DIADIA CONSUMER HEALTH DATA PRIVACY NOTICE

Effective Date: October 24^th, 2024

This Consumer Health Data Privacy Notice (the “Consumer Health Notice”) supplements the Diadia Privacy Notice and explains how Diadia Health (“Diadia,” “we,” “us,” or “our”) collects, uses, discloses, and otherwise processes Consumer Health Data (as defined below) of residents of the state of Washington or Nevada, or individuals whose Consumer Health Data is collected in those states with the Diadia mobile application (the “App”) and the related content, platforms, services, products, and other functionality offered on or through our services (collectively, the “Services”).

This Consumer Health Notice does not address privacy practices relating to Diadia job applicants, employees, and other personnel. Please note that this Consumer Health Notice is not a contract and does not create any legal rights or obligations not otherwise provided by law.

1. OUR COLLECTION AND USE OF CONSUMER HEALTH DATA

The term “Consumer Health Data” as used in this Consumer Health Privacy Notice means any personal information that is linked or reasonably linkable to you and that identifies your past, present, or future physical or mental health status as defined in the Washington My Health My Data Act or the Nevada Consumer Health Data Privacy Law (the “Consumer Health Privacy Laws”). The Consumer Health Data we collect depends on the context of your interactions with us and, in most cases, is information that you decide to share with us. This includes information collected through onboarding to the App, your communications with us, or from your other interactions with our Services. Consumer Health Data does not include information that is considered deidentified under the Consumer Health Privacy Laws.

Examples of Consumer Health Data that we may collect include:

• Measurements of bodily functions, vital signs, or characteristics, which may include biometric data (e.g., face scan).
• Information you share about your health-related conditions, symptoms, experiences, diagnoses, testing, or treatments. For example, if you upload lab results to our mobile application.
• Information that could identify your attempt to acquire or receive health care services or products.
• Other information that may be used to infer or derive data related to the above or other health-related information.

We may process and/or use your Consumer Health Data (including with your consent where required by the Consumer Health Privacy Laws) for the following purposes:

• To manage, provide, and improve the Services.
• To manage, provide, maintain, and improve the business.
• To respond to your questions, concerns, and other requests for assistance.
• To create anonymous, aggregated, or de-identified data.

We may also combine your Consumer Health Data with other personal information we collect directly from you or receive from other sources.

2. SOURCES OF CONSUMER HEALTH DATA

The Consumer Health Data we collect depends on the context of your interactions with our Services and, in most cases, is information that you decide to share with us.

With your permission, we may receive consumer health data about you from third parties and combine that with data we collect through our Services. For example, if you choose to connect your account to a third-party service, such as Dexcom or Abbott, we may collect consumer health data about you, such as your glucose readings; the date, time and device identifier associated with the glucose reading or thresholds that you input into the Services and any other information collected by the Services. The data we receive from these third parties is dependent upon that third party’s policies and your privacy settings on that third-party site. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services.

3. OUR DISCLOSURE OF CONSUMER HEALTH DATA

We may share the categories of Consumer Health Data set forth above as follows:

• *Affiliates: *We may share consumer health data with other companies and brands owned or controlled by Diadia, and other companies owned by or under common ownership as Diadia, in order to provide the Services.
• Service Providers: We work with a variety of service providers who help us process your Consumer Health Data, such as to facilitate the operation of our Services and to support our communications.
• Operational and Technology Support: We work with third parties that provide operational and technology support for our Services. In order to facilitate and in the process of receiving such support, we may disclose Consumer Health Data.
• Legal Obligations and Rights: We may disclose Consumer Health Data to third parties (including government agencies and legal counsel): in connection with the establishment, exercise, or defense of legal claims; to comply with laws or to respond to lawful requests and legal processes; to protect our rights and property and the rights and property of others, including to enforce our agreements and policies; to detect, suppress, or prevent fraud; to protect the health and safety of us and others; or as otherwise required by applicable law.
• With Your Consent: We may disclose Consumer Health Data about you to other service providers, third parties (including primary care physicians and doctors), or publicly with your consent or at your direction. For example, with an individual’s consent or at their direction we may share data with your primary care physician.

4. YOUR PRIVACY RIGHTS

The Laws provide the following rights with respect to Consumer Health Data we collect about you:

• Right to Access / Confirm: You may have the right to confirm whether we are collecting, sharing, or selling Consumer Health Data about you and with whom we may be disclosing such Consumer Health Data, and to access such data.
• Right to Withdraw Consent: If you have provided your consent for our processing or sharing of your Consumer Health Data, you may have the right to withdraw your consent.
• Right to Delete: You may have the right to request that we delete your Consumer Health Data and that all third parties to whom we have disclosed your Consumer Health Data delete such data.

5. HOW TO EXERCISE YOUR PRIVACY RIGHTS

To exercise any of the privacy rights set forth above or to review or request changes to data, please submit a request to privacy@diadiahealth.com.

Before processing your request, we will need to authenticate your identity. To authenticate your identity, we will generally require matching a minimum amount of information you provide us with the information we maintain about you in our systems. This process may require us to request additional information from you, including, but not limited to, your email address and phone number.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to authenticate your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for our decision.

6. APPEALING PRIVACY RIGHTS DECISIONS

If your request to exercise a right under the Laws is denied, you may appeal that decision by contacting us at privacy@diadiahealth.com. If the appeal is unsuccessful, you may raise a concern or lodge a complaint with the applicable State Attorney General:

• Washington: www.atg.wa.gov/file-complaint
• Nevada: www.ag.nv.gov/Complaint_Form

7. CHANGES TO THIS CONSUMER HEALTH DATA PRIVACY NOTICE

We may update this Consumer Health Notice from time to time. When we make changes to this Consumer Health Notice, we will notify you by changing the date at the beginning of this Consumer Health Notice. If we make material changes to this Consumer Health Notice, we will notify individuals by email to their registered email address, by prominent posting on this website or our other platforms, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise specified.