DIADIA PRIVACY NOTICE

Last Modified: October 24^th, 2024

This Privacy Notice explains how Diadia (“Diadia”, “we”, “us” or “our”) collects, uses, shares, and otherwise processes personal data in connection with our websites, including, Diadiahealth.com and other websites we own and operate that link to this Privacy Notice (the “Sites”), the Diadia mobile application (the “App”) and the related content, platforms, services, products, and other functionality offered on or through our services (collectively, the “Services”). This Privacy Notice does not address our privacy practices relating to Diadia job applicants, employees, and other personnel. Please note this Privacy Notice is not a contract and does not create any legal rights or obligations.

For information about how we collect, use, share, and otherwise process consumer health data, please review our Consumer Health Data Privacy Notice.

1. WHAT IS PERSONAL DATA?

When we use the term “personal data” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a person. It does not include aggregated, de-identified, or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to a person.

2. HOW WE COLLECT AND USE PERSONAL DATA

Personal Data Collected from Individuals

The categories of personal data we collect submitted to us by individuals through the Services may include:

• Account Information, including full name, email address, phone number, profile picture, and username and password. We use this information to administer and verify your account, provide you with the relevant Services-related information, communicate with you regarding your account and your use of the Services, and for customer support purposes.
• Payment Information, including information collected in connection with signing up for one of our Services that requires payment. Please note that we use third party payment processors, including through the Apple App Store and Stripe, to process credit card payments made to us. As such, we do not retain any personally identifiable financial information in connection with credit card payments, such as credit card numbers. Rather, all such information is provided directly by you to our third-party processor. The payment processor’s use of your personal data is governed by their privacy notice. Please see Stripe’s Privacy Notice here.
• Messages and User Content. You may upload or transmit audio, images, data, or information through your communications with us or your use of the Services (collectively, “User Content”). User Content and any information contained in the User Content, including personal data you may have included, is stored and collected as part of the Services. We use the User Content to operate, improve, personalize, and optimize the Services, and to manage and deliver advertising.
• Inquiry and Communications Information, including information provided in custom messages sent through the forms on our Services, in chat messages, to one of our email addresses, or other messaging platforms. This also includes contact information provided on our Services. We use this information to investigate and respond to your inquiries, and to communicate with you, to enhance the services we offer to our users and to manage and grow our organization.
• Newsletter and Marketing Emails Information, including email address, telephone number, and applicable interests and communication preferences. We use this information to manage our communications with you and send you information about products and services we think may be of interest to you. If you wish to stop receiving email messages from us, simply click the “unsubscribe link” provided at the bottom of the email communication or replying STOP to any text message. Note that you cannot unsubscribe from certain services-related email communications (e.g., account verification, confirmations of transactions, technical or legal notices).
• Feedback Information. We may also collect feedback and ratings you provide relating to our Services. We use this information to communicate with you, to conduct market research, inform our marketing and advertising activities and improve and grow our business.
• Business Representative Contact Information. If you are a business representative, we collect your information in connection with the performance of the agreement or potential agreement with us. This information may include your first name, last name, company contact information (e.g., email, phone, address), job title, and any other information related to the performance of the agreement with us.
• Other Information that you provide to us online or by phone, and use this information to respond to your request, provide you the requested services, and to inform our marketing and advertising campaigns.

Personal Data Automatically Collected

We may participate in interest-based advertising and use third party advertising companies to serve you targeted advertisements based on your browsing history. We may permit third-party online advertising networks, social media companies and other third-party services, to collect information about your use of our Services over time so that they may play or display ads on our Services, on other websites or services you may use, and on other devices you may use. Typically, though not always, the information used for interest-based advertising is collected through tracking technologies, such as cookies, web beacons, embedded scripts, location-identifying technologies, and similar technology, which recognize the device you are using and collect information, including click stream information, browser type, time and date you visited the Sites, AdID, and other similar information. We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help identify you across devices. We and our third-party partners may use this information to make the advertisements you see online more relevant to your interests, as well as to provide advertising-related services such as reporting, attribution, analytics and market research. We may also use services provided by third parties (such as social media platforms) to serve targeted ads to you and others on such platforms. We may do this by providing a hashed version of your email address or other information to the platform provider.

We may engage in the following activities and data collection:

• Information about the computer, tablet, smartphone or other device you use, such as your IP address, browser type, Internet service provider, device type/model/manufacturer, operating system, date and time stamp, and a unique ID that allows us to uniquely identify your browser, mobile device, or your account (including, for example, a persistent device identifier or an Ad ID), and other such information. We may also work with third-party partners to employ technologies, including the application of statistical modeling tools, which permit us to recognize and contact you across multiple devices.
• Information about the way you access and use our Services, for example, the site from which you came and the site to which you are going when you leave our Services, how frequently you access the Services, whether you open emails or click the links contained in emails, whether you access the services from multiple devices, and other browsing behavior and actions you take on the Sites.
• Information about how you use the Services, such as the pages you visit, the links you click, the ads you view and click on, videos you watch, and other similar actions. We may also use third-party tools to collect information you provide to us or information about how you use the Services and may record your mouse movements, scrolling, clicks and keystroke activity on the Services and other browsing, search or purchasing behavior. These tools may also record information you enter when you interact with our Services or engage in chat features through our Services.
• Information about your location, such as general geographic location that we or our third-party providers may derive from your IP address.
• Analytics information. We may collect analytics data or use third-party analytics tools such as Google Analytics to help us measure traffic and usage trends for the services and to understand more about the demographics of our users (including through the use of automated tools leveraging artificial intelligence (“AI”)). You can learn more about Google’s practices at http://www.google.com/policies/privacy/partners and view its opt-out options at https://tools.google.com/dlpage/gaoptout.

All of the information collected automatically through these tools allows us to improve your customer experience. For example, we may use this information to enhance and personalize your user experience, to monitor and improve our Services, and to improve the effectiveness of our Services, offers, advertising, communications and customer service. We may also use this information the data collected through tracking technologies to: (a) remember information so that you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized content and information, including targeted content and advertising; (c) identify you across multiple devices; (d) provide and monitor the effectiveness of our services; (e) monitor aggregate metrics such as total number of visitors, traffic, usage, and demographic patterns on our website; (f) diagnose or fix technology problems; (g) train and refine automated tools leveraging AI; and (h) otherwise to plan for and enhance our services.

If you would prefer not to accept cookies, most browsers will allow you to: (i) change your browser settings to notify you when you receive a cookie, which lets you choose whether or not to accept it; (ii) disable existing cookies; or (iii) set your browser to automatically reject cookies; however, doing so may negatively impact your experience using the services, as some features and services may not work properly. You may also set your email options to prevent the automatic downloading of images that may contain technologies that would allow us to know whether you have accessed our email and performed certain functions with it.

We and our third-party partners may also use cookies and tracking technologies for advertising purposes. For more information about tracking technologies, please see Third-Party Data Collection and Online Advertising below.

Personal Data from Third Parties

We also obtain personal data from third parties, which we often combine with personal data we collect either automatically or directly from an individual.

• Our Affiliates. We may receive personal data from other companies and brands owned or controlled by Diadia, and other companies owned by or under common ownership as Diadia.
• Your Employer / Company. If you engage in our Services through your employer or company, we may receive information from the company such as name and contact information.
• Other Users or Individuals Who Interact with Our Services: We may receive your information from other users or other individuals who interact with our Services. For example, if you engage in one of our communications hosted on third-party platforms, such as Facebook, we will be able to see any public communications made within that platform.
• Social Media: When an individual interacts with our Services through social media networks, such as when someone “Likes” us on Facebook or follows us or shares our content on Instagram, Facebook, Twitter, or other social networks, we may receive some information about individuals that they permit the social network to share with third parties. The data we receive is dependent upon an individual’s privacy settings with the social network, and may include your profile information, profile picture, gender, username, user ID associated with your social media account, age range, language, country, and any other information you permit the social network to share with third parties. Individuals should always review and, if necessary, adjust their privacy settings on third-party websites and social media networks and services before sharing information and/or linking or connecting them to other services. We use this information to operate, maintain, and provide to you the features and functionality of the Services, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.
• Service Providers: Our service providers that perform services solely on our behalf, such as audience measurement, marketing providers and payment processors, collect personal data and often share some or all of this information with us. The information may include contact information, demographic information, payment information, and information about your communications and related activities. We may use this information to administer and facilitate our services and our marketing activities.
• Business Partners: We may receive your information from our business partners, such as companies that offer their products and/or services on our Services. We may use this information to administer and facilitate our services and our marketing activities.
• Information We Receive from Authentication Services You Connect to Our Services: Some parts of our Services may allow you to login through a third-party social network or authentication service such as Apple or Google. These services will authenticate your identity and provide you the option to share certain personal data with us, which could include your name, email address, address book and contacts, or other information. The data we receive is dependent on that third party’s policies and your privacy settings on that third-party site. We use this information to operate, maintain, and provide to you the features and functionality of the Services. We may also send you service-related emails or messages (e.g., account verification, purchase confirmation, customer support, changes, or updates to features of the Site, technical and security notices).
• Health Information We Receive from Third-Party Services You Connect to Our Services. With your permission, we may receive health information about you from third parties and combine that with information we collect through our Services. For example, if you choose to connect your account to a third-party service, such as Dexcom or Abbott, we may collect health information about you, such as your glucose readings; the date, time and device identifier associated with the glucose reading or thresholds that you input into the Services and any other information collected by the Services (collectively, “Health Information”). The data we receive from these third parties is dependent upon that third party’s policies and your privacy settings on that third-party site. You should always review and, if necessary, adjust your privacy settings on third-party websites and services before linking or connecting them to our Services. For additional information please see our Consumer Health Data Privacy Notice.
• Other Sources. In addition to third-party data providers, we may also collect personal data about individuals that we do not otherwise have from, for example, publicly available sources, or through transactions such as mergers and acquisitions. We use this information to operate, maintain, and provide to you the features and functionality of the Services, as well as to communicate directly with you, such as to send you email messages about products and services that may be of interest to you.

Other Uses of Personal Data

In addition to the above, we may use personal data to:

• Fulfill or meet the reason the information was provided, such as to fulfill our contractual obligations, to deliver the Services you have requested, including through the use of artificial intelligence (“AI”) / generative AI and machine learning tools that may be integrated into our Services;
• Manage our organization and its day-to-day operations;
• Communicate with individuals, including via email, push notifications, social media, and in-app communications;
• Request individuals to complete surveys about our organization, organizations we partner with, and the Services;
• For marketing and advertising purposes, including to market to you or offer you through email and social media, updates on products or services we think that you may be interested in;
• Administer, improve, and personalize our Services, including by recognizing an individual and remembering their information when they return to our Services;
• Process payment for our Services;
• Facilitate customer benefits and services, including customer support;
• Identify and analyze how individuals use our Services;
• Conduct research and analytics on our customer and user base and our Services;
• Administer, identify, and facilitate potential product improvements or future product developments (including training and refining automated tools leveraging AI);
• Test, enhance, update, and monitor the Services, or diagnose or fix technology problems;
• Help maintain the safety, security and integrity of our property and Services, technology assets and business;
• To enforce our Terms of Use, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties;
• Prevent, investigate, or provide notice of fraud or unlawful or criminal activity;
• Comply with contractual and legal obligations and requirements;
• To fulfill any other purpose for which you provide personal data; and
• For any other lawful purpose, or other purpose that you consent to.

Where you choose to contact us, we may need additional information to fulfill the request or respond to inquiries. We may provide you with additional privacy-related information where the scope of the inquiry/request and/or personal data we require fall outside the scope of this Privacy Notice. In that case, the additional privacy notice will govern how we may process the information provided at that time.

3. OUR DISCLOSURE OF PERSONAL DATA

We may disclose your personal data with:

• With Affiliates: We may disclose personal data between and among Diadia and its current and future parents, affiliates, subsidiaries, and other companies under common control or ownership.
• Healthcare Providers: You can select and share your Health Information with a participating healthcare provider through the “Share with dctor” functionality on the app. Your healthcare provider can access the Health Information you choose to share with that healthcare provider. Any data you choose to share with your healthcare organization will be treated in accordance with that healthcare provider’s Notice of Privacy Practices and its privacy and security policies and procedures.
• Online Advertising Partners: We may also share personal data with advertising networks or permit these partners to collect information from you directly on our websites to facilitate online advertising, such as search engines and social network advertising providers to serve targeted ads to you or to groups of other users who share similar traits, such as likely commercial interests and demographics, on third-party platforms. For more information, including how to opt out of interest-based advertising, please see the Third-Party Data Collection and Online Advertising section below.
• Your Employer / Company: If you interact with our Services through your employer or company, we may disclose your information to your employer or company, including another representative of your employer or company.
• Service Providers: In addition to the third parties identified above, we engage other third-party service providers that perform business or operational services for us or on our behalf, such as website hosting, marketing providers, customer service and communications providers, infrastructure provisioning, IT services, analytics services, payment processing services, and administrative services.
• Business Transaction or Reorganization: We may take part in or be involved with a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. We may disclose personal data to a third-party during negotiation of, in connection with or as an asset in such a corporate business transaction. Personal data may also be disclosed in the event of insolvency, bankruptcy, or receivership, in compliance with applicable law.
• Legal Obligations and Rights: We may disclose personal data to third parties, such as legal advisors and law enforcement:
  • in connection with the establishment, exercise, or defense of legal claims;
  • to comply with laws or to respond to lawful requests and legal process;
  • to protect the rights and property of Diadia, our agents, customers, and others, including to enforce our agreements, policies, and our Terms of Use;
  • to detect, suppress, or prevent fraud;
  • to reduce credit risk and collect debts owed to us; to protect the health and safety of us, our customers, or any person; or as otherwise required by applicable law.
• With Your Consent or At Your Direction: We may disclose personal data about you to certain other third parties such as your healthcare provider or health insurance provider with your consent or at your direction.

4. AUTOMATIC DATA COLLECTION PREFERENCES

Where a Diadia-specific preference manager or privacy setting is not available, you may be able to utilize third-party tools and features to further restrict our use of automatic data collection technologies. For example, (i) most browsers allow you to change browser settings to limit automatic data collection technologies on websites, (ii) most email providers allow you to prevent the automatic downloading of images in emails that may contain automatic data collection technologies, and (iii) many devices allow you to change your device settings to limit automatic data collection technologies for device applications. Please note that blocking automatic data collection technologies through third-party tools and features may negatively impact your experience using our services, as some features and offerings may not work properly or at all. Depending on the third-party tool or feature you use, you may not be able to block all automatic data collection technologies, or you may need to update your preferences on multiple devices or browsers. We do not have any control over these third-party tools and features and are not responsible if they do not function as intended.

5. TARGETED ADVERTISING PREFERENCES

We engage third parties to help us facilitate targeted advertising designed to show you personalized ads based on predictions of your preferences and interests developed using personal data we maintain and personal data our third-party partners obtain from your activity over time and across nonaffiliated websites and other services. The data we and our third-party partners use for purposes of facilitating targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research, are primarily collected through the use of a variety of automatic data collection technologies, including cookies, web beacons, pixels, embedded scripts, mobile SDKs, location-identifying technologies and logging technologies. We may share a common account identifier (such as a hashed email address or user ID) with our third-party advertising partners to help link the personal data we and our third-party partners collect to the same person, or otherwise target advertising to an individual on a third-party website or platform.

In addition to taking the steps set forth in the Automatic Data Collection Preferences section above, you may be able to further exercise control over the advertisements that you see by leveraging one or more targeted advertising opt-out programs. For example:

• Device-Specific Opt-Out Programs. Certain devices provide individuals the option to turn off targeted advertising for the entire device (such as Apple devices through their App Tracking Transparency framework or Android devices through their opt out of ads personalization feature). Please refer to your device manufacturer’s user guides for additional information about implementing any available device-specific targeted advertising opt-outs.
• Digital Advertising Alliance. The Digital Advertising Alliance allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://www.optout.aboutads.info/?c=2&lang=EN for browser-based advertising and https://www.youradchoices.com/appchoices for app-based advertising to opt out of targeted advertising carried out by our third-party partners and other third parties that participate in the Digital Advertising Alliance’s self-regulatory program. In addition, third parties may still use cookies to collect information about your use of our Services, including for analytics and fraud prevention as well as any other purpose permitted under the DAA’s principles.
• Network Advertising Initiative. The Network Advertising Initiative similarly allows individuals to opt out of receiving online interest-based targeted advertisements from companies that participate in their program. Please follow the instructions at https://www.optout.networkadvertising.org/?c=1 to opt out of browser-based targeted advertising carried out by our third-party partners and other third parties that participate in the Network Advertising Initiative’s self-regulatory program.
• Platform-Specific Opt-Out Programs. Certain third-party platforms provide individuals the option to turn off targeted advertising for the entire platform (such as certain social media platforms). Please refer to your platform provider’s user guides for additional information about implementing any available platform-specific targeted advertising opt-outs.

Please note that when you opt out of receiving interest-based advertisements through one of these programs, this does not mean you will no longer see advertisements from us or on our services. Instead, it means that the online ads you do see from relevant program participants should not be based on your interests. We are not responsible for the effectiveness of, or compliance with, any third parties’ opt-out options or programs or the accuracy of their statements regarding their programs. In addition, program participants may still use automatic data collection technologies to collect information about your use of our services, including for analytics and fraud prevention as well as any other purpose permitted under the applicable advertising industry program.

Partner-Specific Preferences

Certain of our third-party providers and partners offer additional ways that you may exercise control over your personal data, or automatically impose limitations on the way we can use personal data in connection with the services they provide:

• Device-Specific / Platform-Specific Preferences: The device and/or platform you use to interact with us (such as your mobile device or social media provider), may provide you additional choices with regard to the data you choose to share with us. For example, many mobile devices allow you to change your device permissions to prevent our products and services from accessing certain types of information from your device (such as your contact lists or precise geolocation data), and many social media platforms allow you to change your platform permissions to prevent integrated products and services from accessing certain types of information connected with your profile. Please refer to your device or platform provider’s user guides for additional information about implementing any available platform-specific targeted advertising opt-outs.
• Google Analytics: Google Analytics allows us to better understand how our customers interact with our services.  For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google's website here: www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Add-On here: https://tools.google.com/dlpage/gaoptout/.

6. CONTROL OVER YOUR INFORMATON

• Modifying Account Information. If you have an account for our Services, you have the ability to modify certain information in your account, through the account setting page or a similar option provided on the Services. If you have any questions about modifying or updating any information in your account, please contact us at privacy@diadiahealth.com.
• Sharing of Health Information with Healthcare Providers. To share your Health Information with a healthcare provider, open the app, tap on the “Share” functionality, and then tap on the healthcare provider. You will need to do this every time you would like to share Health Information with a provider. Please see our Consumer Health Data Privacy Notice for additional information.
• Access to Your Device Information. You may control the Services’ access to your device information through your “Settings” app on your device. For instance, you can withdraw permission for the Services to access your microphone, network devices and geolocation and to integrate with your other applications.
• Email Communications Preferences. You can stop receiving promotional email communications from us by clicking on the “unsubscribe” link provided in such communications. You may not opt-out of service-related communications (e.g., account verification, transactional communications, changes/updates to features of the Services, technical and security notices).
• Phone Communication Preferences. You can stop receiving promotional phone communications from us by informing the caller you no longer wish to receive promotional phone calls from us, following the instructions provided on the call for opting out of promotional phone calls (where available), or replying STOP to any one of our promotional text messages. Please note we may need to continue to communicate with you via phone for certain service-related messages (such as, sending a verification code to your phone via call or text for purposes of verifying the authenticity of a log-in attempt).
• Push Notifications. You can stop receiving push notifications from us by changing your preferences in the iOS or Android notifications settings menu.

Withdrawing Your Consent

Where we have your consent for the processing of your personal data (e.g., when you opt in to receive certain types of marketing communications from us), you may withdraw your consent by following the instructions provided when your consent was requested or by contacting us as set forth in the Contact Us section below.

7. REGION-SPECIFIC DISCLOSURES

We may choose or be required by law to provide different or additional information relating to the processing of personal data (as defined below) about residents of certain countries, regions or states. Please refer below to “Additional United States Privacy Disclosures” for additional information that may be applicable to you.

8. LINKS TO THIRD-PARTY WEBSITES AND SERVICES

For your convenience, our Services may provide links to third-party websites or services that we do not own or operate. We are not responsible for the practices employed by any websites or services linked to or from the services, including the information or content contained within them. Your browsing and interaction on any other website or service are subject to the applicable third party’s rules and policies, not ours. If you are using a third-party website or service, you do so at your own risk. We encourage you to review the privacy policies of any site or service before providing any personal data.

9. CHILDREN’S PRIVACY

Our services are not intended for children under the age of 16. We do not knowingly solicit or collect personal data from children under the age of 16. If we learn that any personal data has been collected inadvertently from a child under 16 we will delete the information as soon as possible. If you believe that we might have collected information from a child under 16, please contact us at privacy@diadiahealth.com.

10. SECURITY OF PERSONAL DATA

We have implemented reasonable physical, technical, and organizational safeguards that are designed to protect your personal data. However, despite these controls, we cannot completely ensure or warrant the security of your personal data.

11. DATA RETENTION

We will usually retain the personal data we collect about you for no longer than reasonably necessary to fulfill the purposes for which it was collected, and in accordance with our legitimate business interests and applicable law. However, if necessary, we may retain personal data for longer periods of time as required under applicable law or as needed to resolve disputes or protect our legal rights.

Notwithstanding the foregoing, we destroy biometric data when the initial purpose for its collection has been satisfied or within 3 years of your last interaction with Diadia (whichever comes first), except as required by applicable law.

To determine the appropriate duration of the retention of personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of personal data and if we can attain our objectives by other means, as well as our legal, regulatory, tax, accounting, and other applicable obligations.

Once retention of the personal data is no longer reasonably necessary for the purposes outlined above, we will either delete or deidentify the personal data or, if that is not possible (for example, because personal data has been stored in backup archives), we will securely store the personal data and isolate it from further active processing until deletion or deidentification is possible.

12. CHANGES TO THIS PRIVACY NOTICE

We reserve the right to change this Privacy Notice from time to time at our sole discretion. We will notify you about material changes in the way we treat personal data by sending a notice to the primary email address specified in your Diadia account, by updating the “Last Updated” date at the top of this Privacy Notice, and/or by placing a prominent notice on our Sites. It is your responsibility to review this Privacy Notice periodically.

13. CONTACT US

If you have any questions regarding this Privacy Notice, or any other privacy-related questions, please send an email to privacy@diadiahealth.com.

ADDITIONAL UNITED STATES PRIVACY DISCLOSURES

These disclosures supplement the information contained in our Privacy Notice by providing additional information about our personal data processing practices relating to individual residents of certain states in the United States. For a detailed description of how we collect, use, disclose, and otherwise process personal data, please read our Privacy Notice and our Consumer Health Data Privacy Notice.

Nevada Residents

If you are a resident of the state of Nevada in the United States, you have the right to opt out of the sale of your personal data. Although we do not currently sell personal data of Nevada residents (as defined under Nevada law), you may submit a request to opt-out of the sale of your personal data by contacting us at privacy@diadiahealth.com with the subject line “Nevada Opt Out Request.”

Please review our Consumer Health Data Privacy Notice, which can be found here.

Connecticut Residents

If you are a resident of the state of Connecticut, the following supplementary disclosures apply to you.

Personal Data Disclosures, Sales and Targeted Advertising

We disclose all of the categories of personal data we collect to the categories of recipients set forth in the Our Disclosure of Personal Data section of our Privacy Notice. Our disclosure of personal data to the following categories of third parties may qualify as the sale of personal data or the sharing or processing of personal data for the purpose of displaying advertisements that are selected based on personal data obtained or inferred over time from an individual’s activities across businesses or distinctly-branded websites, applications, or other services (otherwise known as “targeted advertising” or “cross-context behavioral advertising”) under certain privacy laws:

• Online Advertising Partners: Analytics information

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal data or the processing of personal data for purposes of targeted advertising (as described in the Your Additional U.S. Privacy Choices section below).

Please note we do not sell the personal data of individuals we know to be less than 16 years of age or share such information for targeted advertising purposes.

Sensitive Personal Data

The following personal data elements we collect may be classified as “sensitive” under certain privacy laws:

• Account log-in, financial account, debit card or credit card number in combination with any required security or access code, password or credentials allowing access to an account
• Race
• Biometric data
• Health data, including information regarding an individual’s medical history, mental or physical health condition, or medical treatment or diagnosis

We use sensitive personal data for the purposes set forth in the How We Collect and Use Personal Data section of our Privacy Notice.

We do not sell sensitive personal data, and we do not process or otherwise share sensitive personal data for the purpose of targeted advertising.

Deidentified Information

We may at times receive, or process personal data to create, deidentified information that can no longer reasonably be used to infer information about, or otherwise be linked to, a particular individual or household. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

Automated Decision-Making and Profiling

We do not conduct automated processing of personal data for the purposes of evaluating, analyzing, or predicting an individual’s personal aspects in furtherance of decisions that produce legal or similarly significant effects. As a result, we do not provide a right to exercise control over such forms of automated decision-making and profiling.

Your Additional U.S. Privacy Choices

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the following rights:

• Right to Know: The right to confirm whether we are processing personal data about you.
• Right to Access & Portability: The right to obtain access to the personal data we have collected about you and, where required by law, the right to obtain a copy of the personal data in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance.
• Right to Correction: The right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing of the personal data.
• Right to Control Over Automated Decision-Making / Profiling: The right to direct us not to use automated decision-making or profiling for certain purposes.
• Right to Opt-Out of Targeted Advertising: The right to direct us not to use or share personal data for certain targeted advertising purposes.
• Right to Opt-Out of Sales: The right to direct us not to sell personal data to third parties.
• Right to Deletion: The right to have us delete personal data we maintain about you.

You may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

Submitting Privacy Rights Requests

Please submit a request specifying the right you wish to exercise by:

• Emailing us at privacy@diadiahealth.com

Before processing your request to exercise certain rights (including the Right to Know, Access & Portability, Correction, and Deletion), we will need to verify your identity and confirm you are a resident of a state that offers the requested right(s). In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems.

In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or where you are not a resident of one of the eligible states.

Submitting Authorized Agent Requests

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.

Appealing Privacy Rights Decisions

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request. All appeal requests should be submitted by replying to the communication resolving your original request.