can perform their required functions on our behalf o We also may disclose information about you (i) if we are required to do so by law or legal process, (ii) when we believe disclosure is necessary to prevent harm or financial loss, (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity; or (iv) under exigent circumstances to protect the personal safety of our staff, users or the public o We reserve the right to transfer the information we maintain in the event we sell or transfer all or a portion of our organization or assets. If we engage in such a sale or transfer, we will make reasonable efforts to direct the recipient to use your personal information in a manner that is consistent with this Privacy Policy o Unless prohibited by applicable law or other contractual terms governing your use of the Services, we may, from time to time, contact you on behalf of external partners about a particular offering that may be of interest to you. In those cases, your information (e.g., e-mail, name, address, telephone number) is not transferred to the third party

Where appropriate, we will limit sharing of your information in accordance with the choices you have provided us and applicable law.

6. Your Privacy Choices

We offer you certain choices about what information we collect from you, how we use and disclose the information, and how we communicate with you.

o Cookies: Web browsers may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our websites and mobile apps may not function correctly o User Account: You may terminate your user account by contacting us as provided below. We may retain any account information for internal purposes or as otherwise provided in this Privacy Policy and our Terms of Use

7. Links to Other Websites and Third Party Content

Our Services may contain links to other websites or apps. This can include social media integrations. Please be aware that we are not responsible for the content or privacy practices of such other websites or apps, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or app that collects personal information.

8. How We Protect Information

We endeavor to maintain reasonable administrative, technical and physical safeguards designed to protect the personal information we maintain against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. However, we cannot ensure the security of any information you transmit to us, or guarantee that this information will not be accessed, disclosed, altered, or destroyed. We will make any legally required disclosures in the event of any compromise of personal information. To the extent the law allows us to provide such notification via e-mail or conspicuous posting on the Services, you agree to accept notice in that form.

9. Children

We do not knowingly collect personal data from children under the age of 13 on our Services. If you have reason to believe that a child under the age of 13 has provided personal information to us through our Services, please contact us, and we will endeavor to delete that information from our systems. In the event that we learn that we have collected personal information from a child under age 13 without parental consent, we will endeavor to delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as directed below.

10. European Residents

Our Services provided in the United States are not intended to subject us to the laws or jurisdiction of any state, country or territory other than those of the United States, as provided in our Terms. With respect to Services that are subject to the laws of the European Union or European Economic Area (together with the United Kingdom and Switzerland for purposes herein, the “EU”), we provide as follows:

o For the purposes of the Data Protection Act (2018) and the European General Data Protection Regulation (2016) Healthy.io is a Data Processor, and the healthcare provider who delivers the Services to the patient is the Data Controller. These roles have different responsibilities under applicable data protection laws o The Data Controller is responsible for determining the purposes and means of the processing of personal data. The Data Controller is required to inform the Data Subjects (e.g., patients) about the data processing, ensure it is secure, prevent any unlawful access, modification, loss or destruction to your data and allow data subjects the opportunity to exercise their rights and freedoms afforded by data protection law o As a Data Processor, Healthy.io processes such personal data under the terms of a contract between us and the Data Controller. This is to ensure that any personal data is processed lawfully and securely. This defines the purpose, duration and nature of processing, the type of data, categories of recipient and the plan for returning and/or destroying personal data at the end of the contract. Healthy.io cannot operate outside of this contract with respect to the personal data within its scope, and must follow the instruction of that healthcare provider o If you have any concerns with how data is being used under EU law as described in this section, you can contact us by email at [email protected]. You may also contact the Information Commissioner’s Office (ICO), who oversees data protection in the UK. For more information in that regard, you can visit the ICO website

11. Updates to Our Privacy Policy

We may revise or update this Privacy Policy at any time. We will post the updated version on our Services, and may notify you of any significant changes to our Privacy Policy. We will indicate on our Privacy Policy when it was most recently updated. Your continued use of our Services after such updates will constitute an acknowledgment of the change and agreement to abide and be bound by the updated Privacy Policy.

12. Contacting Us

If you have any questions, concerns or comments about this Privacy Policy, our privacy practices, or if you would like us to update information or preferences you provided to us, please contact us at [email protected].

Copyright © 2020, Healthy.io LTD. All rights reserved.