EEA PRIVACY NOTICE


1. About Preventice
2. About this Privacy Notice
3. How we use your Personal Information
4. Legal basis for data collection and use
5. Disclosure of your Personal Information
6. Your European Privacy Rights
7. Data Protection Officer
8. Children’s Data Protection
9. Retention periods
10. International Transfers of Personal Data
11. Changes to This Privacy Notice
12. Other Websites
13. Contact Information
14. Complaints


1. ABOUT PREVENTICE


Preventice Solutions, Inc., is a United States-based corporation focused on mobile health solutions and remote monitoring services that connect healthcare
providers and patients threatened by cardiac arrhythmias.
Our tech-enabled, service-based approach utilizes our cloud-based infrastructure, data analytics and machine learning capabilities to facilitate the clinical
decision-making of treating providers. We listen closely to the needs of our customers to create revolutionary remote care technologies and services that
connect patients and providers in a way that redefines healthcare – and works without interruption to daily life. We operate in four states, and our
subsidiaries include Preventice Services, LLC, and Preventice Technologies, Inc. (collectively, “Preventice”).


Preventice complies with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection,
use, and retention of personal information transferred from the European Union, Switzerland and the United Kingdom to the United States. Preventice has
certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and
the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification,
please visit https://www.privacyshield.gov/.


2. ABOUT THIS PRIVACY NOTICE


At Preventice, your privacy is important to us. We process personal data in different contexts, and we do so by fully respecting your privacy rights.


This website is intended for patients and healthcare providers and is operated by Preventice who is considered the processor of the information collected
through our technology, devices and monitoring services.


This privacy notice applies to information collected by Preventice through our website, our monitors and portals, or in the course of our business activities;
including all personal data in any format or medium, relating to all healthcare providers, patients, vendors and others who do business with Preventice.
Preventice reserves the right to change the terms of this notice and to make new notice provisions effective for all personal data that it maintains. Changes
to this notice will be available by accessing our website www.preventicesolutions.com or by contacting us and requesting that a revised copy be mailed to
you.


3. HOW WE USE YOUR PERSONAL INFORMATION


Personal data is information that relates to an identified or identifiable individual. The basis for the use of personal data is dependent on the context of
your interactions with Preventice.


If you reside or otherwise find yourself in the territory of European Economic Area (EEA), Switzerland or the United Kingdom, Preventice is committed to
facilitate the exercise of your rights granted by the applicable European Data Protection law. Otherwise, you can contact us at any time to discuss your
privacy concerns.


Cardiac and health related information. We process patient and study subject information related to arrhythmia monitoring, cardiac event, digital holter,
pacemaker monitoring and ambulatory blood pressure monitoring, such as patient electrocardiogram data, date of birth and/or age, relevant symptoms
and diagnoses, and other related information. This information may also include contact information for the patient or study subject, emergency contact
information, mailing address, information about health insurance and/or other information necessary for Preventice to provide the technology and/or
monitoring services. This information is owned by the data controllers, i.e. the physicians, healthcare practices, hospitals or clinical research controllers.
Website visitors. We collect personal data from visitors of our website. We use the information to process payments if you elect to pay your bill via our
online payment option. We may use the information to ensure quality and a positive customer experience if you elect to submit an online survey. We may
also analyze your usage of our website for business purposes such as improving our products and services, ensuring quality, security and compliance,
and other statistical, historical or scientific purposes. For additional information, please see our Cookie Policy.
Other personal data provided directly by you. We collect your contact details if you request information or submit questions to us, including other personal
data that you decide to share with us.
Business contact information. We collect business contact information from current and potential customers, and from marketing activities and events,
such as names, telephone numbers, email addresses and physical or mailing addresses, in order to provide information regarding our products and
services, facilitate healthcare provider or practice relationship set up and management, deliver monitoring services and supplies, and ensure quality,
security and compliance. We also collect such information from current and potential business partners and vendors to assess and facilitate those
business relationships.
Job applicant and human resources related information. We may collect certain employment-related data if you apply for and/or accept employment with
Preventice, such as a username and password, full name, email address, telephone number, mailing address, driver’s license number, social security
number or other unique personal identifier, emergency contact information, educational and work experience information, certification and licensure
information, resume, language(s), job and salary preferences and expectations, professional references, criminal history, and disability, veteran and
diversity status, Preventice electronic activity information, employment benefit and beneficiary information, financial information, work performance and
training information, and inferences drawn from any of the information above.


4. LEGAL BASIS FOR DATA COLLECTION AND USE


Preventice assigns a legal basis for each data collection and use.


Preventice only collects and uses personal data when there is a fair and legal basis for its collection and use. For instance, when the collection of personal data is to meet our legitimate interests, to comply with legal obligations, for the vital interest of our patients or when we have your authorization.


Consent. In some instances, we may request your consent in order to process your personal data for a specific purpose.
Contract. We may process your personal data if it is necessary for purposes of a contract that we have with you, or in your interest, or because we must
take specific steps prior to entering such a contract.
Legitimate interests. We may process your personal data to conduct our day-to-day business operations, provide cardiac monitoring technologies and
services, facilitate coordination and communication with healthcare providers, process payments and for other business purposes.
Vital interests. We may process your personal data because it is necessary to save or protect an individual’s life.
Compliance with laws and regulations. We may process your personal data because it is necessary to comply with a law or regulation.


5. DISCLOSURE OF YOUR PERSONAL INFORMATION


At times, Preventice engages service providers and other vendors to help us accomplish our business needs. There are other circumstances where we are
required by law to disclose personal data to third parties such as public bodies or judicial authorities.
Except as described in this privacy policy or as otherwise required by law, we will not share your personal data with any other third party unless we have your consent, or you were notified about this practice when we first collected your personal information.


Preventice complies with all laws, rules and regulations applicable to the disclosure of your personal data, including, but not limited to the United Kingdom
National Data Opt-Out. Preventice will only share your personal data on a need-to-know basis, and such access will be limited to the amount of information
necessary to carry out the appropriate purpose:


Data Controllers. We may share your personal data with data controllers such as an ordering or treating healthcare provider, a study sponsor or
investigator, or other appropriate individuals at a hospital, clinic or other such facility participating in your study, diagnosis or care.
Third-Party Business Associates and/or Sub processors. We may share your personal data with third-party business associates and/or sub processors
that perform various activities on behalf of Preventice, such as those that provide services related to report processing, billing, quality, security,
compliance, legal, product development, information technology and other such services.
Insurance companies and other payers. Your personal data may be disclosed to obtain payment for healthcare services provided.
Government agencies, authorities and other regulatory bodies. We may disclose your personal data to a public health, security, intelligence or other such
authority, that is permitted by law to collect or receive the information, for public health oversight, audits, investigations, inspections and related purposes,
national security or intelligence purposes, for certain military and veteran’s activities, to report adverse events, product defects, problems or biologic
product deviations, to track products in order to enable product recalls, to make repairs or replacements, to conduct post-marketing surveillance, or other
such purposes as may be required by applicable law, regulation or guideline.
Emergency Situations. In certain circumstances, where the health or security of an individual may be endangered, we may share your personal data with
an emergency contact, healthcare worker, emergency responder or other such individual.
Funeral Directors and Medical Examiners. We may disclose personal data to funeral directors, medical examiners, coroners and other such parties to carry out these duties consistent with applicable law.
Researchers. We may disclose your personal data to researchers when certain conditions have been met such as when their research has been approved
and established protocols are in place to ensure the privacy and security of your personal data.
To protect our legal rights. We may disclose your personal data in certain circumstances where doing so is necessary to protect our legal rights.
We may share your personal data within the group of companies which may be located outside the European Economic Area. Any transfer of your data will
be subject to ensuring that we safeguard your privacy. For additional information see Section 10 International Transfers of Personal Data.
In connection with the sale or merger of one or more of our brands or a part of our business to a different company, we reserve the right to transfer your
personal information to a new owner, business partner and/or their advisors. In all such cases, however, we will take reasonable steps to help safeguard
your personal information.


6. EUROPEAN RIGHTS


If you reside or otherwise find yourself in the territory of the European Economic Area, Switzerland or the United Kingdom, we are committed to facilitating
the exercise of your rights granted by the data protection laws of these territories. You can also contact us at any time to discuss your privacy concerns.


Right to access, rectification, restriction of processing, erasure, and data portability. We provide you with access to your own personal data. We may
charge a reasonable fee for the administrative costs of complying with the request if: (1) it is manifestly unfounded or excessive; or (2) you make requests
of further copies following a request of your data. In addition, we will rectify your personal data when it is incorrect or inaccurate, and we will ensure the
right to erasure, portability and to restriction of processing when these rights are not incompatible with other legal obligations.
Right to object. For all marketing materials, you can opt-out anytime, and free of charge. Each individual marketing email that we send out gives recipients
the chance to easily opt out of future marketing, but you can also contact us. The right to object for other processing activities will be balanced to ensure
that it is not incompatible with local regulations or our legitimate interests.
Right to withdraw consent at any time. When we use your information based on your consent, you have the right to withdraw such consent at any time.
• Rights in relation to automated decision making and profiling. Preventice does not engage in automated decision making including profiling.
Right to lodge a complaint with your supervisory authority. If you are not satisfied with our response or how we process your personal data, you can
complain to the data protection authority of your habitual residence, place of work or place of the alleged infringement.
You can exercise any of the above rights by contacting us using any of the methods in the Contact Information section below.


Preventice will attend to your request in a timely manner within thirty (30) days after receiving your request and appropriate identity-verifying information.
If for any reason we need to extend this time period, we will contact you.


7. DATA PROTECTION OFFICER


Preventice has appointed a Data Protection Officer.


For any inquiries regarding this notice or about our handling of your information, you can contact our Data Protection Officer via mail at: 1717 N. Sam
Houston Parkway West, Suite 100, Houston, TX 77038, Attn: Data Protection Officer; or via email at privacy@preventice.com.


8. CHILDREN’S DATA PROTECTION


Preventice does not knowingly solicit or collect personal information from or about children through its services or technologies except as permitted under
applicable law. Where consent may be required for purposes of a cardiac study or clinical research, parents or legal guardians must provide consent on
behalf of any minors (with the age of minority as determined by the relevant jurisdiction). This website is not intended for use by minors without the explicit
consent of a parent or legal guardian. If your child has submitted personal information and you would like to request that such information be deleted from
our records, you may do so by contacting us via the contact options below.


9. RETENTION PERIODS


Preventice applies the storage limitation principle to retain personal data in our records only for the length of time required to fulfill the purpose for which the data was collected. We will only retain your personal data for as long as it is necessary to achieve the purposes listed above, or alternatively, until you object to the processing of your data or withdraw the consent which you have previously provided. However, where Preventice is required by law, regulation or contractual obligation to retain your personal data longer, or where your personal data is required for Preventice to assert or defend against legal claims,
we will retain your personal data until the end of the relevant retention period or until the claims in question have been settled.


10. INTERNATIONAL TRANSFERS OF PERSONAL DATA


Preventice is based and established in the United States. The personal data we collect from you may be transferred to and stored outside of the European
Economic Area as it may be processed by Preventice or by our service providers located outside of the European Economic Area. If you are based in the
European Economic Area, please be informed that the United States is not on the list of countries that the European Commission considers adequate to
the protection of personal data. However, we transfer data based on Standard Contractual Clauses we entered with third parties and maintain appropriate
technical and organizational measures to ensure privacy and security to the extent possible.


11. CHANGES TO THIS PRIVACY POLICY


We may modify this policy at any time in our sole discretion, and all modifications will be effective immediately upon our posting of the modifications on this website. The time stamp you see on the policy will indicate the last date it was revised. If material changes are made, we will place a prominent notice on our website for at least thirty (30) days prior to the change taking effect, or, we will communicate with you directly by email.
Preventice remains accountable for onward transfers of EU, Swiss or United Kingdom personal data to third party agents acting on Preventice’s behalf,
where those parties have processed personal data in a manner inconsistent with the Principles, unless Preventice proves it is not responsible for the event.


12. OTHER WEBSITES


Our website contains links to other websites. This privacy policy only applies to this website, so when you link to other websites, you should read their own
privacy policies.


13. CONTACT INFORMATION


For additional information, concerns or questions about how your personal data is used, or to exercise any of your rights outlined above, please contact:


Preventice Solutions, Inc.
Attention: Data Protection Officer

1717 N. Sam Houston Parkway West, Suite 100
Houston, TX 77038
E-mail: privacy@preventice.com
Telephone: +1-281-760-0500 or +1-888-747-1442


Alternatively, you can also contact Preventice’s EU Representative for data processing matters:

VeraSafe Czech Republic s.r.o.
Klimentská 46
Prague 1, 11002
Czech Republic
Contact Form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Telephone: +420-228-881-031


VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Contact Form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Telephone: +44-2045-322003

Please note, when you contact us, you will be required to appropriately verify your identity.


14. COMPLAINTS


The U.S. Federal Trade Commission has jurisdiction over Preventice’s compliance with Privacy Shield. If you have an unresolved privacy or data use concern that Preventice has not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider, JAMS Privacy Shield Program, free of charge. Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.


Last Updated December 2020